From patchwork Sat Oct 26 22:47:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Nicolas Graves X-Patchwork-Id: 69525 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 113E727BBE2; Sat, 26 Oct 2024 23:48:54 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 07D7227BBE9 for ; Sat, 26 Oct 2024 23:48:53 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t4paB-0002SU-Gy; Sat, 26 Oct 2024 18:48:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4pa9-0002Re-Lb for guix-patches@gnu.org; Sat, 26 Oct 2024 18:48:29 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t4pa9-0008Hj-Cw for guix-patches@gnu.org; Sat, 26 Oct 2024 18:48:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=MvleLNQc473pQsDjh4F3DQVcoAJ3ewkvzcMrUxKE8ss=; b=d0RU8FtBM18XNBEUbLV0odeVv62ezqv4LUv09qrFhphJtM87xhaE/UHCEcELFYgFmjjn7f35Fvv9wNIHYepa+lRr7snlNWBPl9vUM1l49LVAj4vZ0vCXsT6HS0duwZOgOv3GMkzBuaszchZ3Xrx+I9c63cafm1HctooMrvzd3H3PuxJbxnYCRYKW61ZG5AhYI163o181ZM94irEGHIM7yqUuzP1yFbhUfITtUqXPFUvY6cmHGb9Kt1fDjKBCAxB/JKTU5ncuhy1dAtoF56X7tptTcc6nLJg0meYKoC7cAR4XcVslTZc+wQmWEY04M1GhQBuI/GdDdIT57PLq9EJLrQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t4pah-00075z-9N for guix-patches@gnu.org; Sat, 26 Oct 2024 18:49:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#74038] [PATCH 3/3] gnu: postgresql-15/16: Add and update packages. [security fixes] Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 26 Oct 2024 22:49:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74038 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74038@debbugs.gnu.org Cc: Nicolas Graves Received: via spool by 74038-submit@debbugs.gnu.org id=B74038.172998290227206 (code B ref 74038); Sat, 26 Oct 2024 22:49:03 +0000 Received: (at 74038) by debbugs.gnu.org; 26 Oct 2024 22:48:22 +0000 Received: from localhost ([127.0.0.1]:43142 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4pa1-00074j-RU for submit@debbugs.gnu.org; Sat, 26 Oct 2024 18:48:22 -0400 Received: from 7.mo584.mail-out.ovh.net ([178.33.253.54]:33393) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4pZw-00074U-4u for 74038@debbugs.gnu.org; Sat, 26 Oct 2024 18:48:17 -0400 Received: from director4.ghost.mail-out.ovh.net (unknown [10.109.139.3]) by mo584.mail-out.ovh.net (Postfix) with ESMTP id 4XbZY93Kkrz1PD3 for <74038@debbugs.gnu.org>; Sat, 26 Oct 2024 22:47:41 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-r9hh7 (unknown [10.110.178.103]) by director4.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 429861FE64; Sat, 26 Oct 2024 22:47:41 +0000 (UTC) Received: from ngraves.fr ([37.59.142.96]) by ghost-submission-5b5ff79f4f-r9hh7 with ESMTPSA id H0q6B41xHWfZaBkANT5Cbw (envelope-from ); Sat, 26 Oct 2024 22:47:41 +0000 Authentication-Results: garm.ovh; auth=pass (GARM-96R0016e4623e5-a8a5-40fb-8329-24169e4977b3, E6BF9B87AE7FBE7894246B3B643E76DCC103CD4C) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 86.246.19.221 Date: Sun, 27 Oct 2024 00:47:24 +0200 Message-ID: <20241026224730.981-3-ngraves@ngraves.fr> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20241026224730.981-1-ngraves@ngraves.fr> References: <20241026224730.981-1-ngraves@ngraves.fr> MIME-Version: 1.0 X-Ovh-Tracer-Id: 8182196100965655266 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeftddrvdejhedgudegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffojghfgggtgfesthekredtredtjeenucfhrhhomheppfhitgholhgrshcuifhrrghvvghsuceonhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrqeenucggtffrrghtthgvrhhnpeevjeehuefghefhjedvtedtieegkedtjeetffegjeeuvddttefguddvhefghfeggeenucffohhmrghinhepphhoshhtghhrvghsqhhlrdhorhhgnecukfhppeduvdejrddtrddtrddupdekiedrvdegiedrudelrddvvddupdefjedrheelrddugedvrdelieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdhnsggprhgtphhtthhopedupdhrtghpthhtohepjeegtdefkeesuggvsggsuhhgshdrghhnuhdrohhrghdpoffvtefjohhsthepmhhoheekgedpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=MvleLNQc473pQsDjh4F3DQVcoAJ3ewkvzcMrUxKE8ss=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1729982861; v=1; b=LCewX5PVt9nfSwAj323iYcinN3KYLOuo9NEEkbZDdyNw9gxOdX+t6LGNWQ0Ca03pJED8K3oJ v91LJQk8CA9z55Vv4V70Rn2u5yQVC4KsTKkJO0WNs0qM4AIhNZ1LIr835PbPHBlYYKfmMmv6aLC dlgSgFLHDqx0bD2fU9dAP2+q6TUiWun9IYGDVqp3i6K0ej9UrBhfRaJXYOTZiJqtUXF6uLI/BBl xjVIsiWNKVjy4y3vHgY+Yyk3GXi8Z0E652djHBViQaVoGhfBYSI0HtnuEWwODCYxf1xizT1oj5b ejPgLRa/jmi8CV3OKM+rFfTa4D8MZ5UrHSZoF8UwzYbcA== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches X-Patchwork-Original-From: Nicolas Graves via Guix-patches via From: Nicolas Graves Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches This fixes CVE-2024-7348. * /gnu/packages/databases.scm (postgresql-15): Move from here… (postgresql-16): …to here. [version]: Update to 16.4. [source]: Adapt source and add patch. [native-inputs]: Add pkg-config. [inputs]: Add icu4c. * gnu/packages/patches/postgresql-disable-normalize_exec_path.patch: Add patch here... * gnu/local.mk: ...and here. --- gnu/local.mk | 1 + gnu/packages/databases.scm | 34 +++++++++++++++---- ...stgresql-disable-normalize_exec_path.patch | 22 ++++++++++++ 3 files changed, 51 insertions(+), 6 deletions(-) create mode 100644 gnu/packages/patches/postgresql-disable-normalize_exec_path.patch diff --git a/gnu/local.mk b/gnu/local.mk index 1a69a22aba..9b6619a49e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1980,6 +1980,7 @@ dist_patch_DATA = \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/postgresql-disable-resolve_symlinks.patch \ + %D%/packages/patches/postgresql-disable-normalize_exec_path.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ %D%/packages/patches/procmail-CVE-2014-3618.patch \ %D%/packages/patches/procmail-CVE-2017-16844.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 17b7a97f87..96eb4b99b5 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -1289,18 +1289,19 @@ (define-public galera (license license:gpl2))) ;'COPYING' says "version 2" only ;; Don't forget to update the other postgresql packages when upgrading this one. -(define-public postgresql-15 +(define-public postgresql-16 (package (name "postgresql") - (version "15.7") + (version "16.4") (source (origin (method url-fetch) (uri (string-append "https://ftp.postgresql.org/pub/source/v" version "/postgresql-" version ".tar.bz2")) (sha256 (base32 - "1xwq1592k1r64ki9bmkcyw39416kymabdfxbkpiqaqxbhnaf8vx4")) - (patches (search-patches "postgresql-disable-resolve_symlinks.patch")))) + "0vvd73rzj0sl294v15bh8yslakqv412bxqzlkqxyjwxa8pb6c5wp")) + (patches (search-patches + "postgresql-disable-normalize_exec_path.patch")))) (build-system gnu-build-system) (arguments (list @@ -1338,8 +1339,10 @@ (define-public postgresql-15 (invoke "make" "postgres.info") (install-file "postgres.info" (string-append #$output "/share/info")))))))) - (native-inputs (list docbook-xml-4.5 docbook2x libxml2 perl texinfo)) - (inputs (list readline `(,util-linux "lib") openssl zlib)) + (native-inputs + (list docbook-xml-4.5 docbook2x libxml2 perl pkg-config texinfo)) + (inputs + (list icu4c readline `(,util-linux "lib") openssl zlib)) (home-page "https://www.postgresql.org/") (synopsis "Powerful object-relational database system") (description @@ -1351,6 +1354,25 @@ (define-public postgresql-15 pictures, sounds, or video.") (license (license:x11-style "file://COPYRIGHT")))) +(define-public postgresql-15 + (package + (inherit postgresql-16) + (name "postgresql") + (version "15.8") + (source (origin + (inherit (package-source postgresql-16)) + (uri (string-append "https://ftp.postgresql.org/pub/source/v" + version "/postgresql-" version ".tar.bz2")) + (sha256 + (base32 + "0snbxmlygf7m4cxjpscmz3yjn4lnqsw313y9xgpv7vk9k9gm20s4")) + (patches (search-patches + "postgresql-disable-resolve_symlinks.patch")))) + (native-inputs (modify-inputs (package-native-inputs postgresql-16) + (delete "pkg-config"))) + (inputs (modify-inputs (package-inputs postgresql-16) + (delete "icu4c"))))) + (define-public postgresql-14 (package (inherit postgresql-15) diff --git a/gnu/packages/patches/postgresql-disable-normalize_exec_path.patch b/gnu/packages/patches/postgresql-disable-normalize_exec_path.patch new file mode 100644 index 0000000000..0397bd5a35 --- /dev/null +++ b/gnu/packages/patches/postgresql-disable-normalize_exec_path.patch @@ -0,0 +1,22 @@ +diff --git a/src/common/exec.c b/src/common/exec.c +index f209b93..ed42202 100644 +--- a/src/common/exec.c ++++ b/src/common/exec.c +@@ -238,6 +238,14 @@ find_my_exec(const char *argv0, char *retpath) + static int + normalize_exec_path(char *path) + { ++ /* ++ * Guix specific patch: postgresql extensions need to be located in the ++ * same directory as postgresql. ++ * In Guix we currently use directory-unions to create extended postgresql ++ * packages. Directory unions use symlinks, that's why we need to be able ++ * to use symlinks. ++ */ ++ return 0; + /* + * We used to do a lot of work ourselves here, but now we just let + * realpath(3) do all the heavy lifting. +-- +2.46.0 +