diff options
author | Marius Bakke <mbakke@fastmail.com> | 2019-05-11 18:34:27 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2019-05-24 21:54:30 +0200 |
commit | a52c807a393ae0a9b59918a4f451c9e59ff7ec0e (patch) | |
tree | 4355d2f75367b9976836dc673c2272c2c1eacf97 | |
parent | 66fbffde1f8ad44318c75948575eab88a46e1328 (diff) | |
download | guix-a52c807a393ae0a9b59918a4f451c9e59ff7ec0e.tar.gz |
gnu: postgresql: Replace with 10.8 [security fixes].
This fixes CVE-2019-10129 and CVE-2019-10130. * gnu/packages/databases.scm (postgresql)[replacement]: New field. (postgresql-10.8): New variable.
-rw-r--r-- | gnu/packages/databases.scm | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 8eba40800e..c7acc4281a 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -800,6 +800,7 @@ as a drop-in replacement of MySQL.") (package (name "postgresql") (version "10.7") + (replacement postgresql-10.8) (source (origin (method url-fetch) (uri (string-append "https://ftp.postgresql.org/pub/source/v" @@ -842,6 +843,22 @@ TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video.") (license (license:x11-style "file://COPYRIGHT")))) +;; This release fixes CVE-2019-10129 and CVE-2019-10130. See +;; <https://www.postgresql.org/about/news/1939/> for details. +;; TODO: Remove this in the next rebuild cycle. +(define-public postgresql-10.8 + (package + (inherit postgresql) + (version "10.8") + (source (origin + (method url-fetch) + (uri (string-append "https://ftp.postgresql.org/pub/source/v" + version "/postgresql-" version ".tar.bz2")) + (sha256 + (base32 + "0pfdmy4w95b49w9rkn8dwvzmi2brpqfvbxd04y0k0s0xvymc565i")) + (patches (search-patches "postgresql-disable-resolve_symlinks.patch")))))) + (define-public postgresql-9.6 (package (inherit postgresql) |