Your message dated Wed, 12 May 2021 15:34:09 +0000
with message-id <[email protected]>
and subject line Bug#984473: fixed in postgresql-common 226
has caused the Debian Bug report #984473,
regarding postgresql-common: Only add postgres user to ssl-cert group if it's
not already in the group
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
984473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984473
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: postgresql-common
Version: 225
Severity: normal
The postgres postinst script creates the postgres user with matching
group if, and only if, it doesn't already exist. It also adds the user
to the ssl-cert but does this unconditionally, which is a bit
inconsistent.
This has cropped up in certain corner cases where the system config is
unwriteable for some odd reason (in one reported case, due to broken
oneconf; in a more immediate case we're hitting it building postgres
inside Docker, possibly due to a change in glibc/libseccomp behavior).
This change makes the postinst script more consistent in how it handles
setting up the postgres user's groups, and in so doing enables a
workaround for corner cases: the postgres user can be set up prior to
installing postgres; the postinst will then skip trying to make those
changes itself.
-- System Information:
Debian Release: bullseye/sid
APT prefers focal-updates
APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal'),
(100, 'focal-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.4.0-65-generic (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to
en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to
en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: postgresql-common
Source-Version: 226
Done: Christoph Berg <[email protected]>
We believe that the bug you reported is fixed in the latest version of
postgresql-common, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <[email protected]> (supplier of updated postgresql-common package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 12 May 2021 17:16:38 +0200
Source: postgresql-common
Architecture: source
Version: 226
Distribution: experimental
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <[email protected]>
Changed-By: Christoph Berg <[email protected]>
Closes: 984473
Changes:
postgresql-common (226) experimental; urgency=medium
.
[ Christoph Berg ]
* pg_backupcluster, pg_restorecluster: New front-ends to pg_basebackup,
pg_receivewal and pg_dump with systemd service/timer integration.
* pg_dropcluster: Disable cluster and backup services on drop.
* pg_upgradecluster: Deprecate vacuum_cleanup_index_scale_factor in 14.
* Promote libjson-perl to Depends.
* Move cluster owner verification from pg_ctlcluster to new PgCommon.pm
function validate_cluster_owner and use it in pg_upgradecluster,
pg_renamecluster, pg_dropcluster. (Extends the CVE-2019-3466 fix.)
* PgCommon.pm: documentation converted to POD, many thanks to Pablo Valdés
for the excellent patch!
* PgCommon.pm error: Use die() instead of exit().
* supported-versions: Drop support for 9.5 on apt.postgresql.org.
.
[ Hanefi Onaldi ]
* pg_buildext build: Move extra_cflags from command line arguments to COPT
so Makefile.global CFLAGS are not overridden
.
[ Bryce Harrington ]
* d/postinst: Only add postgres to group ssl-cert if it isn't
already a member of that group. (Closes: #984473, LP: #1690432)
Checksums-Sha1:
132d728ba6035a8383d1ec789b5ba2c2bcb49912 2430 postgresql-common_226.dsc
aa9df892ee5677b9bf12b460ac6c705b16b27ca0 228608 postgresql-common_226.tar.xz
Checksums-Sha256:
0aab414d61f96f84196d5a4157b873c8a887c04f01dca2d9a0eea29dbd5e1d1d 2430
postgresql-common_226.dsc
9a278938a5c0579ac2caeea4805839f9e073d9640240defc6d9c8f754e5c9657 228608
postgresql-common_226.tar.xz
Files:
a9ad5136543d24705bdc74b3612f3661 2430 database optional
postgresql-common_226.dsc
6eda8ae3308da881bda74de6e85b2ec2 228608 database optional
postgresql-common_226.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmCb86MACgkQTFprqxLS
p654OhAAtywJZwkhETrhQG7qLEd7KMpo8pfpMNemumQJTGcN8ABXzI4RV4Yutqe6
DcyQS3NCt+3igBhxtG+Nipqbgs8wbFJMv6qMAYlJv2e8/z946IKVACQf7VU2GvA9
y5Gz3QVi8Js1TnrgAbR+0FIGAqsD15UmEhq5Aj0oJkaddXAXZMQkCzT02gSb9xCP
8kGyJ/q55tnxy3DpILRw3YJYMTyk5t5cByoHLin+MtYkfagcxxI5a7lSk/SoirOf
9B5sr6sjxWfRUjtow30p35G6560rx8JKQY1d8bAAdfsWp+JmGUUVomacwTTYYKVE
U69vEwSEILdSUGQSs8oqu0sFK+DhjDBPhf4DdCAjm7Qy6oa3cR8ad2tAfHV9m7vN
FRhGJPAxPTGEXgpawsUBgxkk3QCkE7Y2Slcyd0fDNe2j+A6G/daI+sQ0gel7HF4z
MgnwQwQmWEbRn87cbPNNr92XTkYes5MeIgg5wkWrCdsHd6zIw8ZSz/fQz8ovEylk
wZDniBhsL9SI859BT+meCDR6ViuDMMsd8HJprplNUBKwTFafFacD5VGk5LJj9HNT
ezXG77z7rmOUwwJKmGqsX4tUVsaJX+ySIUOt66C6Z5fRAlUckqedHVyfplJBbtRC
52B1mf80uKyXF0tveSP7v801QYRzy4k1ZytkyFSMwKGJ+Op46kI=
=Rkk4
-----END PGP SIGNATURE-----
--- End Message ---
