From patchwork Sun May 12 12:25:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marius Bakke X-Patchwork-Id: 13964 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 3DFD716FD4; Sun, 12 May 2019 13:27:11 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 70D1F16F4A for ; Sun, 12 May 2019 13:27:07 +0100 (BST) Received: from localhost ([127.0.0.1]:42747 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hPnZJ-0003Eo-V2 for patchwork@mira.cbaines.net; Sun, 12 May 2019 08:27:05 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42725) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hPnZH-0003Ei-7g for guix-patches@gnu.org; Sun, 12 May 2019 08:27:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hPnZG-0004Qu-4n for guix-patches@gnu.org; Sun, 12 May 2019 08:27:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:56757) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hPnZG-0004Qj-1r for guix-patches@gnu.org; Sun, 12 May 2019 08:27:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hPnZF-0005YJ-Q3 for guix-patches@gnu.org; Sun, 12 May 2019 08:27:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#35698] [PATCH] gnu: postgresql: Replace with 10.8 [security fixes]. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 12 May 2019 12:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 35698 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 35698@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.155766397321282 (code B ref -1); Sun, 12 May 2019 12:27:01 +0000 Received: (at submit) by debbugs.gnu.org; 12 May 2019 12:26:13 +0000 Received: from localhost ([127.0.0.1]:42068 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hPnYT-0005XC-AA for submit@debbugs.gnu.org; Sun, 12 May 2019 08:26:13 -0400 Received: from eggs.gnu.org ([209.51.188.92]:56407) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hPnYR-0005Wx-Fq for submit@debbugs.gnu.org; Sun, 12 May 2019 08:26:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:45176) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hPnYM-0003q2-Bd for submit@debbugs.gnu.org; Sun, 12 May 2019 08:26:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42551) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hPnYL-00033j-8F for guix-patches@gnu.org; Sun, 12 May 2019 08:26:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hPnYK-0003p3-4F for guix-patches@gnu.org; Sun, 12 May 2019 08:26:05 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:54007) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hPnYJ-0003oH-Rb for guix-patches@gnu.org; Sun, 12 May 2019 08:26:04 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 4DA0B207E1 for ; Sun, 12 May 2019 08:26:02 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sun, 12 May 2019 08:26:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=fm2; bh=kiQTPRytPv0njNzlBHnJPPZ/nK P3Xge17qVsPhO+GKM=; b=DqOy5zJNpbE1KUk3sONvl+0+oh6VrCYh6rMBl+hd7s W+2M8jV3EQiVja8gaC8XKV49ZB0uMRISGRcStrXRaPzG1wr5P3J1/+H32tPJkz76 mIUfGiEHdp/vi1SwYKihdRsEuCOC1cva4PEegXpUlXTwV1Cqc2a/OHnwrJmT+x7u GBRziSEoLFLH75sU4EB5n2Zk7mFUjTlwAs1g1eIax7Wu4WNwQCYpbjArlwsLCsfB 5EWS9CdX2Uj7I4LC5Q3qtrYTHspVh9VA2A4tKA4pgOuMM8fgh5eoWW0GA3QI5hLw 0p8SW7j7rMu20gVw26/QV5N5kqTqX20Ng5N0XyeVvahQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=kiQTPRytPv0njNzlB HnJPPZ/nKP3Xge17qVsPhO+GKM=; b=v42DMRQykbq2s8MDcGH/x2OKsXW9NBOYO nE59bNdOAXeEymeGtoyun5NpB+cMkJY72Cn0MRMpV9MaaY888wBzh0w6hkos+erz 77dghHESGLQT//LMW+OoxdN3JBh9Xhua4LdpKyXN9tEJyzX7tC72P6l7feKt/UdQ H3E59hnIZrOSHSOVrp+xxDRtZQ237F8WgHGigSxpBHMaQn6JshSoTwmoSI5QxjJh dGip8ZNs7cLwG/GE8RDK7JrSiE4ICTqjq3J8MqnPQTt0DEqekgqn0xia/SQFWikU wjCIGabzVPoBBmOrOpf6o6PSAygEJ6SBCF1AN28gaRHS7vMeDmx9Q== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrledvgdehfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffoggfgsedtkeertdertd dtnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhkvgesfhgrshhtmhgr ihhlrdgtohhmqeenucffohhmrghinhepphhoshhtghhrvghsqhhlrdhorhhgnecukfhppe eivddrudeirddvvdeirddugedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmsggrkhhk vgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 8078280061 for ; Sun, 12 May 2019 08:26:01 -0400 (EDT) From: Marius Bakke Date: Sun, 12 May 2019 14:25:50 +0200 Message-Id: <20190512122550.3499-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches This fixes CVE-2019-10129 and CVE-2019-10130. * gnu/packages/databases.scm (postgresql)[replacement]: New field. (postgresql-10.8): New variable. --- gnu/packages/databases.scm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index b632f05db4..295395f035 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -800,6 +800,7 @@ as a drop-in replacement of MySQL.") (package (name "postgresql") (version "10.7") + (replacement postgresql-10.8) (source (origin (method url-fetch) (uri (string-append "https://ftp.postgresql.org/pub/source/v" @@ -842,6 +843,22 @@ TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video.") (license (license:x11-style "file://COPYRIGHT")))) +;; This release fixes CVE-2019-10129 and CVE-2019-10130. See +;; for details. +;; TODO: Remove this in the next rebuild cycle. +(define-public postgresql-10.8 + (package + (inherit postgresql) + (version "10.8") + (source (origin + (method url-fetch) + (uri (string-append "https://ftp.postgresql.org/pub/source/v" + version "/postgresql-" version ".tar.bz2")) + (sha256 + (base32 + "0pfdmy4w95b49w9rkn8dwvzmi2brpqfvbxd04y0k0s0xvymc565i")) + (patches (search-patches "postgresql-disable-resolve_symlinks.patch")))))) + (define-public postgresql-9.6 (package (inherit postgresql)