KEMBAR78
postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 15.7, 16.2 -> 16.3, fix CVE-2024-4317 for 14+ by Ma27 · Pull Request #310580 · NixOS/nixpkgs · GitHub
Skip to content

postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 15.7, 16.2 -> 16.3, fix CVE-2024-4317 for 14+ #310580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 12, 2024
Merged

postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 15.7, 16.2 -> 16.3, fix CVE-2024-4317 for 14+ #310580

merged 6 commits into from
May 12, 2024

Conversation

Ma27
Copy link
Member

@Ma27 Ma27 commented May 10, 2024

Description of changes

Announcement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/

cc @wolfgangwalther @ajs124 @mweinelt

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@Ma27 Ma27 requested a review from thoughtpolice as a code owner May 10, 2024 13:23
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: documentation This PR adds or changes documentation 8.has: changelog This PR adds or changes release notes 8.has: module (update) This PR changes an existing module in `nixos/` labels May 10, 2024
@Ma27
Copy link
Member Author

Ma27 commented May 10, 2024
edited
Loading

Note: nominatim is still building, would like to see if it just works with latest postgresql. Otherwise I'd mark it as broken.

SGTM. cc @mausch

@ofborg ofborg bot added the 8.has: clean-up This PR removes packages or removes other cruft label May 10, 2024
@ofborg ofborg bot requested review from cpages, danbst, globin and ivan May 10, 2024 13:50
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 2501-5000 This PR causes many rebuilds on Darwin and should target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels May 10, 2024
@Ma27 Ma27 added the 1.severity: security Issues which raise a security issue, or PRs that fix one label May 10, 2024
Ma27 added a commit to Ma27/nixpkgs that referenced this pull request May 10, 2024
@Ma27
postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 1…
5ecfec6 
…5.7, 16.2 -> 16.3, fix CVE-2024-4317

Announcement: Announcement: https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/

Backport of NixOS#310580
@Ma27 Ma27 mentioned this pull request May 10, 2024
Merged
13 tasks
@wolfgangwalther
Copy link
Contributor

There is this piece in generic.nix:

    # TODO: Remove after the next set of minor releases on May 9th 2024
    preCheck =
      # On musl, comment skip the following tests, because they break due to
      #     ! ERROR:  could not load library "/build/postgresql-11.5/tmp_install/nix/store/...-postgresql-11.5-lib/lib/libpqwalreceiver.so": Error loading shared library libpq.so.5: No such file or directory (needed by /build/postgresql-11.5/tmp_install/nix/store/...-postgresql-11.5-lib/lib/libpqwalreceiver.so)
      # See also here:
      #     https://git.alpinelinux.org/aports/tree/main/postgresql/disable-broken-tests.patch?id=6d7d32c12e073a57a9e5946e55f4c1fbb68bd442
      if stdenv'.hostPlatform.isMusl then ''
        substituteInPlace src/test/regress/parallel_schedule \
          --replace "subscription" "" \
          --replace "object_address" ""
      '' else null;

This can be removed entirely. We better double check whether pkgsMusl.postgresql builds fine after, but it should.

wolfgangwalther
wolfgangwalther reviewed May 10, 2024
View reviewed changes
Ma27 added 5 commits May 11, 2024 18:09
@Ma27 Ma27 force-pushed the bump-postgresql branch from 765d7bc to 0616f7a Compare May 11, 2024 16:09
@github-actions github-actions bot removed 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: documentation This PR adds or changes documentation 8.has: changelog This PR adds or changes release notes 8.has: module (update) This PR changes an existing module in `nixos/` labels May 11, 2024
@Ma27
Copy link
Member Author

Ma27 commented May 11, 2024

Updated, v12 is part of the PR now.

@Ma27 Ma27 changed the title postgresql: remove 12, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 15.7, 16.2 -> 16.3, fix CVE-2024-4317 for 14+ postgresql: 12.18 -> 12.19, 13.14 -> 13.15, 14.11 -> 14.12, 15.6 -> 15.7, 16.2 -> 16.3, fix CVE-2024-4317 for 14+ May 11, 2024
@Ma27 Ma27 requested review from mweinelt and wolfgangwalther May 11, 2024 16:17
@wolfgangwalther
Copy link
Contributor

The other comment above still applies: #310580 (comment)

I added that TODO do remove the test exceptions with the next minor release, so we should do that now.

@Ma27
Copy link
Member Author

Ma27 commented May 11, 2024
edited
Loading

Pushed a fix, currently running a pkgsMusl build just to be sure.

EDIT: looks good.

@wolfgangwalther
Copy link
Contributor

Pushed a fix

@Ma27 Did you actually push? I can't see the changes in the PR.

@Ma27
Copy link
Member Author

Ma27 commented May 11, 2024

Now I did, apologies!
Was in a hurry this afternoon.

@ofborg ofborg bot added the 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. label May 11, 2024
@Ma27 Ma27 merged commit 35f77cc into NixOS:staging May 12, 2024
@Ma27 Ma27 deleted the bump-postgresql branch May 12, 2024 12:00
@mausch mausch mentioned this pull request May 15, 2024
Merged
13 tasks
@wolfgangwalther wolfgangwalther mentioned this pull request Jun 4, 2024
Merged
wolfgangwalther added a commit to wolfgangwalther/nixpkgs that referenced this pull request Jun 14, 2024
@wolfgangwalther
postgresql: add readme with eol-policy
0487937 
This was discussed and agreed on in [1].

[1]: NixOS#310580 (comment)
wegank pushed a commit to RaitoBezarius/nixpkgs that referenced this pull request Jun 20, 2024
@wolfgangwalther @wegank
postgresql: add readme with eol-policy
0fd54cc 
This was discussed and agreed on in [1].

[1]: NixOS#310580 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thoughtpolice thoughtpolice Awaiting requested review from thoughtpolice

@globin globin Awaiting requested review from globin

@danbst danbst Awaiting requested review from danbst

@cpages cpages Awaiting requested review from cpages

@ivan ivan Awaiting requested review from ivan

@mweinelt mweinelt Awaiting requested review from mweinelt

@wolfgangwalther wolfgangwalther Awaiting requested review from wolfgangwalther

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: clean-up This PR removes packages or removes other cruft 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 2501-5000 This PR causes many rebuilds on Darwin and should target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Ma27 @wolfgangwalther @mweinelt