On Fri, Dec 11, 2015 at 10:55:40AM -0500, Tom Lane wrote:
> So I did a routine software update on my RHEL6 workstation, and noticed
> a security update for libxml2 go by.  And guess what: now an XML-enabled
> build of Postgres fails regression tests for me, just as previously
> discussed in
> http://www.postgresql.org/message-id/flat/cafj8pra4xjqfgnqcqmcygx-umgmr3stt3xfeuw7kbsoiovg...@mail.gmail.com
> A little bit of digging shows that the behavior we're unhappy about was
> introduced as part of the official patch for CVE-2015-7499.  This means
> that, whether or not we can persuade Veillard that it was a bad idea and
> he should undo it, the bogus behavior is likely to spread into mainstream
> distributions a lot faster than any followup fix will :-(.  Bugfix updates
> just don't get accepted as quickly as security updates.

That settles PostgreSQL's need to accept this variation.

> I'm starting to think that maybe we'd better knuckle under and provide
> a variant expected file that matches this behavior.  We're likely to be
> seeing it in the wild for some time to come.

I would look at handling this by suppressing the exact error message from the
output.  Route affected tests through a wrapper function:

SELECT expect_errdetail($$INSERT INTO xmltest VALUES (3, '<wrong')$$,
    E'^line 1: Couldn't find end of Start Tag wrong line 1\n');

A variant expected output would be okay, though.

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to