Your message dated Thu, 20 Feb 2025 14:50:00 +0000
with message-id <[email protected]>
and subject line Bug#1096243: fixed in postgresql-17 17.4-1
has caused the Debian Bug report #1096243,
regarding postgresql-17: FTBFS: make[2]: *** [Makefile:32: check] Error 1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1096243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1096243
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: postgresql-17
Version: 17.3-2
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: [email protected]
Usertags: ftbfs-20250215 ftbfs-trixie
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> make[2]: Entering directory
> '/build/reproducible-path/postgresql-17-17.3/build/src/test/ssl'
> echo "# +++ tap check in src/test/ssl +++" && rm -rf
> '/build/reproducible-path/postgresql-17-17.3/build/src/test/ssl'/tmp_check &&
> /bin/mkdir -p
> '/build/reproducible-path/postgresql-17-17.3/build/src/test/ssl'/tmp_check &&
> cd /build/reproducible-path/postgresql-17-17.3/build/../src/test/ssl &&
> TESTLOGDIR='/build/reproducible-path/postgresql-17-17.3/build/src/test/ssl/tmp_check/log'
>
> TESTDATADIR='/build/reproducible-path/postgresql-17-17.3/build/src/test/ssl/tmp_check'
>
> PATH="/build/reproducible-path/postgresql-17-17.3/build/tmp_install/usr/lib/postgresql/17/bin:/build/reproducible-path/postgresql-17-17.3/build/src/test/ssl:$PATH"
>
> LD_LIBRARY_PATH="/build/reproducible-path/postgresql-17-17.3/build/tmp_install/usr/lib/x86_64-linux-gnu"
>
> INITDB_TEMPLATE='/build/reproducible-path/postgresql-17-17.3/build'/tmp_install/initdb-template
> PGPORT='65432'
> top_builddir='/build/reproducible-path/postgresql-17-17.3/build/src/test/ssl/../../..'
>
> PG_REGRESS='/build/reproducible-path/postgresql-17-17.3/build/src/test/ssl/../../../src/test/regress/pg_regress'
> /usr/bin/prove -I
> /build/reproducible-path/postgresql-17-17.3/build/../src/test/perl/ -I
> /build/reproducible-path/postgresql-17-17.3/build/../src/test/ssl --verbose
> t/*.pl
> # +++ tap check in src/test/ssl +++
>
> # Failed test 'pg_stat_ssl with client certificate: exit code 0'
> # at t/001_ssltests.pl line 731.
>
> # Failed test 'pg_stat_ssl with client certificate: no stderr'
> # at t/001_ssltests.pl line 731.
> # got: 'psql: error: connection to server at "127.0.0.1", port 23938
> failed: Connection refused
> # Is the server running on that host and accepting TCP/IP connections?
> # '
> # expected: ''
>
> # Failed test 'pg_stat_ssl with client certificate: matches'
> # at t/001_ssltests.pl line 731.
> # ''
> # doesn't match
> '(?^mx:^pid,ssl,version,cipher,bits,client_dn,client_serial,issuer_dn\r?\n
> #
> ^\d+,t,TLSv[\d.]+,[\w-]+,\d+,/?CN=ssltestuser,\d+,/?CN\=Test\ CA\ for\
> PostgreSQL\ SSL\ regression\ test\ client\ certs\r?$)'
>
> # Failed test 'certificate authorization fails because of file permissions:
> matches'
> # at t/001_ssltests.pl line 755.
> # 'psql: error: connection to server at "127.0.0.1", port
> 23938 failed: Connection refused
> # Is the server running on that host and accepting TCP/IP connections?'
> # doesn't match '(?^:private key file \".*client_wrongperms\.key\" has
> group or world access)'
>
> # Failed test 'certificate authorization fails with client cert belonging
> to another user: matches'
> # at t/001_ssltests.pl line 766.
> # 'psql: error: connection to server at "127.0.0.1", port
> 23938 failed: Connection refused
> # Is the server running on that host and accepting TCP/IP connections?'
> # doesn't match '(?^:certificate authentication failed for user
> "anotheruser")'
>
> # Failed test 'certificate authorization fails with revoked client cert:
> matches'
> # at t/001_ssltests.pl line 778.
> # 'psql: error: connection to server at "127.0.0.1", port
> 23938 failed: Connection refused
> # Is the server running on that host and accepting TCP/IP connections?'
> # doesn't match '(?^:SSL error: ssl[a-z0-9/]* alert certificate revoked)'
>
> # Failed test 'auth_option clientcert=verify-full succeeds with matching
> username and Common Name'
> # at t/001_ssltests.pl line 797.
> # got: '2'
> # expected: '0'
>
> # Failed test 'auth_option clientcert=verify-full succeeds with matching
> username and Common Name: no stderr'
> # at t/001_ssltests.pl line 797.
> # got: 'psql: error: connection to server at "127.0.0.1", port 23938
> failed: Connection refused
> # Is the server running on that host and accepting TCP/IP connections?'
> # expected: ''
>
> # Failed test 'auth_option clientcert=verify-full succeeds with matching
> username and Common Name: log matches'
> # at
> /build/reproducible-path/postgresql-17-17.3/build/../src/test/perl/PostgreSQL/Test/Cluster.pm
> line 2445.
> # ''
> # doesn't match '(?^:connection authenticated: user="ssltestuser"
> method=trust)'
>
> # Failed test 'auth_option clientcert=verify-full fails with mismatching
> username and Common Name: matches'
> # at t/001_ssltests.pl line 804.
> # 'psql: error: connection to server at "127.0.0.1", port
> 23938 failed: Connection refused
> # Is the server running on that host and accepting TCP/IP connections?'
> # doesn't match '(?^:FATAL: .* "trust" authentication failed for user
> "anotheruser")'
>
> # Failed test 'auth_option clientcert=verify-ca succeeds with mismatching
> username and Common Name'
> # at t/001_ssltests.pl line 815.
> # got: '2'
> # expected: '0'
>
> # Failed test 'auth_option clientcert=verify-ca succeeds with mismatching
> username and Common Name: no stderr'
> # at t/001_ssltests.pl line 815.
> # got: 'psql: error: connection to server at "127.0.0.1", port 23938
> failed: Connection refused
> # Is the server running on that host and accepting TCP/IP connections?'
> # expected: ''
>
> # Failed test 'auth_option clientcert=verify-ca succeeds with mismatching
> username and Common Name: log matches'
> # at
> /build/reproducible-path/postgresql-17-17.3/build/../src/test/perl/PostgreSQL/Test/Cluster.pm
> line 2445.
> # ''
> # doesn't match '(?^:connection authenticated: user="yetanotheruser"
> method=trust)'
> # Looks like you failed 13 tests of 205.
> t/001_ssltests.pl ..
> # setting up data directory
> # initializing database system by copying initdb template
> ok 1 - ssl_library parameter
> # testing password-protected keys
> ok 2 - restart fails with password-protected key file with wrong password
> ok 3 - restart succeeds with password-protected key file
> ok 4 - restart fails with incorrect SSL protocol bounds
> ok 5 - restart succeeds with correct SSL protocol bounds
> # running client tests
> ok 6 - server doesn't accept non-SSL connections
> ok 7 - server doesn't accept non-SSL connections: matches
> ok 8 - connect without server root cert sslmode=require
> ok 9 - connect without server root cert sslmode=require: no stderr
> ok 10 - connect without server root cert sslmode=verify-ca
> ok 11 - connect without server root cert sslmode=verify-ca: matches
> ok 12 - connect without server root cert sslmode=verify-full
> ok 13 - connect without server root cert sslmode=verify-full: matches
> ok 14 - connect with wrong server root cert sslmode=require
> ok 15 - connect with wrong server root cert sslmode=require: matches
> ok 16 - connect with wrong server root cert sslmode=verify-ca
> ok 17 - connect with wrong server root cert sslmode=verify-ca: matches
> ok 18 - connect with wrong server root cert sslmode=verify-full
> ok 19 - connect with wrong server root cert sslmode=verify-full: matches
> ok 20 - connect with server CA cert, without root CA
> ok 21 - connect with server CA cert, without root CA: matches
> ok 22 - connect with correct server CA cert file sslmode=require
> ok 23 - connect with correct server CA cert file sslmode=require: no stderr
> ok 24 - connect with correct server CA cert file sslmode=verify-ca
> ok 25 - connect with correct server CA cert file sslmode=verify-ca: no stderr
> ok 26 - connect with correct server CA cert file sslmode=verify-full
> ok 27 - connect with correct server CA cert file sslmode=verify-full: no
> stderr
> ok 28 - cert root file that contains two certificates, order 1
> ok 29 - cert root file that contains two certificates, order 1: no stderr
> ok 30 - cert root file that contains two certificates, order 2
> ok 31 - cert root file that contains two certificates, order 2: no stderr
> ok 32 - connect with sslcertmode=disable
> ok 33 - connect with sslcertmode=disable: no stderr
> ok 34 - connect with sslcertmode=allow
> ok 35 - connect with sslcertmode=allow: no stderr
> ok 36 - connect with sslcertmode=require fails without a client certificate
> ok 37 - connect with sslcertmode=require fails without a client certificate:
> matches
> ok 38 - sslcrl option with invalid file name
> ok 39 - sslcrl option with invalid file name: no stderr
> ok 40 - CRL belonging to a different CA
> ok 41 - CRL belonging to a different CA: matches
> ok 42 - directory CRL belonging to a different CA
> ok 43 - directory CRL belonging to a different CA: matches
> ok 44 - CRL with a non-revoked cert
> ok 45 - CRL with a non-revoked cert: no stderr
> ok 46 - directory CRL with a non-revoked cert
> ok 47 - directory CRL with a non-revoked cert: no stderr
> ok 48 - mismatch between host name and server certificate sslmode=require
> ok 49 - mismatch between host name and server certificate sslmode=require: no
> stderr
> ok 50 - mismatch between host name and server certificate sslmode=verify-ca
> ok 51 - mismatch between host name and server certificate sslmode=verify-ca:
> no stderr
> ok 52 - mismatch between host name and server certificate sslmode=verify-full
> ok 53 - mismatch between host name and server certificate
> sslmode=verify-full: matches
> ok 54 - IP address in the Common Name
> ok 55 - IP address in the Common Name: no stderr
> ok 56 - mismatch between host name and server certificate IP address
> ok 57 - mismatch between host name and server certificate IP address: matches
> ok 58 - IP address in a dNSName
> ok 59 - IP address in a dNSName: no stderr
> ok 60 - host name matching with X.509 Subject Alternative Names 1
> ok 61 - host name matching with X.509 Subject Alternative Names 1: no stderr
> ok 62 - host name matching with X.509 Subject Alternative Names 2
> ok 63 - host name matching with X.509 Subject Alternative Names 2: no stderr
> ok 64 - host name matching with X.509 Subject Alternative Names wildcard
> ok 65 - host name matching with X.509 Subject Alternative Names wildcard: no
> stderr
> ok 66 - host name not matching with X.509 Subject Alternative Names
> ok 67 - host name not matching with X.509 Subject Alternative Names: matches
> ok 68 - host name not matching with X.509 Subject Alternative Names wildcard
> ok 69 - host name not matching with X.509 Subject Alternative Names wildcard:
> matches
> ok 70 - host name matching with a single X.509 Subject Alternative Name
> ok 71 - host name matching with a single X.509 Subject Alternative Name: no
> stderr
> ok 72 - host name not matching with a single X.509 Subject Alternative Name
> ok 73 - host name not matching with a single X.509 Subject Alternative Name:
> matches
> ok 74 - host name not matching with a single X.509 Subject Alternative Name
> wildcard
> ok 75 - host name not matching with a single X.509 Subject Alternative Name
> wildcard: matches
> ok 76 - host matching an IPv4 address (Subject Alternative Name 1)
> ok 77 - host matching an IPv4 address (Subject Alternative Name 1): no stderr
> ok 78 - host matching an IPv4 address in alternate form (Subject Alternative
> Name 1)
> ok 79 - host matching an IPv4 address in alternate form (Subject Alternative
> Name 1): no stderr
> ok 80 - host not matching an IPv4 address (Subject Alternative Name 1)
> ok 81 - host not matching an IPv4 address (Subject Alternative Name 1):
> matches
> ok 82 - host matching an IPv6 address (Subject Alternative Name 2)
> ok 83 - host matching an IPv6 address (Subject Alternative Name 2): no stderr
> ok 84 - host matching an IPv6 address in alternate form (Subject Alternative
> Name 2)
> ok 85 - host matching an IPv6 address in alternate form (Subject Alternative
> Name 2): no stderr
> ok 86 - host matching an IPv6 address in mixed form (Subject Alternative Name
> 2)
> ok 87 - host matching an IPv6 address in mixed form (Subject Alternative Name
> 2): no stderr
> ok 88 - host not matching an IPv6 address (Subject Alternative Name 2)
> ok 89 - host not matching an IPv6 address (Subject Alternative Name 2):
> matches
> ok 90 - IPv6 host with CIDR mask does not match
> ok 91 - IPv6 host with CIDR mask does not match: matches
> ok 92 - certificate with both a CN and SANs 1
> ok 93 - certificate with both a CN and SANs 1: no stderr
> ok 94 - certificate with both a CN and SANs 2
> ok 95 - certificate with both a CN and SANs 2: no stderr
> ok 96 - certificate with both a CN and SANs ignores CN
> ok 97 - certificate with both a CN and SANs ignores CN: matches
> ok 98 - certificate with both a CN and IP SANs matches CN
> ok 99 - certificate with both a CN and IP SANs matches CN: no stderr
> ok 100 - certificate with both a CN and IP SANs matches SAN 1
> ok 101 - certificate with both a CN and IP SANs matches SAN 1: no stderr
> ok 102 - certificate with both a CN and IP SANs matches SAN 2
> ok 103 - certificate with both a CN and IP SANs matches SAN 2: no stderr
> ok 104 - certificate with both an IP CN and IP SANs 1
> ok 105 - certificate with both an IP CN and IP SANs 1: no stderr
> ok 106 - certificate with both an IP CN and IP SANs 2
> ok 107 - certificate with both an IP CN and IP SANs 2: no stderr
> ok 108 - certificate with both an IP CN and IP SANs ignores CN
> ok 109 - certificate with both an IP CN and IP SANs ignores CN: matches
> ok 110 - certificate with both an IP CN and DNS SANs matches CN
> ok 111 - certificate with both an IP CN and DNS SANs matches CN: no stderr
> ok 112 - certificate with both an IP CN and DNS SANs matches SAN 1
> ok 113 - certificate with both an IP CN and DNS SANs matches SAN 1: no stderr
> ok 114 - certificate with both an IP CN and DNS SANs matches SAN 2
> ok 115 - certificate with both an IP CN and DNS SANs matches SAN 2: no stderr
> ok 116 - server certificate without CN or SANs sslmode=verify-ca
> ok 117 - server certificate without CN or SANs sslmode=verify-ca: no stderr
> ok 118 - server certificate without CN or SANs sslmode=verify-full
> ok 119 - server certificate without CN or SANs sslmode=verify-full: matches
> ok 120 - sslrootcert=system does not connect with private CA
> ok 121 - sslrootcert=system does not connect with private CA: matches
> ok 122 - sslrootcert=system only accepts sslmode=verify-full
> ok 123 - sslrootcert=system only accepts sslmode=verify-full: matches
> ok 124 - sslrootcert=system connects with overridden SSL_CERT_FILE
> ok 125 - sslrootcert=system connects with overridden SSL_CERT_FILE: no stderr
> ok 126 - sslrootcert=system defaults to sslmode=verify-full
> ok 127 - sslrootcert=system defaults to sslmode=verify-full: matches
> ok 128 - connects without client-side CRL
> ok 129 - connects without client-side CRL: no stderr
> ok 130 - does not connect with client-side CRL file
> ok 131 - does not connect with client-side CRL file: matches
> ok 132 - does not connect with client-side CRL directory
> ok 133 - does not connect with client-side CRL directory: matches
> ok 134 - pg_stat_ssl view without client certificate: exit code 0
> ok 135 - pg_stat_ssl view without client certificate: no stderr
> ok 136 - pg_stat_ssl view without client certificate: matches
> ok 137 - connection success with correct range of TLS protocol versions
> ok 138 - connection success with correct range of TLS protocol versions: no
> stderr
> ok 139 - connection failure with incorrect range of TLS protocol versions
> ok 140 - connection failure with incorrect range of TLS protocol versions:
> matches
> ok 141 - connection failure with an incorrect SSL protocol minimum bound
> ok 142 - connection failure with an incorrect SSL protocol minimum bound:
> matches
> ok 143 - connection failure with an incorrect SSL protocol maximum bound
> ok 144 - connection failure with an incorrect SSL protocol maximum bound:
> matches
> # running server tests
> ok 145 - certificate authorization fails without client cert
> ok 146 - certificate authorization fails without client cert: matches
> ok 147 - certificate authorization succeeds with correct client cert in PEM
> format
> ok 148 - certificate authorization succeeds with correct client cert in PEM
> format: no stderr
> ok 149 - certificate authorization succeeds with correct client cert in DER
> format
> ok 150 - certificate authorization succeeds with correct client cert in DER
> format: no stderr
> ok 151 - certificate authorization succeeds with correct client cert in
> encrypted PEM format
> ok 152 - certificate authorization succeeds with correct client cert in
> encrypted PEM format: no stderr
> ok 153 - certificate authorization succeeds with correct client cert in
> encrypted DER format
> ok 154 - certificate authorization succeeds with correct client cert in
> encrypted DER format: no stderr
> ok 155 - certificate authorization succeeds with correct client cert and
> sslcertmode=require
> ok 156 - certificate authorization succeeds with correct client cert and
> sslcertmode=require: no stderr
> ok 157 - certificate authorization succeeds with correct client cert and
> sslcertmode=allow
> ok 158 - certificate authorization succeeds with correct client cert and
> sslcertmode=allow: no stderr
> ok 159 - certificate authorization fails with correct client cert and
> sslcertmode=disable
> ok 160 - certificate authorization fails with correct client cert and
> sslcertmode=disable: matches
> ok 161 - certificate authorization fails with correct client cert and wrong
> password in encrypted PEM format
> ok 162 - certificate authorization fails with correct client cert and wrong
> password in encrypted PEM format: matches
> ok 163 - certificate authorization succeeds with DN mapping
> ok 164 - certificate authorization succeeds with DN mapping: no stderr
> ok 165 - certificate authorization succeeds with DN mapping: log matches
> ok 166 - certificate authorization succeeds with DN regex mapping
> ok 167 - certificate authorization succeeds with DN regex mapping: no stderr
> ok 168 - certificate authorization succeeds with CN mapping
> ok 169 - certificate authorization succeeds with CN mapping: no stderr
> ok 170 - certificate authorization succeeds with CN mapping: log matches
> not ok 171 # TODO & SKIP Need Pty support
> not ok 172 # TODO & SKIP Need Pty support
> not ok 173 # TODO & SKIP Need Pty support
> not ok 174 # TODO & SKIP Need Pty support
> not ok 175 - pg_stat_ssl with client certificate: exit code 0
> not ok 176 - pg_stat_ssl with client certificate: no stderr
> not ok 177 - pg_stat_ssl with client certificate: matches
> ok 178 - certificate authorization fails because of file permissions
> not ok 179 - certificate authorization fails because of file permissions:
> matches
> ok 180 - certificate authorization fails with client cert belonging to
> another user
> not ok 181 - certificate authorization fails with client cert belonging to
> another user: matches
> ok 182 - certificate authorization fails with revoked client cert
> not ok 183 - certificate authorization fails with revoked client cert: matches
> ok 184 - certificate authorization fails with revoked client cert: log does
> not match
> not ok 185 - auth_option clientcert=verify-full succeeds with matching
> username and Common Name
> not ok 186 - auth_option clientcert=verify-full succeeds with matching
> username and Common Name: no stderr
> not ok 187 - auth_option clientcert=verify-full succeeds with matching
> username and Common Name: log matches
> ok 188 - auth_option clientcert=verify-full fails with mismatching username
> and Common Name
> not ok 189 - auth_option clientcert=verify-full fails with mismatching
> username and Common Name: matches
> ok 190 - auth_option clientcert=verify-full fails with mismatching username
> and Common Name: log does not match
> not ok 191 - auth_option clientcert=verify-ca succeeds with mismatching
> username and Common Name
> not ok 192 - auth_option clientcert=verify-ca succeeds with mismatching
> username and Common Name: no stderr
> not ok 193 - auth_option clientcert=verify-ca succeeds with mismatching
> username and Common Name: log matches
> ok 194 - intermediate client certificate is provided by client
> ok 195 - intermediate client certificate is provided by client: no stderr
> ok 196 - intermediate client certificate is missing
> ok 197 - intermediate client certificate is missing: matches
> ok 198 - logged client certificate Subjects are truncated if they're too long
> ok 199 - logged client certificate Subjects are truncated if they're too
> long: matches
> ok 200 - intermediate client certificate is untrusted
> ok 201 - intermediate client certificate is untrusted: matches
> ok 202 - certificate authorization fails with revoked client cert with
> server-side CRL directory
> ok 203 - certificate authorization fails with revoked client cert with
> server-side CRL directory: matches
> ok 204 - certificate authorization fails with revoked UTF-8 client cert with
> server-side CRL directory
> ok 205 - certificate authorization fails with revoked UTF-8 client cert with
> server-side CRL directory: matches
> 1..205
> Dubious, test returned 13 (wstat 3328, 0xd00)
> Failed 13/205 subtests
> t/002_scram.pl .....
> # setting up data directory
> # initializing database system by copying initdb template
> ok 1 - Basic SCRAM authentication with SSL
> ok 2 - Basic SCRAM authentication with SSL: no stderr
> ok 3 - SCRAM with SSL and channel_binding=invalid_value
> ok 4 - SCRAM with SSL and channel_binding=invalid_value: matches
> ok 5 - SCRAM with SSL and channel_binding=disable
> ok 6 - SCRAM with SSL and channel_binding=disable: no stderr
> ok 7 - SCRAM with SSL and channel_binding=require
> ok 8 - SCRAM with SSL and channel_binding=require: no stderr
> ok 9 - MD5 with SSL and channel_binding=require
> ok 10 - MD5 with SSL and channel_binding=require: matches
> ok 11 - Cert authentication and channel_binding=require
> ok 12 - Cert authentication and channel_binding=require: matches
> ok 13 - SCRAM with clientcert=verify-full
> ok 14 - SCRAM with clientcert=verify-full: no stderr
> ok 15 - SCRAM with clientcert=verify-full: log matches
> ok 16 - SCRAM with SSL, channel_binding=disable, and
> require_auth=scram-sha-256
> ok 17 - SCRAM with SSL, channel_binding=disable, and
> require_auth=scram-sha-256: no stderr
> ok 18 - channel_binding can fail even when require_auth succeeds
> ok 19 - channel_binding can fail even when require_auth succeeds: matches
> ok 20 - SCRAM with SSL, channel_binding=require, and
> require_auth=scram-sha-256
> ok 21 - SCRAM with SSL, channel_binding=require, and
> require_auth=scram-sha-256: no stderr
> ok 22 - SCRAM with SSL and channel_binding=require, server certificate uses
> 'rsassaPss'
> ok 23 - SCRAM with SSL and channel_binding=require, server certificate uses
> 'rsassaPss': no stderr
> ok 24 - SCRAM with SSL and channel_binding=require, server certificate uses
> 'rsassaPss': log matches
> 1..24
> ok
> t/003_sslinfo.pl ...
> # setting up data directory
> # initializing database system by copying initdb template
> ok 1 - certificate authorization succeeds with correct client cert in PEM
> format
> ok 2 - certificate authorization succeeds with correct client cert in PEM
> format: no stderr
> ok 3 - ssl_is_used() for TLS connection
> ok 4 - ssl_version() correctly returning TLS protocol
> ok 5 - ssl_cipher() compared with pg_stat_ssl
> ok 6 - ssl_client_cert_present() for connection with cert
> ok 7 - ssl_client_cert_present() for connection without cert
> ok 8 - ssl_client_serial() compared with pg_stat_ssl
> ok 9 - ssl_client_dn_field() for an invalid field
> ok 10 - ssl_client_dn_field() for connection without cert
> ok 11 - ssl_client_dn_field() for commonName
> ok 12 - ssl_issuer_dn() for connection with cert
> ok 13 - ssl_issuer_field() for commonName
> ok 14 - extract extension from cert
> ok 15 - ssl_client_cert_present() for sslcertmode=allow
> ok 16 - ssl_client_cert_present() for sslcertmode=allow sslcert=invalid
> ok 17 - ssl_client_cert_present() for sslcertmode=disable
> ok 18 - ssl_client_cert_present() for sslcertmode=require
> 1..18
> ok
>
> Test Summary Report
> -------------------
> t/001_ssltests.pl (Wstat: 3328 (exited 13) Tests: 205 Failed: 13)
> Failed tests: 175-177, 179, 181, 183, 185-187, 189, 191-193
> Non-zero exit status: 13
> Files=3, Tests=247, 15 wallclock secs ( 0.08 usr 0.00 sys + 2.57 cusr 2.18
> csys = 4.83 CPU)
> Result: FAIL
> make[2]: *** [Makefile:32: check] Error 1
The full build log is available from:
http://qa-logs.debian.net/2025/02/15/postgresql-17_17.3-2_unstable.log
All bugs filed during this archive rebuild are listed at:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20250215;[email protected]
or:
https://udd.debian.org/bugs/?release=na&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=ftbfs-20250215&[email protected]&allbugs=1&cseverity=1&ctags=1&caffected=1#results
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
--- End Message ---
--- Begin Message ---
Source: postgresql-17
Source-Version: 17.4-1
Done: Christoph Berg <[email protected]>
We believe that the bug you reported is fixed in the latest version of
postgresql-17, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <[email protected]> (supplier of updated postgresql-17 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Feb 2025 12:22:31 +0100
Source: postgresql-17
Architecture: source
Version: 17.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <[email protected]>
Changed-By: Christoph Berg <[email protected]>
Closes: 1096243
Changes:
postgresql-17 (17.4-1) unstable; urgency=medium
.
* New upstream version 17.4.
.
+ Improve behavior of libpq's quoting functions (Andres Freund, Tom Lane)
.
The changes made for CVE-2025-1094 had one serious oversight:
PQescapeLiteral() and PQescapeIdentifier() failed to honor their string
length parameter, instead always reading to the input string's trailing
null. This resulted in including unwanted text in the output, if the
caller intended to truncate the string via the length parameter. With
very bad luck it could cause a crash due to reading off the end of
memory.
.
In addition, modify all these quoting functions so that when invalid
encoding is detected, an invalid sequence is substituted for just the
first byte of the presumed character, not all of it. This reduces the
risk of problems if a calling application performs additional processing
on the quoted string.
.
* Build-depend on openssl. (Closes: #1096243)
* Added po-debconf Catalan translation by Carles Pina i Estany, thanks!
Checksums-Sha1:
f82eecda902e670859e021c94c0928386c1678ce 4245 postgresql-17_17.4-1.dsc
fa4c871a9bf9de36c11992d80e054f07d95fffa5 21519810
postgresql-17_17.4.orig.tar.bz2
2452cd0f9937c11238b03ed5bd26029f3f8b4d2e 27248
postgresql-17_17.4-1.debian.tar.xz
Checksums-Sha256:
0dcc2ad1fbbc28312d47c5e5454859c99074b0ed4eb34519e6419b09656e70ce 4245
postgresql-17_17.4-1.dsc
c4605b73fea11963406699f949b966e5d173a7ee0ccaef8938dec0ca8a995fe7 21519810
postgresql-17_17.4.orig.tar.bz2
b648e84ce8dea0e4403797a8f8ba6477426ba6c2840fdc84e3578bad3b010f80 27248
postgresql-17_17.4-1.debian.tar.xz
Files:
f61d203b2b2bb66ffba1753f8b0be5e8 4245 database optional
postgresql-17_17.4-1.dsc
4d5f4119cabe4adeb5ce8b5377928578 21519810 database optional
postgresql-17_17.4.orig.tar.bz2
2431977491ea6d5b1fb134d3353825f2 27248 database optional
postgresql-17_17.4-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAme3NoIACgkQTFprqxLS
p67fwQ/+LpRfxFBdnfep3Gl2LTZ2O4WxtVRR49hOPB5LL0z4jzTBLq7h5XE8p9UQ
cmyBOn2YtodFqVqtiU/gTCbZY+FxWwQg3hr7+D3SLd0r1o4JMN0VUIWZDVp9YDfx
vuWrirNpCRtdTfAmIE402JxmcCi6zhigm3IOhnJqr0CKsj3qejVWCaNmQ5cj73bG
iMrpgfdYOC9Q5PMUBuPBpra0DYUfKLjyFOcwnJERwuCtTbNmFpdqZhU71P2JQTYe
8HP23ebDM4IaRKVYGXLFOq1NP7e9MV4yqYpA0y3+dQfMhceaWUrct+TZmgAUM+c0
sPxGrL5l7VBhAr2CxkiTXDMg5YfJBZ3tqonM6bj68Sy0jCRP/d7/8M8sc93eGgf4
vlCeEwU6JvWAkc5BfzFnMC7TVB/xer5XdsIimhOL+zXEoSg22yp7c2zhF2lk/zcV
rTEXlW4HrcckMdMcGqH9OlOmuif9fdCz47iIME7zliGi8oScTFcf841j6cUDl4Ou
xBkQ3Qb2dRpgfa13au1H6fLhcNAfWTw28NMrOeaZqMc/JSUzNTqZas3JkbJPsixK
T/oZneEz3cpBM/0LM+y0tY4dE6zhv0uo26bB9Qy+5nrSJ8ZthveD0Y3mJxpWmAfx
NorXTsJRi+pt8K6mVfUoqwkgp3ppKcJgiTc9WB9bi/mnGbLpWfA=
=XU2X
-----END PGP SIGNATURE-----
pgpCIuo4qLgYd.pgp
Description: PGP signature
--- End Message ---
