On Fri, Dec 11, 2015 at 10:55:40AM -0500, Tom Lane wrote:
> So I did a routine software update on my RHEL6 workstation, and noticed
> a security update for libxml2 go by. And guess what: now an XML-enabled
> build of Postgres fails regression tests for me, just as previously
> discussed in
> A little bit of digging shows that the behavior we're unhappy about was
> introduced as part of the official patch for CVE-2015-7499. This means
> that, whether or not we can persuade Veillard that it was a bad idea and
> he should undo it, the bogus behavior is likely to spread into mainstream
> distributions a lot faster than any followup fix will :-(. Bugfix updates
> just don't get accepted as quickly as security updates.
That settles PostgreSQL's need to accept this variation.
> I'm starting to think that maybe we'd better knuckle under and provide
> a variant expected file that matches this behavior. We're likely to be
> seeing it in the wild for some time to come.
I would look at handling this by suppressing the exact error message from the
output. Route affected tests through a wrapper function:
SELECT expect_errdetail($$INSERT INTO xmltest VALUES (3, '<wrong')$$,
E'^line 1: Couldn't find end of Start Tag wrong line 1\n');
A variant expected output would be okay, though.
Sent via pgsql-hackers mailing list (firstname.lastname@example.org)
To make changes to your subscription: