From unknown Sun Aug 17 22:03:06 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#35698 <35698@debbugs.gnu.org> To: bug#35698 <35698@debbugs.gnu.org> Subject: Status: [PATCH] gnu: postgresql: Replace with 10.8 [security fixes]. Reply-To: bug#35698 <35698@debbugs.gnu.org> Date: Mon, 18 Aug 2025 05:03:06 +0000 retitle 35698 [PATCH] gnu: postgresql: Replace with 10.8 [security fixes]. reassign 35698 guix-patches submitter 35698 Marius Bakke severity 35698 normal tag 35698 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sun May 12 08:26:13 2019 Received: (at submit) by debbugs.gnu.org; 12 May 2019 12:26:13 +0000 Received: from localhost ([127.0.0.1]:42068 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hPnYT-0005XC-AA for submit@debbugs.gnu.org; Sun, 12 May 2019 08:26:13 -0400 Received: from eggs.gnu.org ([209.51.188.92]:56407) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hPnYR-0005Wx-Fq for submit@debbugs.gnu.org; Sun, 12 May 2019 08:26:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:45176) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hPnYM-0003q2-Bd for submit@debbugs.gnu.org; Sun, 12 May 2019 08:26:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42551) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hPnYL-00033j-8F for guix-patches@gnu.org; Sun, 12 May 2019 08:26:06 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hPnYK-0003p3-4F for guix-patches@gnu.org; Sun, 12 May 2019 08:26:05 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:54007) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hPnYJ-0003oH-Rb for guix-patches@gnu.org; Sun, 12 May 2019 08:26:04 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 4DA0B207E1 for ; Sun, 12 May 2019 08:26:02 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sun, 12 May 2019 08:26:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=fm2; bh=kiQTPRytPv0njNzlBHnJPPZ/nK P3Xge17qVsPhO+GKM=; b=DqOy5zJNpbE1KUk3sONvl+0+oh6VrCYh6rMBl+hd7s W+2M8jV3EQiVja8gaC8XKV49ZB0uMRISGRcStrXRaPzG1wr5P3J1/+H32tPJkz76 mIUfGiEHdp/vi1SwYKihdRsEuCOC1cva4PEegXpUlXTwV1Cqc2a/OHnwrJmT+x7u GBRziSEoLFLH75sU4EB5n2Zk7mFUjTlwAs1g1eIax7Wu4WNwQCYpbjArlwsLCsfB 5EWS9CdX2Uj7I4LC5Q3qtrYTHspVh9VA2A4tKA4pgOuMM8fgh5eoWW0GA3QI5hLw 0p8SW7j7rMu20gVw26/QV5N5kqTqX20Ng5N0XyeVvahQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=kiQTPRytPv0njNzlB HnJPPZ/nKP3Xge17qVsPhO+GKM=; b=v42DMRQykbq2s8MDcGH/x2OKsXW9NBOYO nE59bNdOAXeEymeGtoyun5NpB+cMkJY72Cn0MRMpV9MaaY888wBzh0w6hkos+erz 77dghHESGLQT//LMW+OoxdN3JBh9Xhua4LdpKyXN9tEJyzX7tC72P6l7feKt/UdQ H3E59hnIZrOSHSOVrp+xxDRtZQ237F8WgHGigSxpBHMaQn6JshSoTwmoSI5QxjJh dGip8ZNs7cLwG/GE8RDK7JrSiE4ICTqjq3J8MqnPQTt0DEqekgqn0xia/SQFWikU wjCIGabzVPoBBmOrOpf6o6PSAygEJ6SBCF1AN28gaRHS7vMeDmx9Q== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrledvgdehfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffoggfgsedtkeertdertd dtnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhkvgesfhgrshhtmhgr ihhlrdgtohhmqeenucffohhmrghinhepphhoshhtghhrvghsqhhlrdhorhhgnecukfhppe eivddrudeirddvvdeirddugedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmsggrkhhk vgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 8078280061 for ; Sun, 12 May 2019 08:26:01 -0400 (EDT) From: Marius Bakke To: guix-patches@gnu.org Subject: [PATCH] gnu: postgresql: Replace with 10.8 [security fixes]. Date: Sun, 12 May 2019 14:25:50 +0200 Message-Id: <20190512122550.3499-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 66.111.4.26 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) This fixes CVE-2019-10129 and CVE-2019-10130. * gnu/packages/databases.scm (postgresql)[replacement]: New field. (postgresql-10.8): New variable. --- gnu/packages/databases.scm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index b632f05db4..295395f035 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -800,6 +800,7 @@ as a drop-in replacement of MySQL.") (package (name "postgresql") (version "10.7") + (replacement postgresql-10.8) (source (origin (method url-fetch) (uri (string-append "https://ftp.postgresql.org/pub/source/v" @@ -842,6 +843,22 @@ TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video.") (license (license:x11-style "file://COPYRIGHT")))) +;; This release fixes CVE-2019-10129 and CVE-2019-10130. See +;; for details. +;; TODO: Remove this in the next rebuild cycle. +(define-public postgresql-10.8 + (package + (inherit postgresql) + (version "10.8") + (source (origin + (method url-fetch) + (uri (string-append "https://ftp.postgresql.org/pub/source/v" + version "/postgresql-" version ".tar.bz2")) + (sha256 + (base32 + "0pfdmy4w95b49w9rkn8dwvzmi2brpqfvbxd04y0k0s0xvymc565i")) + (patches (search-patches "postgresql-disable-resolve_symlinks.patch")))))) + (define-public postgresql-9.6 (package (inherit postgresql) -- 2.21.0 From debbugs-submit-bounces@debbugs.gnu.org Sat May 25 06:57:42 2019 Received: (at 35698-done) by debbugs.gnu.org; 25 May 2019 10:57:42 +0000 Received: from localhost ([127.0.0.1]:48240 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUUMw-0006ku-07 for submit@debbugs.gnu.org; Sat, 25 May 2019 06:57:42 -0400 Received: from wout3-smtp.messagingengine.com ([64.147.123.19]:33263) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hUUMr-0006ka-A9 for 35698-done@debbugs.gnu.org; Sat, 25 May 2019 06:57:37 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 8E91D429 for <35698-done@debbugs.gnu.org>; Sat, 25 May 2019 06:57:31 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sat, 25 May 2019 06:57:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm2; bh=Fwn7CLX/ho3Hd6ZdYHgLztpO3k fbKxuMrfy0gi4Q5Co=; b=YG9G5QctWjuufUCpyGKFCglLOZCimjY6eC9ILxfYE7 j3H2/aK3tHrfWxACeYQ0R+kr3tUJlV4jHcabIl8MUux4vWqt64KVhlr99I/wVHC5 KzdH6uvzkFjuFO4ABG9PPxKFV6kbAMv6+YwUjrd5AgYcDaxnpovpKAkCslbb2dgx r9qnzhKN/Dm6rq9FxfU50UgctIgbG3M2h4tW0tEHvEibburfNKSggUC6xthXdW9A k1ZfdaQdUAxKYDRqWZPHIaYz4AHKjAEtltkEFNDzVFlA26aTjoHy7rTtw7UdIH0z 63Pvw+bSHHEe3BqVI57tn28ncy4q8PAeA+84CWGHFttg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Fwn7CL X/ho3Hd6ZdYHgLztpO3kfbKxuMrfy0gi4Q5Co=; b=z+wjI3Td/Hg26LsNSs2/fS nNFfyoYGeI/TfLESVDP2Z8qX7TK+0HmzQp6zn8Ag97nDRbCbF9j1N4q9PP/sZkjb DA+dCR91JthZksKp1QlJmb5YI5fKoQDBmBBadhAmsPvQ638/lM4ncr3VC5twk351 wDObFYNkA4OcUr8Azqqr6cTi5PL290zs8xBsBwjQsm5i8s0O8yGqGUgIxFqgeCNQ IOcJnxLou4xgC7y+DNtiDhEkpozbSrhJzlPX15ydiMwNYVSGMWS3/UCkHAD7XXEB SpogFQFeCXwKqVwRfR6iOdBQMg+KlE2WpKInI4ettjg279dwrB62XpLCK7w9HsVw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddruddukedgfeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffujghffgffkfggtgesghdtre ertdertdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghs thhmrghilhdrtghomheqnecukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhs thgvrhfuihiivgepud X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id A5633380073 for <35698-done@debbugs.gnu.org>; Sat, 25 May 2019 06:57:30 -0400 (EDT) From: Marius Bakke To: 35698-done@debbugs.gnu.org Subject: Re: [bug#35698] [PATCH] gnu: postgresql: Replace with 10.8 [security fixes]. In-Reply-To: <20190512122550.3499-1-mbakke@fastmail.com> References: <20190512122550.3499-1-mbakke@fastmail.com> User-Agent: Notmuch/0.28.4 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) Date: Sat, 25 May 2019 12:57:29 +0200 Message-ID: <877eaeer8m.fsf@devup.no> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 35698-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Marius Bakke writes: > This fixes CVE-2019-10129 and CVE-2019-10130. > > * gnu/packages/databases.scm (postgresql)[replacement]: New field. > (postgresql-10.8): New variable. I almost forgot this patch. Pushed in a52c807a393ae0a9b59918a4f451c9e59ff7ec0e. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlzpH5kACgkQoqBt8qM6 VPrmZgf/Ycvg+sZxCFBbwLCSftoo88j3ds99j2uNS8B4cX2HGBLvsLd1Nkvk4rUG kZETsbvLQ+pSAttvtmNN80UEIukHcHbKQ8pYrRlb2t3TnBgoYicJAriq6gzweQPv u0OIlZI3SgfU47CuOEsQYzajoiS5fM2h9kc/Mv0q5JZI+nEVqxsXkMV1n9wpjRqu vllN/PWAgosqc2HNdbbZ12uKgBjCN3iOGp4QiBOsE+aaAMnXJbkZuzr1ks2YYrkH Lu/j+FEsWOLFOnULE1ZaU09Jv3mfTG3RkZ2MGhYhoccFrZQHJdaDCNfNQi8ykqQV SXhmYQIbZ+wR+jiby564PkSXifp5jg== =OW0s -----END PGP SIGNATURE----- --=-=-=-- From unknown Sun Aug 17 22:03:06 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 22 Jun 2019 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator