GNU bug report logs - #73692
[PATCH] gnu: timescaledb: Update to 2.16.1. [security fixes]

Previous Next

Package: guix-patches;

Reported by: Nicolas Graves <ngraves <at> ngraves.fr>

Date: Tue, 8 Oct 2024 06:27:02 UTC

Severity: normal

Tags: patch

Done: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>

Bug is archived. No further changes may be made.

Full log

Message #44 received at 73692 <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Graves <ngraves <at> ngraves.fr>
To: 73692 <at> debbugs.gnu.org
Cc: Nicolas Graves <ngraves <at> ngraves.fr>
Subject: [PATCH v7 1/2] gnu: timescaledb: Update to 2.16.1. [security fixes]
Date: Sun, 20 Oct 2024 16:05:15 +0200

This fixes CVE-2023-25149.

* gnu/packages/databases.scm (timescaledb): Update to 2.16.1.
[arguments]<#:phases>: Remove comment and symlink trick in
'prepare-tests phase.
---
 gnu/packages/databases.scm | 21 +++------------------
 1 file changed, 3 insertions(+), 18 deletions(-)

diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index f05566becd..df346893b8 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1412,7 +1412,7 @@ (define-public postgresql postgresql-14)
 (define-public timescaledb
   (package
     (name "timescaledb")
-    (version "2.8.1")
+    (version "2.16.1")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -1421,7 +1421,7 @@ (define-public timescaledb
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "1gbadna0ilmqad7sbrixm12wd71h43njhsbp1kh5lispb6drdb6r"))
+                "1v17x00a15il4r3rbr0waqjv1nwzy6rcqxgfi2hdk1x235s5dg5h"))
               (modules '((guix build utils)))
               (snippet
                ;; Remove files carrying the proprietary TIMESCALE license.
@@ -1476,22 +1476,7 @@ (define-public timescaledb
                          (pg-union (string-append (getcwd) "/../pg-union")))
                      (match inputs
                        (((names . directories) ...)
-                        ;; PG will only load extensions from its own $libdir,
-                        ;; which it calculates based on argv[0].  As of
-                        ;; PostgreSQL 13.6, it calls 'canonicalize_path' on
-                        ;; argv[0] so a merge symlink is not enough to trick
-                        ;; it; thus, the code below makes a full copy of PG
-                        ;; and friends such that 'pg_config --libdir', for
-                        ;; instance, points to PG-UNION, allowing it to load
-                        ;; the timescaledb extension.
-                        ;; TODO: The above comment and the #:symlink trick can
-                        ;; be removed in the next rebuild cycle.
-                        (union-build pg-union (cons #$output directories)
-                                     #:symlink
-                                     (lambda (old new)
-                                       (if (file-is-directory? old)
-                                           (copy-recursively old new)
-                                           (copy-file old new))))))
+                        (union-build pg-union (cons #$output directories))))
                      (setenv "PATH" (string-append pg-union "/bin:"
                                                    (getenv "PATH")))
                      (invoke "initdb" "-D" pg-data)
-- 
2.46.0
This bug report was last modified 291 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.