[PATCH 0/3] Update postgresql packages.

  • Done
  • quality assurance status badge
Details
One participant
  • Nicolas Graves
Owner
unassigned
Submitted by
Nicolas Graves
Severity
normal
N
N
Nicolas Graves wrote on 27 Oct 00:36 +0200
(address . guix-patches@gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026223653.27927-1-ngraves@ngraves.fr
This patch series updates all postgresql packages.

Nicolas Graves (3):
gnu: postgresql-13: Update to 13.16. [security fixes]
gnu: postgresql-14: Update to 14.13.
gnu: postgresql-15/16: Add and update packages. [security fixes]

gnu/local.mk | 1 +
gnu/packages/databases.scm | 42 ++++++++++++++-----
...stgresql-disable-normalize_exec_path.patch | 22 ++++++++++
3 files changed, 55 insertions(+), 10 deletions(-)
create mode 100644 gnu/packages/patches/postgresql-disable-normalize_exec_path.patch

--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:47 +0200
[PATCH 1/3] gnu: postgresql-13: Update to 13.16. [security fixes]
(address . 74038@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224730.981-1-ngraves@ngraves.fr
This fixes CVE-2024-7348.

* gnu/packages/databases.scm (postgresql-13): Update to 13.16.
---
gnu/packages/databases.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 06158f19e7..f2eb58649a 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1367,14 +1367,14 @@ (define-public postgresql-14
(define-public postgresql-13
(package
(inherit postgresql-14)
- (version "13.15")
+ (version "13.16")
(source (origin
(inherit (package-source postgresql-14))
(uri (string-append "https://ftp.postgresql.org/pub/source/v"
version "/postgresql-" version ".tar.bz2"))
(sha256
(base32
- "09f99rp5q1xp769r71if9ckb4cbm0nnx2xmy8b1bhcvd8hax9va2"))))))
+ "0rc8rpsw2lwa5af35zd8iifah02wg2rnn1i890h2h8zh55hvpjy9"))))))
(define-deprecated/public postgresql-11 #f
(package
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:47 +0200
[PATCH 2/3] gnu: postgresql-14: Update to 14.13.
(address . 74038@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224730.981-2-ngraves@ngraves.fr
* gnu/packages/databases.scm (postgresql-14): Update to 14.13.
---
gnu/packages/databases.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index f2eb58649a..17b7a97f87 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1355,14 +1355,14 @@ (define-public postgresql-14
(package
(inherit postgresql-15)
(name "postgresql")
- (version "14.6")
+ (version "14.13")
(source (origin
(inherit (package-source postgresql-15))
(uri (string-append "https://ftp.postgresql.org/pub/source/v"
version "/postgresql-" version ".tar.bz2"))
(sha256
(base32
- "08nzkq321fzfi8ba8gck9zxxg7xvv8vz3mbl4avrmlq933y4122h"))))))
+ "0misc5yiklflz96n7wxcdzzg0lcc4ahd0flzqsg6mcjs955krajr"))))))
(define-public postgresql-13
(package
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:47 +0200
[PATCH 3/3] gnu: postgresql-15/16: Add and update packages. [security fixes]
(address . 74038@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224730.981-3-ngraves@ngraves.fr
This fixes CVE-2024-7348.

* /gnu/packages/databases.scm
(postgresql-15): Move from here…
(postgresql-16): …to here.
[version]: Update to 16.4.
[source]: Adapt source and add patch.
[native-inputs]: Add pkg-config.
[inputs]: Add icu4c.

* gnu/packages/patches/postgresql-disable-normalize_exec_path.patch:
Add patch here...
* gnu/local.mk: ...and here.
---
gnu/local.mk | 1 +
gnu/packages/databases.scm | 34 +++++++++++++++----
...stgresql-disable-normalize_exec_path.patch | 22 ++++++++++++
3 files changed, 51 insertions(+), 6 deletions(-)
create mode 100644 gnu/packages/patches/postgresql-disable-normalize_exec_path.patch

Toggle diff (109 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 1a69a22aba..9b6619a49e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1980,6 +1980,7 @@ dist_patch_DATA = \
%D%/packages/patches/portaudio-audacity-compat.patch \
%D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/postgresql-disable-resolve_symlinks.patch \
+ %D%/packages/patches/postgresql-disable-normalize_exec_path.patch \
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
%D%/packages/patches/procmail-CVE-2014-3618.patch \
%D%/packages/patches/procmail-CVE-2017-16844.patch \
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 17b7a97f87..96eb4b99b5 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1289,18 +1289,19 @@ (define-public galera
(license license:gpl2))) ;'COPYING' says "version 2" only
;; Don't forget to update the other postgresql packages when upgrading this one.
-(define-public postgresql-15
+(define-public postgresql-16
(package
(name "postgresql")
- (version "15.7")
+ (version "16.4")
(source (origin
(method url-fetch)
(uri (string-append "https://ftp.postgresql.org/pub/source/v"
version "/postgresql-" version ".tar.bz2"))
(sha256
(base32
- "1xwq1592k1r64ki9bmkcyw39416kymabdfxbkpiqaqxbhnaf8vx4"))
- (patches (search-patches "postgresql-disable-resolve_symlinks.patch"))))
+ "0vvd73rzj0sl294v15bh8yslakqv412bxqzlkqxyjwxa8pb6c5wp"))
+ (patches (search-patches
+ "postgresql-disable-normalize_exec_path.patch"))))
(build-system gnu-build-system)
(arguments
(list
@@ -1338,8 +1339,10 @@ (define-public postgresql-15
(invoke "make" "postgres.info")
(install-file "postgres.info"
(string-append #$output "/share/info"))))))))
- (native-inputs (list docbook-xml-4.5 docbook2x libxml2 perl texinfo))
- (inputs (list readline `(,util-linux "lib") openssl zlib))
+ (native-inputs
+ (list docbook-xml-4.5 docbook2x libxml2 perl pkg-config texinfo))
+ (inputs
+ (list icu4c readline `(,util-linux "lib") openssl zlib))
(home-page "https://www.postgresql.org/")
(synopsis "Powerful object-relational database system")
(description
@@ -1351,6 +1354,25 @@ (define-public postgresql-15
pictures, sounds, or video.")
(license (license:x11-style "file://COPYRIGHT"))))
+(define-public postgresql-15
+ (package
+ (inherit postgresql-16)
+ (name "postgresql")
+ (version "15.8")
+ (source (origin
+ (inherit (package-source postgresql-16))
+ (uri (string-append "https://ftp.postgresql.org/pub/source/v"
+ version "/postgresql-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "0snbxmlygf7m4cxjpscmz3yjn4lnqsw313y9xgpv7vk9k9gm20s4"))
+ (patches (search-patches
+ "postgresql-disable-resolve_symlinks.patch"))))
+ (native-inputs (modify-inputs (package-native-inputs postgresql-16)
+ (delete "pkg-config")))
+ (inputs (modify-inputs (package-inputs postgresql-16)
+ (delete "icu4c")))))
+
(define-public postgresql-14
(package
(inherit postgresql-15)
diff --git a/gnu/packages/patches/postgresql-disable-normalize_exec_path.patch b/gnu/packages/patches/postgresql-disable-normalize_exec_path.patch
new file mode 100644
index 0000000000..0397bd5a35
--- /dev/null
+++ b/gnu/packages/patches/postgresql-disable-normalize_exec_path.patch
@@ -0,0 +1,22 @@
+diff --git a/src/common/exec.c b/src/common/exec.c
+index f209b93..ed42202 100644
+--- a/src/common/exec.c
++++ b/src/common/exec.c
+@@ -238,6 +238,14 @@ find_my_exec(const char *argv0, char *retpath)
+ static int
+ normalize_exec_path(char *path)
+ {
++ /*
++ * Guix specific patch: postgresql extensions need to be located in the
++ * same directory as postgresql.
++ * In Guix we currently use directory-unions to create extended postgresql
++ * packages. Directory unions use symlinks, that's why we need to be able
++ * to use symlinks.
++ */
++ return 0;
+ /*
+ * We used to do a lot of work ourselves here, but now we just let
+ * realpath(3) do all the heavy lifting.
+--
+2.46.0
+
--
2.46.0
N
N
Nicolas Graves wrote on 12 Nov 18:06 +0100
control message for bug #74038
(address . control@debbugs.gnu.org)
87ikss4c1s.fsf@ngraves.fr
close 74038
quit

Applied in 09bbdc3ead~3.


--
Best regards,
Nicolas Graves
?
Your comment

This issue is archived.

To comment on this conversation send an email to 74038@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 74038
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch