Your message dated Thu, 13 Feb 2025 12:23:22 +0000
with message-id <e1tiyfw-00doyu...@fasolo.debian.org>
and subject line Bug#1093414: fixed in postgresql-17 17.3-1
has caused the Debian Bug report #1093414,
regarding postgresql-17: FTBFS:
./build/./build/conftest.c:62:(.text.startup+0x9): undefined reference to
`setproctitle'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1093414: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093414
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: postgresql-17
Version: 17.2-1
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20250124 ftbfs-trixie
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> /usr/bin/ld: /tmp/ccKaXAZs.o: in function `main':
> ./build/./build/conftest.c:62:(.text.startup+0x9): undefined reference to
> `setproctitle'
> collect2: error: ld returned 1 exit status
The full build log is available from:
http://qa-logs.debian.net/2025/01/24/postgresql-17_17.2-1_unstable.log
All bugs filed during this archive rebuild are listed at:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20250124;users=lu...@debian.org
or:
https://udd.debian.org/bugs/?release=na&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=ftbfs-20250124&fusertaguser=lu...@debian.org&allbugs=1&cseverity=1&ctags=1&caffected=1#results
A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
--- End Message ---
--- Begin Message ---
Source: postgresql-17
Source-Version: 17.3-1
Done: Christoph Berg <m...@debian.org>
We believe that the bug you reported is fixed in the latest version of
postgresql-17, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1093...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Berg <m...@debian.org> (supplier of updated postgresql-17 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Feb 2025 11:27:41 +0100
Source: postgresql-17
Architecture: source
Version: 17.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgre...@tracker.debian.org>
Changed-By: Christoph Berg <m...@debian.org>
Closes: 1093414
Changes:
postgresql-17 (17.3-1) unstable; urgency=medium
.
* New upstream version 17.3.
.
+ Harden PQescapeString and allied functions against invalidly-encoded
input strings (Andres Freund, Noah Misch)
.
Data-quoting functions supplied by libpq now fully check the encoding
validity of their input. If invalid characters are detected, they
report an error if possible. For the ones that lack an error return
convention, the output string is adjusted to ensure that the server will
report invalid encoding and no intervening processing will be fooled by
bytes that might happen to match single quote, backslash, etc.
.
The purpose of this change is to guard against SQL-injection attacks
that are possible if one of these functions is used to quote crafted
input. There is no hazard when the resulting string is sent directly to
a PostgreSQL server (which would check its encoding anyway), but there
is a risk when it is passed through psql or other client-side code.
Historically such code has not carefully vetted encoding, and in many
cases it's not clear what it should do if it did detect such a problem.
.
This fix is effective only if the data-quoting function, the server, and
any intermediate processing agree on the character encoding that's being
used. Applications that insert untrusted input into SQL commands should
take special care to ensure that that's true.
.
Applications and drivers that quote untrusted input without using these
libpq functions may be at risk of similar problems. They should first
confirm the data is valid in the encoding expected by the server.
.
The PostgreSQL Project thanks Stephen Fewer for reporting this problem.
(CVE-2025-1094)
.
+ Adjust tests to tzdata 2025a changes. (Closes: #1093414)
.
* B-D on postgresql-common-dev.
* Test-depend only our server packages, i.e. allow libpq5 to be newer.
Checksums-Sha1:
8f9ca0ced73921a470496984e245e35323dd09c5 4236 postgresql-17_17.3-1.dsc
d25d6ec5e6a8332b59bdf84350c3ce278ffe5afb 21520115
postgresql-17_17.3.orig.tar.bz2
51ae4f3a7535a8a0af4103396fc5e99a104e5b96 26568
postgresql-17_17.3-1.debian.tar.xz
Checksums-Sha256:
8d925d750066227a79ea70a850315e5e68c6e5789ae367e243ef977be66dcd12 4236
postgresql-17_17.3-1.dsc
13c18b35bf67a97bd639925fc581db7fd2aae4d3548eac39fcdb8da74ace2bea 21520115
postgresql-17_17.3.orig.tar.bz2
a77be8b3ec2982abfde59f7cdd47681ca02dca0e89e488074d29cd4f5160d2cc 26568
postgresql-17_17.3-1.debian.tar.xz
Files:
22fe5dba6b4e4731eb3cfabb59490c6d 4236 database optional
postgresql-17_17.3-1.dsc
d229389aae99b76dca2573ae898deb2d 21520115 database optional
postgresql-17_17.3.orig.tar.bz2
0f3bb97f428a0c8b9625c0367f4c73ae 26568 database optional
postgresql-17_17.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmet374ACgkQTFprqxLS
p67q+xAAmmUXhxcidm8ejUvepiwDHbY+dEYF8PdzBhoSYSYI8jiLNZ5OqQEEjfSP
YVZzXyWj4DXlzDDaoSPX2vLZJasLWaej1wEMUfisk6p4ELumh3Mdyl4WxA33PwZ6
QureNPqLnaDTqV9p0/TXSV1d9Ihu1rocEWFa+4uSIPP5OgngtFrNIx4jt+jXO90o
DvqOh8ynt9CI5CpWotmVe2eaiw7HdqffLWvItch+mYsDLIdReeXSL1NhypFF4Hph
3Eo+EiZ7OyXxSohNIooywWYlj6cggPUIeTtvEIVBUaNG1qfKTxzKqAD0xjOdml3L
6y3eGQ2hMzAprHfK5kREWiassSHenO/TUH0DHIHAN7jc5N9cD0BkyAD0KsUMoToU
9x5h5RbXZ6z28CldcZv6tYVwMMQnf5OAnFlIT7VA5gA+DGgRaacEcbh6pl5zyMpW
zeHteqcVWSgit9ayX5NIZHDd0aM7iWwxEMEFJANq+z+z3oHkaKofkOrSSKE6e0Iq
vylSPnAKLUGElXsfAR7BTJlGca6Pi64Wj/l/FDGn4OR+2bvmt9jFM6D0LW4ZhrmH
qdx3CJ/7/ZThkNYnYy5mwpRyi84aVADBnD9ADEEoe/b+GZDhZDLqpvFQ2le2lUQx
uhg3XTQ+f7R3CF7B5iRiNitkwpJIG0LkdA0+fwOR797xLfGCvH0=
=kqZr
-----END PGP SIGNATURE-----
pgpnEsisoxrJ_.pgp
Description: PGP signature
--- End Message ---
