mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-31 14:56:54 +01:00
gnu: postgresql-15: Update to 16.4. [security fixes]
This fixes CVE-2024-7348. * /gnu/packages/databases.scm (postgresql-15): Move from here... (postgresql-16): ... to here. [version]: Update to 16.4. [source]: Adapt source and add patch. [native-inputs]: Add pkg-config. [inputs]: Add icu4c. * gnu/packages/patches/postgresql-disable-normalize_exec_path.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Change-Id: I57771ebcf462bdeca73eda157274db089816fd12
This commit is contained in:
parent
168001df96
commit
09bbdc3ead
3 changed files with 51 additions and 6 deletions
|
@ -1988,6 +1988,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/portaudio-audacity-compat.patch \
|
%D%/packages/patches/portaudio-audacity-compat.patch \
|
||||||
%D%/packages/patches/portmidi-modular-build.patch \
|
%D%/packages/patches/portmidi-modular-build.patch \
|
||||||
%D%/packages/patches/postgresql-disable-resolve_symlinks.patch \
|
%D%/packages/patches/postgresql-disable-resolve_symlinks.patch \
|
||||||
|
%D%/packages/patches/postgresql-disable-normalize_exec_path.patch \
|
||||||
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
|
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
|
||||||
%D%/packages/patches/procmail-CVE-2014-3618.patch \
|
%D%/packages/patches/procmail-CVE-2014-3618.patch \
|
||||||
%D%/packages/patches/procmail-CVE-2017-16844.patch \
|
%D%/packages/patches/procmail-CVE-2017-16844.patch \
|
||||||
|
|
|
@ -1289,18 +1289,19 @@ (define-public galera
|
||||||
(license license:gpl2))) ;'COPYING' says "version 2" only
|
(license license:gpl2))) ;'COPYING' says "version 2" only
|
||||||
|
|
||||||
;; Don't forget to update the other postgresql packages when upgrading this one.
|
;; Don't forget to update the other postgresql packages when upgrading this one.
|
||||||
(define-public postgresql-15
|
(define-public postgresql-16
|
||||||
(package
|
(package
|
||||||
(name "postgresql")
|
(name "postgresql")
|
||||||
(version "15.7")
|
(version "16.4")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "https://ftp.postgresql.org/pub/source/v"
|
(uri (string-append "https://ftp.postgresql.org/pub/source/v"
|
||||||
version "/postgresql-" version ".tar.bz2"))
|
version "/postgresql-" version ".tar.bz2"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"1xwq1592k1r64ki9bmkcyw39416kymabdfxbkpiqaqxbhnaf8vx4"))
|
"0vvd73rzj0sl294v15bh8yslakqv412bxqzlkqxyjwxa8pb6c5wp"))
|
||||||
(patches (search-patches "postgresql-disable-resolve_symlinks.patch"))))
|
(patches (search-patches
|
||||||
|
"postgresql-disable-normalize_exec_path.patch"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
(list
|
(list
|
||||||
|
@ -1338,8 +1339,10 @@ (define-public postgresql-15
|
||||||
(invoke "make" "postgres.info")
|
(invoke "make" "postgres.info")
|
||||||
(install-file "postgres.info"
|
(install-file "postgres.info"
|
||||||
(string-append #$output "/share/info"))))))))
|
(string-append #$output "/share/info"))))))))
|
||||||
(native-inputs (list docbook-xml-4.5 docbook2x libxml2 perl texinfo))
|
(native-inputs
|
||||||
(inputs (list readline `(,util-linux "lib") openssl zlib))
|
(list docbook-xml-4.5 docbook2x libxml2 perl pkg-config texinfo))
|
||||||
|
(inputs
|
||||||
|
(list icu4c readline `(,util-linux "lib") openssl zlib))
|
||||||
(home-page "https://www.postgresql.org/")
|
(home-page "https://www.postgresql.org/")
|
||||||
(synopsis "Powerful object-relational database system")
|
(synopsis "Powerful object-relational database system")
|
||||||
(description
|
(description
|
||||||
|
@ -1351,6 +1354,25 @@ (define-public postgresql-15
|
||||||
pictures, sounds, or video.")
|
pictures, sounds, or video.")
|
||||||
(license (license:x11-style "file://COPYRIGHT"))))
|
(license (license:x11-style "file://COPYRIGHT"))))
|
||||||
|
|
||||||
|
(define-public postgresql-15
|
||||||
|
(package
|
||||||
|
(inherit postgresql-16)
|
||||||
|
(name "postgresql")
|
||||||
|
(version "15.8")
|
||||||
|
(source (origin
|
||||||
|
(inherit (package-source postgresql-16))
|
||||||
|
(uri (string-append "https://ftp.postgresql.org/pub/source/v"
|
||||||
|
version "/postgresql-" version ".tar.bz2"))
|
||||||
|
(sha256
|
||||||
|
(base32
|
||||||
|
"0snbxmlygf7m4cxjpscmz3yjn4lnqsw313y9xgpv7vk9k9gm20s4"))
|
||||||
|
(patches (search-patches
|
||||||
|
"postgresql-disable-resolve_symlinks.patch"))))
|
||||||
|
(native-inputs (modify-inputs (package-native-inputs postgresql-16)
|
||||||
|
(delete "pkg-config")))
|
||||||
|
(inputs (modify-inputs (package-inputs postgresql-16)
|
||||||
|
(delete "icu4c")))))
|
||||||
|
|
||||||
(define-public postgresql-14
|
(define-public postgresql-14
|
||||||
(package
|
(package
|
||||||
(inherit postgresql-15)
|
(inherit postgresql-15)
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
diff --git a/src/common/exec.c b/src/common/exec.c
|
||||||
|
index f209b93..ed42202 100644
|
||||||
|
--- a/src/common/exec.c
|
||||||
|
+++ b/src/common/exec.c
|
||||||
|
@@ -238,6 +238,14 @@ find_my_exec(const char *argv0, char *retpath)
|
||||||
|
static int
|
||||||
|
normalize_exec_path(char *path)
|
||||||
|
{
|
||||||
|
+ /*
|
||||||
|
+ * Guix specific patch: postgresql extensions need to be located in the
|
||||||
|
+ * same directory as postgresql.
|
||||||
|
+ * In Guix we currently use directory-unions to create extended postgresql
|
||||||
|
+ * packages. Directory unions use symlinks, that's why we need to be able
|
||||||
|
+ * to use symlinks.
|
||||||
|
+ */
|
||||||
|
+ return 0;
|
||||||
|
/*
|
||||||
|
* We used to do a lot of work ourselves here, but now we just let
|
||||||
|
* realpath(3) do all the heavy lifting.
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
Loading…
Reference in a new issue