summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2018-09-11 20:49:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2018-09-11 20:49:10 +0000
commit74d44e1a91b14d881dc79d81e178373ec14b56b7 (patch)
tree3c93350a1703ed0b307d808e3499855d566a8cba
parentMerging upstream version 10.5. (diff)
downloadpostgresql-10-74d44e1a91b14d881dc79d81e178373ec14b56b7.zip
postgresql-10-74d44e1a91b14d881dc79d81e178373ec14b56b7.tar.xz
Merging debian version 10.5-1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog39
-rw-r--r--debian/control2
-rw-r--r--debian/libecpg-dev.install2
-rw-r--r--debian/libpgtypes3.symbols1
-rw-r--r--debian/patches/filter-debug-prefix-map38
-rwxr-xr-xdebian/rules49
6 files changed, 92 insertions, 39 deletions
diff --git a/debian/changelog b/debian/changelog
index 733ceac..a4629da 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,42 @@
+postgresql-10 (10.5-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Fix failure to reset libpq's state fully between connection attempts
+
+ An unprivileged user of dblink or postgres_fdw could bypass the checks
+ intended to prevent use of server-side credentials, such as a ~/.pgpass
+ file owned by the operating-system user running the server. Servers
+ allowing peer authentication on local connections are particularly
+ vulnerable. Other attacks such as SQL injection into a postgres_fdw
+ session are also possible. Attacking postgres_fdw in this way requires
+ the ability to create a foreign server object with selected connection
+ parameters, but any user with access to dblink could exploit the
+ problem. In general, an attacker with the ability to select the
+ connection parameters for a libpq-using application could cause
+ mischief, though other plausible attack scenarios are harder to think
+ of. Our thanks to Andrew Krasichkov for reporting this issue.
+ (CVE-2018-10915)
+
+ + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
+ FROM ...
+
+ Erroneous expansion of an updatable view could lead to crashes or
+ attribute ... has the wrong type errors, if the view's SELECT list
+ doesn't match one-to-one with the underlying table's columns.
+ Furthermore, this bug could be leveraged to allow updates of columns
+ that an attacking user lacks UPDATE privilege for, if that user has
+ INSERT and UPDATE privileges for some other column(s) of the table. Any
+ user could also use it for disclosure of server memory. (CVE-2018-10925)
+
+ * Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
+ * Drop support for tcl8.5.
+ * Use dh_auto_configure to correctly seed the build architecture.
+ * Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
+ PGXS modules build reproducibly.
+ * Add new pgtypes header and symbol.
+
+ -- Christoph Berg <christoph.berg@credativ.de> Tue, 07 Aug 2018 10:56:16 +0200
+
postgresql-10 (10.4-2~dschinn1) dschinn-backports; urgency=medium
* Uploading to dschinn-backports, remaining changes:
diff --git a/debian/control b/debian/control
index de26019..c96e2e7 100644
--- a/debian/control
+++ b/debian/control
@@ -38,7 +38,7 @@ Build-Depends:
pkg-config,
python-dev,
python3-dev,
- tcl8.6-dev | tcl8.5-dev,
+ tcl8.6-dev,
uuid-dev,
xsltproc,
zlib1g-dev | libz-dev
diff --git a/debian/libecpg-dev.install b/debian/libecpg-dev.install
index b0f297d..306495f 100644
--- a/debian/libecpg-dev.install
+++ b/debian/libecpg-dev.install
@@ -1,6 +1,6 @@
usr/include/postgresql/ecpg*.h
usr/include/postgresql/informix/*
-usr/include/postgresql/pgtypes_*.h
+usr/include/postgresql/pgtypes*.h
usr/include/postgresql/sql3types.h
usr/include/postgresql/sqlca.h
usr/include/postgresql/sqlda*.h
diff --git a/debian/libpgtypes3.symbols b/debian/libpgtypes3.symbols
index 6905b08..b2542e1 100644
--- a/debian/libpgtypes3.symbols
+++ b/debian/libpgtypes3.symbols
@@ -1,4 +1,5 @@
libpgtypes.so.3 libpgtypes3 #MINVER#
+ PGTYPESchar_free@Base 10.5
PGTYPESdate_dayofweek@Base 0
PGTYPESdate_defmt_asc@Base 0
PGTYPESdate_fmt_asc@Base 0
diff --git a/debian/patches/filter-debug-prefix-map b/debian/patches/filter-debug-prefix-map
index 60d738a..871f785 100644
--- a/debian/patches/filter-debug-prefix-map
+++ b/debian/patches/filter-debug-prefix-map
@@ -1,15 +1,45 @@
+To make the PostgreSQL server packages build reproducibly, we need to remove
+the build path from -fdebug-prefix-map and -ffile-prefix-map in CFLAGS.
+
+* The actual server build still uses the original CFLAGS so the build path is
+ correctly mapped in the object files.
+* The information printed by the pg_config binary and the system view is
+ filtered in src/common/Makefile.
+* The build paths stored in Makefile.global are filtered in debian/rules.
+* The build paths in prefix maps in CFLAGS/CXXFLAGS in Makefile.global are
+ filtered in debian/rules, and replaced by $(module_srcdir).
+* To make PGXS module builds reproducible, pgxs.mk sets module_srcdir so they
+ have a proper prefix maps in their CFLAGS. (pgxs.mk does not query pg_config
+ for the flags.)
+
--- a/src/common/Makefile
+++ b/src/common/Makefile
-@@ -30,10 +30,10 @@ LIBS += $(PTHREAD_LIBS)
+@@ -27,10 +27,11 @@ include $(top_builddir)/src/Makefile.glo
# don't include subdirectory-path-dependent -I and -L switches
STD_CPPFLAGS := $(filter-out -I$(top_srcdir)/src/include -I$(top_builddir)/src/include,$(CPPFLAGS))
- STD_LDFLAGS := $(filter-out -L$(top_builddir)/src/port,$(LDFLAGS))
+ STD_LDFLAGS := $(filter-out -L$(top_builddir)/src/common -L$(top_builddir)/src/port,$(LDFLAGS))
-override CPPFLAGS += -DVAL_CONFIGURE="\"$(configure_args)\""
-+override CPPFLAGS += -DVAL_CONFIGURE="\"$(filter-out -fdebug-prefix-map%,$(configure_args))\""
++# filter build path variation from -fdebug-prefix-map and -ffile-prefix-map
++override CPPFLAGS += -DVAL_CONFIGURE="\"$(patsubst -ffile-prefix-map=%,-ffile-prefix-map=/BUILDDIR=.,$(patsubst -fdebug-prefix-map=%,-fdebug-prefix-map=/BUILDDIR=.,$(configure_args)))\""
override CPPFLAGS += -DVAL_CC="\"$(CC)\""
override CPPFLAGS += -DVAL_CPPFLAGS="\"$(STD_CPPFLAGS)\""
-override CPPFLAGS += -DVAL_CFLAGS="\"$(CFLAGS)\""
-+override CPPFLAGS += -DVAL_CFLAGS="\"$(filter-out -fdebug-prefix-map%,$(CFLAGS))\""
++override CPPFLAGS += -DVAL_CFLAGS="\"$(patsubst -ffile-prefix-map=%,-ffile-prefix-map=/BUILDDIR=.,$(patsubst -fdebug-prefix-map=%,-fdebug-prefix-map=/BUILDDIR=.,$(CFLAGS)))\""
override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\""
override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\""
override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\""
+--- a/src/makefiles/pgxs.mk
++++ b/src/makefiles/pgxs.mk
+@@ -66,6 +66,12 @@ ifdef PGXS
+ top_builddir := $(dir $(PGXS))../..
+ include $(top_builddir)/src/Makefile.global
+
++# When compiling PGXS modules, we need to provide a debug/file-prefix-map with
++# the module source directory to make the build reproducible. module_srcdir is
++# used for that purpose in CFLAGS/CXXFLAGS in the Makefile.global installed by
++# Debian.
++module_srcdir := $(patsubst %/,%,$(dir $(firstword $(MAKEFILE_LIST))))
++
+ # These might be set in Makefile.global, but if they were not found
+ # during the build of PostgreSQL, supply default values so that users
+ # of pgxs can use the variables.
diff --git a/debian/rules b/debian/rules
index c8e2dc5..7e1c5bc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,23 +2,12 @@
include /usr/share/dpkg/architecture.mk
-ifneq ($(shell which tclsh8.6),)
-TCL_VER := 8.6
-else
-TCL_VER := 8.5
-endif
MAJOR_VER := 10
+TCL_VER := 8.6
#CASSERT_FLAGS := --enable-cassert
CATVERSION = $(shell awk '/CATALOG_VERSION_NO/ { print $$3 }' src/include/catalog/catversion.h)
-# find tclconfig in multi-arch location (still in /usr/lib in wheezy and precise)
-ifneq ($(wildcard /usr/lib/$(DEB_HOST_MULTIARCH)/tcl$(TCL_VER)),)
-TCL_CONFIG_DIR := /usr/lib/$(DEB_HOST_MULTIARCH)
-else
-TCL_CONFIG_DIR := /usr/lib
-endif
-
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
#PIE# # On jessie/zesty and older, uncomment the #PIE# lines
#PIE# # "-pie" because it would break linking our .so files
@@ -49,13 +38,8 @@ endif
ifeq ($(DEB_HOST_ARCH_OS),linux)
SYSTEMD_FLAGS = --with-systemd
-# --with-selinux needs libselinux 2.1.10
-# (we don't put that in debian/control so we can use the same source also on older dists)
-SEVERSION = $(shell dpkg-query -f '$${Version}' --show libselinux1-dev)
-ifeq ($(shell dpkg --compare-versions "$(SEVERSION)" ge 2.1.10 && echo yes),yes)
SELINUX_FLAGS= --with-selinux
endif
-endif
COMMON_CONFIGURE_FLAGS= \
--mandir=/usr/share/postgresql/$(MAJOR_VER)/man \
@@ -80,6 +64,7 @@ COMMON_CONFIGURE_FLAGS= \
--with-pgport=5432 \
--with-system-tzdata=/usr/share/zoneinfo \
$(SYSTEMD_FLAGS) \
+ $(SELINUX_FLAGS) \
$(SPINLOCK_FLAGS) \
CFLAGS='$(CFLAGS)' \
LDFLAGS='$(LDFLAGS)'
@@ -94,14 +79,6 @@ BOOTSTRAP_FLAGS= --with-gssapi --with-ldap \
--with-libs=/usr/lib/$(DEB_HOST_MULTIARCH)/mit-krb5
endif
-# build should fail on test suite failures on all arches
-TESTSUITE_FAIL_CMD=exit 1
-# hurd doesn't implement semaphores shared between processes yet; succeed anyway so they at least have libpq5
-# plperl currently fails on kfreebsd-*
-ifneq ($(filter $(DEB_HOST_ARCH), hurd-i386 kfreebsd-amd64 kfreebsd-i386),)
-TESTSUITE_FAIL_CMD=exit 0
-endif
-
%:
dh $@
@@ -109,8 +86,8 @@ override_dh_auto_configure-indep: stamp/configure-build
override_dh_auto_configure-arch: stamp/configure-build stamp/configure-build-py3
stamp/configure-build:
- mkdir -p stamp build
- cd build && ../configure \
+ mkdir -p stamp
+ dh_auto_configure --builddirectory=build -- \
--with-icu \
--with-tcl \
--with-perl \
@@ -119,19 +96,18 @@ stamp/configure-build:
--with-openssl \
--with-libxml \
--with-libxslt \
- --with-tclconfig=$(TCL_CONFIG_DIR)/tcl$(TCL_VER) \
+ --with-tclconfig=/usr/lib/$(DEB_HOST_MULTIARCH)/tcl$(TCL_VER) \
--with-includes=/usr/include/tcl$(TCL_VER) \
PYTHON=/usr/bin/python \
$(COMMON_CONFIGURE_FLAGS) \
- $(BOOTSTRAP_FLAGS) \
- $(SELINUX_FLAGS)
+ $(BOOTSTRAP_FLAGS)
# remove pre-built documentation
rm -fv doc/src/sgml/*-stamp
touch "$@"
stamp/configure-build-py3:
- mkdir -p stamp build-py3
- cd build-py3 && ../configure \
+ mkdir -p stamp
+ dh_auto_configure --builddirectory=build-py3 -- \
--with-python \
PYTHON=/usr/bin/python3 \
$(COMMON_CONFIGURE_FLAGS)
@@ -203,8 +179,10 @@ override_dh_install-arch:
chmod 755 debian/libpq-dev/usr/bin/pg_config
# remove actual build path from Makefile.global for reproducibility
+ # set -f{debug,file}-prefix-map to module_srcdir (which is set in pgxs.mk)
sed -i -e "s!^abs_top_builddir.*!abs_top_builddir = /build/postgresql-$(MAJOR_VER)/build!" \
-e "s!^abs_top_srcdir.*!abs_top_srcdir = /build/postgresql-$(MAJOR_VER)/build/..!" \
+ -e 's!prefix-map=[^ ]*!prefix-map=$$(module_srcdir)=.!g' \
debian/postgresql-server-dev-$(MAJOR_VER)/usr/lib/postgresql/$(MAJOR_VER)/lib/pgxs/src/Makefile.global
# these are shipped in the pl packages
@@ -229,12 +207,17 @@ override_dh_auto_test-arch:
ifeq (, $(findstring nocheck, $(DEB_BUILD_OPTIONS)))
# when tests fail, print newest 3 log files
# temp-install wants to be invoked from a top-level make, unset MAKELEVEL here
+ # hurd doesn't implement semaphores shared between processes yet; succeed anyway so they at least have libpq5
+ # plperl currently fails on kfreebsd-*
unset MAKELEVEL; if ! make -C build check-world EXTRA_REGRESS_OPTS='--port=$(shell perl -le 'print 1024 + int(rand(64000))')'; then \
for l in `find build \( -name regression.diffs -o -name initdb.log -o -name postmaster.log \) | perl -we 'print map { "$$_\n"; } sort { (stat $$a)[9] <=> (stat $$b)[9] } map { chomp; $$_; } <>' | tail -3`; do \
echo "******** $$l ********"; \
cat $$l; \
done; \
- $(TESTSUITE_FAIL_CMD); \
+ case $(DEB_HOST_ARCH) in \
+ hurd-*|kfreebsd-*) exit 0 ;; \
+ *) exit 1 ;; \
+ esac; \
fi
endif