gnu: postgresql-15: Update to 16.4. [security fixes]

This fixes CVE-2024-7348. * /gnu/packages/databases.scm (postgresql-15): Move from here... (postgresql-16): ... to here. [version]: Update to 16.4. [source]: Adapt source and add patch. [native-inputs]: Add pkg-config. [inputs]: Add icu4c. * gnu/packages/patches/postgresql-disable-normalize_exec_path.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Change-Id: I57771ebcf462bdeca73eda157274db089816fd12
2025-01-18 21:46:35 +01:00 · 2024-10-27 00:47:24 +02:00 · 2024-10-27 00:47:24 +02:00 · 09bbdc3ead
commit 09bbdc3ead
parent 168001df96
3 changed files with 51 additions and 6 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1988,6 +1988,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/portaudio-audacity-compat.patch		\
  %D%/packages/patches/portmidi-modular-build.patch		\
  %D%/packages/patches/postgresql-disable-resolve_symlinks.patch	\
+  %D%/packages/patches/postgresql-disable-normalize_exec_path.patch	\
  %D%/packages/patches/procmail-ambiguous-getline-debian.patch  \
  %D%/packages/patches/procmail-CVE-2014-3618.patch		\
  %D%/packages/patches/procmail-CVE-2017-16844.patch		\
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@ -1289,18 +1289,19 @@ (define-public galera
    (license license:gpl2)))                  ;'COPYING' says "version 2" only

 ;; Don't forget to update the other postgresql packages when upgrading this one.
-(define-public postgresql-15
+(define-public postgresql-16
  (package
    (name "postgresql")
-    (version "15.7")
+    (version "16.4")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://ftp.postgresql.org/pub/source/v"
                                  version "/postgresql-" version ".tar.bz2"))
              (sha256
               (base32
-                "1xwq1592k1r64ki9bmkcyw39416kymabdfxbkpiqaqxbhnaf8vx4"))
-              (patches (search-patches "postgresql-disable-resolve_symlinks.patch"))))
+                "0vvd73rzj0sl294v15bh8yslakqv412bxqzlkqxyjwxa8pb6c5wp"))
+              (patches (search-patches
+                        "postgresql-disable-normalize_exec_path.patch"))))
    (build-system gnu-build-system)
    (arguments
     (list
@ -1338,8 +1339,10 @@ (define-public postgresql-15
                (invoke "make" "postgres.info")
                (install-file "postgres.info"
                              (string-append #$output "/share/info"))))))))
-    (native-inputs (list docbook-xml-4.5 docbook2x libxml2 perl texinfo))
-    (inputs (list readline `(,util-linux "lib") openssl zlib))
+    (native-inputs
+     (list docbook-xml-4.5 docbook2x libxml2 perl pkg-config texinfo))
+    (inputs
+     (list icu4c readline `(,util-linux "lib") openssl zlib))
    (home-page "https://www.postgresql.org/")
    (synopsis "Powerful object-relational database system")
    (description
@ -1351,6 +1354,25 @@ (define-public postgresql-15
 pictures, sounds, or video.")
    (license (license:x11-style "file://COPYRIGHT"))))

+(define-public postgresql-15
+  (package
+    (inherit postgresql-16)
+    (name "postgresql")
+    (version "15.8")
+    (source (origin
+              (inherit (package-source postgresql-16))
+              (uri (string-append "https://ftp.postgresql.org/pub/source/v"
+                                  version "/postgresql-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "0snbxmlygf7m4cxjpscmz3yjn4lnqsw313y9xgpv7vk9k9gm20s4"))
+              (patches (search-patches
+                        "postgresql-disable-resolve_symlinks.patch"))))
+    (native-inputs (modify-inputs (package-native-inputs postgresql-16)
+                     (delete "pkg-config")))
+    (inputs (modify-inputs (package-inputs postgresql-16)
+              (delete "icu4c")))))
+
 (define-public postgresql-14
  (package
    (inherit postgresql-15)
--- a/gnu/packages/patches/postgresql-disable-normalize_exec_path.patch
+++ b/gnu/packages/patches/postgresql-disable-normalize_exec_path.patch
@ -0,0 +1,22 @@
+diff --git a/src/common/exec.c b/src/common/exec.c
+index f209b93..ed42202 100644
+--- a/src/common/exec.c
+++ b/src/common/exec.c
+@@ -238,6 +238,14 @@ find_my_exec(const char *argv0, char *retpath)
+ static int
+ normalize_exec_path(char *path)
+ {
+	/*
+	 * Guix specific patch: postgresql extensions need to be located in the
+	 * same directory as postgresql.
+	 * In Guix we currently use directory-unions to create extended postgresql
+	 * packages. Directory unions use symlinks, that's why we need to be able
+	 * to use symlinks.
+	 */
+	return 0;
+ 	/*
+ 	 * We used to do a lot of work ourselves here, but now we just let
+ 	 * realpath(3) do all the heavy lifting.
+-- 
+2.46.0
+