Your message dated Thu, 13 May 2021 13:19:00 +0000
with message-id <[email protected]>
and subject line Bug#988121: fixed in postgresql-13 13.3-1
has caused the Debian Bug report #988121,
regarding postgresql-13: reduce Build-Depends
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988121: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988121
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: postgresql-13
Version: 13.2-1
Tags: patch
User: [email protected]
Usertags: cross-satisfiability
Making postgresql cross buildable likely is a longer story, but there
are already pieces that are readily applicable today.
The immediate issue is that its Build-Depends are not cross-satisfiably.
There are multiple reasons for this one of which is libio-pty-perl. I've
grepped through the sources for /io..?pty/i and found only occurences
used in tests. I've performed a nocheck build with this dependency
dropped and it worked. Unfortunately, since postgresql is not
reproducible, we cannot validate a nocheck build against a regular
build. Given these findings, I think it is a fair compromise to annotate
libio-pty-perl <!nocheck>. Do you agree?
Beyond this, I figured that libipc-run-perl can be dropped when passing
--disable-tap-tests, which seems fine during nocheck. Unfortunately,
postgresql embeds its configure flags in pg_config and others. Varying
configure flags therefore make postgresql unreproducible. Would it be
sensible to delete configure flags from pg_config?
In general, making postgresql reproducible would help a lot in further
reducing its Build-Depends as automated tools can tell you which
dependencies are unused in that case.
So can we just annotate libio-pty-perl for now?
Helmut
diff --minimal -Nru postgresql-13-13.2/debian/changelog
postgresql-13-13.2/debian/changelog
--- postgresql-13-13.2/debian/changelog 2021-02-10 17:33:55.000000000 +0100
+++ postgresql-13-13.2/debian/changelog 2021-05-06 06:53:00.000000000 +0200
@@ -1,3 +1,10 @@
+postgresql-13 (13.2-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Annotate libio-pty-perl dependency <!nocheck>. (Closes: #-1)
+
+ -- Helmut Grohne <[email protected]> Thu, 06 May 2021 06:53:00 +0200
+
postgresql-13 (13.2-1) unstable; urgency=medium
* New upstream version.
diff --minimal -Nru postgresql-13-13.2/debian/control
postgresql-13-13.2/debian/control
--- postgresql-13-13.2/debian/control 2021-01-29 13:35:42.000000000 +0100
+++ postgresql-13-13.2/debian/control 2021-05-06 06:52:59.000000000 +0200
@@ -20,7 +20,7 @@
gdb <!nocheck>,
gettext,
libicu-dev,
- libio-pty-perl,
+ libio-pty-perl <!nocheck>,
libipc-run-perl,
libkrb5-dev,
libldap2-dev,
--- End Message ---
--- Begin Message ---
Source: postgresql-13
Source-Version: 13.3-1
Done: Christoph Berg <[email protected]>
We believe that the bug you reported is fixed in the latest version of
postgresql-13, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <[email protected]> (supplier of updated postgresql-13 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 11 May 2021 22:10:35 +0200
Source: postgresql-13
Architecture: source
Version: 13.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <[email protected]>
Changed-By: Christoph Berg <[email protected]>
Closes: 988121
Changes:
postgresql-13 (13.3-1) unstable; urgency=medium
.
* New upstream version.
.
+ Prevent integer overflows in array subscripting calculations (Tom Lane)
.
The array code previously did not complain about cases where an array's
lower bound plus length overflows an integer. This resulted in later
entries in the array becoming inaccessible (since their subscripts could
not be written as integers), but more importantly it confused subsequent
assignment operations. This could lead to memory overwrites, with
ensuing crashes or unwanted data modifications. (CVE-2021-32027)
.
+ Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE
target lists (Tom Lane)
.
If the UPDATE list contains any multi-column sub-selects (which give
rise to junk columns in addition to the results proper), the UPDATE path
would end up storing tuples that include the values of the extra junk
columns. That's fairly harmless in the short run, but if new columns are
added to the table then the values would become accessible, possibly
leading to malfunctions if they don't match the datatypes of the added
columns.
.
In addition, in versions supporting cross-partition updates, a
cross-partition update triggered by such a case had the reverse problem:
the junk columns were removed from the target list, typically causing an
immediate crash due to malfunction of the multi-column sub-select
mechanism. (CVE-2021-32028)
.
+ Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for
joined cross-partition updates (Amit Langote, Etsuro Fujita)
.
If an UPDATE for a partitioned table caused a row to be moved to another
partition with a physically different row type (for example, one with a
different set of dropped columns), computation of RETURNING results for
that row could produce errors or wrong answers. No error is observed
unless the UPDATE involves other tables being joined to the target
table. (CVE-2021-32029)
.
* Mark libio-pty-perl and libipc-run-perl as <!nocheck>. (Closes: #988121)
Checksums-Sha1:
d7cb0dbad7ee0a13853abe7027e4742a26078a19 3655 postgresql-13_13.3-1.dsc
7a775f95367613ed5f7e4cd632586f9628475a92 21119109
postgresql-13_13.3.orig.tar.bz2
ba2728bd3df852ba28b9833c8bb869957ffb1c5c 28020
postgresql-13_13.3-1.debian.tar.xz
Checksums-Sha256:
052d8c1b538bb4ddc17378a444e19640f1bcd488474bed233711db38f253b678 3655
postgresql-13_13.3-1.dsc
3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1 21119109
postgresql-13_13.3.orig.tar.bz2
07d04c37e345db84bb1b5f0681a6cb5a12544e4f9329c922c75a80580b2ee9f0 28020
postgresql-13_13.3-1.debian.tar.xz
Files:
a6d7018c18cddc42e8317d8a6803a6e8 3655 database optional
postgresql-13_13.3-1.dsc
edf0e016fc53025bcabc7e793920f1c1 21119109 database optional
postgresql-13_13.3.orig.tar.bz2
ee77db4a44052ca0f7ab5eb5aeae9272 28020 database optional
postgresql-13_13.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmCc6nwACgkQTFprqxLS
p64SrhAAnF+FbLdNq4/Cy0l0AS4PfIl0SDLRSCrrbcWFJ44Yz88m0qAh/C1xjZPZ
eB6Jyb34hP7HEkLKD1lvPU7E8aq1sMbnDE0a9NUqc+FAKROQ31kaICHrp8VsyXKb
Bxp/6Pr28uAGdA7r72GgmTT9CQeMt10Mzcoh940HvPTPHzQtcj1oMtQd8Do7iq1p
t5wukf+W5hkqSNdv805YnWBqxWtrTRD6HKFXQOnsEd11ynJNC87HzdbWBVsSAcDs
9fgAreOujondTLaHJ5QAa0kfPDSTFEO6Jj1oAUKOGZwRQrkR9/hBoKEBivkThP3s
zwp7Drc+yt6hzy6qndBl6g/mhrcNqM9oxl4qZOEda7zM3Mfef6u2q6bGV2YZ5r0K
ZQ5z0HKEcQSWoJ81VRuRanXlwCHjLPLOtkzjhdQtOV0Hx3Cvt49Ki4HG8YQhDtpT
L9y3HyHmCq5Xi4UULjF2jkjdOuxpRbOJTdCwFgCRwcHqt3dnWyh/aEYYwJXE6nTw
HoUsXjVMPKihTxI6r5MZWwyNVP7XtRnTqKQa5onaTG1XGKcJKUzRYBFEYGYXrXIO
C7PvYhphT/LtI6rFVrW0xuKBw0vgC0dWq2mPexXtxvgajXwiJC01Sqv5XSXxqxef
FpzRHbIxXVawLmgXZFSGkZOJV2cT2XvgvLqVOrRSl0MGsYz3skw=
=POAc
-----END PGP SIGNATURE-----
--- End Message ---
