GNU bug report logs -
#35698
[PATCH] gnu: postgresql: Replace with 10.8 [security fixes].
Previous Next
Reported by: Marius Bakke <mbakke <at> fastmail.com>
Date: Sun, 12 May 2019 12:27:01 UTC
Severity: normal
Tags: patch
Done: Marius Bakke <mbakke <at> fastmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 35698 in the body.
You can then email your comments to 35698 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#35698; Package
guix-patches.
(Sun, 12 May 2019 12:27:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Marius Bakke <mbakke <at> fastmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Sun, 12 May 2019 12:27:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2019-10129 and CVE-2019-10130.
* gnu/packages/databases.scm (postgresql)[replacement]: New field.
(postgresql-10.8): New variable.
---
gnu/packages/databases.scm | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index b632f05db4..295395f035 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -800,6 +800,7 @@ as a drop-in replacement of MySQL.")
(package
(name "postgresql")
(version "10.7")
+ (replacement postgresql-10.8)
(source (origin
(method url-fetch)
(uri (string-append "https://ftp.postgresql.org/pub/source/v"
@@ -842,6 +843,22 @@ TIMESTAMP. It also supports storage of binary large objects, including
pictures, sounds, or video.")
(license (license:x11-style "file://COPYRIGHT"))))
+;; This release fixes CVE-2019-10129 and CVE-2019-10130. See
+;; <https://www.postgresql.org/about/news/1939/> for details.
+;; TODO: Remove this in the next rebuild cycle.
+(define-public postgresql-10.8
+ (package
+ (inherit postgresql)
+ (version "10.8")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://ftp.postgresql.org/pub/source/v"
+ version "/postgresql-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "0pfdmy4w95b49w9rkn8dwvzmi2brpqfvbxd04y0k0s0xvymc565i"))
+ (patches (search-patches "postgresql-disable-resolve_symlinks.patch"))))))
+
(define-public postgresql-9.6
(package
(inherit postgresql)
--
2.21.0
Reply sent
to
Marius Bakke <mbakke <at> fastmail.com>:
You have taken responsibility.
(Sat, 25 May 2019 10:58:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Marius Bakke <mbakke <at> fastmail.com>:
bug acknowledged by developer.
(Sat, 25 May 2019 10:58:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 35698-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes:
> This fixes CVE-2019-10129 and CVE-2019-10130.
>
> * gnu/packages/databases.scm (postgresql)[replacement]: New field.
> (postgresql-10.8): New variable.
I almost forgot this patch.
Pushed in a52c807a393ae0a9b59918a4f451c9e59ff7ec0e.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 22 Jun 2019 11:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 303 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.