Your message dated Wed, 19 Sep 2012 20:26:14 +0100 with message-id <1348082774.26713.16.camel@jacala.jungle.funky-badger.org> and subject line Re: Bug#687236: unblock: postgresql-9.1/9.1.5-2 has caused the Debian Bug report #687236, regarding unblock: postgresql-9.1/9.1.5-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 687236: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687236 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian BTS Submit <submit@bugs.debian.org>
- Subject: unblock: postgresql-9.1/9.1.5-2
- From: Martin Pitt <mpitt@debian.org>
- Date: Tue, 11 Sep 2012 06:20:13 +0200
- Message-id: <[🔎] 20120911042013.GE2598@piware.de>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Hello release team, 10 days ago I uploaded a new PostgreSQL 9.1 which re-enables build hardening. We have had this for a long time already, but it was accidentally dropped in 9.1.3-2 when I made the package compatible with both the new dpkg method and hardening-wrapper (for backports). http://packages.qa.debian.org/p/postgresql-9.1/news/20120831T084902Z.html 9.1.5-2 reintroduces hardening again. As PostgreSQL is a fairly widespread server application, its job is to process tons of strings, user data, etc., it particularly benefits from hardening, so it would be a shame to regress this in wheezy due to this oversight. The other change in -2 is a Breaks/Replaces fix for handling backports variants, and a corresponding preinst transition which only affects Ubuntu (as Debian's archives do not have Debian revisions starting with -0). The package successfully passes the upstream as well as the postgresql-common integration tests and built fine on all architectures (except hurd-i386, but it almost never built there anyway). Thank you for considering! Martin unblock postgresql-9.1/9.1.5-2 -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)diff -Nru postgresql-9.1-9.1.5/debian/changelog postgresql-9.1-9.1.5/debian/changelog --- postgresql-9.1-9.1.5/debian/changelog 2012-08-17 12:42:45.000000000 +0000 +++ postgresql-9.1-9.1.5/debian/changelog 2012-08-31 07:55:01.000000000 +0000 @@ -1,3 +1,21 @@ +postgresql-9.1 (9.1.5-2) unstable; urgency=low + + * debian/rules: Re-enable hardening functions (regression from 9.1.3-2 when + hardening-wrapper is not installed). Use "hardening=all", but disable + "pie" (as that's not compatible with -fPIC) and add -pie to CFLAGS + explicitly. Also drop the explicit "-Wl,-z,now" linker option, as this is + now implied with "all". (LP: #1039618) + * Fix upgrades from older 9.1 releases in stable Ubuntu -updates/-security + releasese. The strict "<< 9.1.4-2~" check for moving pg_basebackup.1.gz is + not sufficient, as Ubuntu stables have newer upstream releases by now. + - debian/control: Move Breaks/Replaces: from static version to + ${binary:Version}. + - debian/postgresql-9.1.preinst: Also fix the alternatives when upgrading + from a -0something version. + - (LP: #1043449) + + -- Martin Pitt <mpitt@debian.org> Fri, 31 Aug 2012 09:54:27 +0200 + postgresql-9.1 (9.1.5-1) unstable; urgency=medium * Urgency medium due to security fixes and bug fixes which should reach diff -Nru postgresql-9.1-9.1.5/debian/control postgresql-9.1-9.1.5/debian/control --- postgresql-9.1-9.1.5/debian/control 2012-08-17 12:42:45.000000000 +0000 +++ postgresql-9.1-9.1.5/debian/control 2012-08-31 07:55:01.000000000 +0000 @@ -170,8 +170,8 @@ Conflicts: postgresql (<< 7.5) Suggests: postgresql-9.1, postgresql-doc-9.1 Provides: postgresql-client -Breaks: postgresql-9.1 (<< 9.1.4-2~) -Replaces: postgresql-9.1 (<< 9.1.4-2~) +Breaks: postgresql-9.1 (<< ${binary:Version}) +Replaces: postgresql-9.1 (<< ${binary:Version}) Description: front-end programs for PostgreSQL 9.1 This package contains client and administrative programs for PostgreSQL: these are the interactive terminal client psql and diff -Nru postgresql-9.1-9.1.5/debian/postgresql-9.1.preinst postgresql-9.1-9.1.5/debian/postgresql-9.1.preinst --- postgresql-9.1-9.1.5/debian/postgresql-9.1.preinst 2012-08-17 12:42:45.000000000 +0000 +++ postgresql-9.1-9.1.5/debian/postgresql-9.1.preinst 2012-08-31 07:55:01.000000000 +0000 @@ -2,10 +2,13 @@ set -e # 9.1.4-2 moved pg_basebackup manpage from server to client; we need to rebuild -# the alternatives for postmaster to drop pg_basebackup.1.gz from the group -if [ "$1" = "upgrade" ] || [ "$1" = "install" ] && \ - dpkg --compare-versions "$2" lt-nl "9.1.4-2~"; then - update-alternatives --remove postmaster.1.gz /usr/share/postgresql/9.1/man/man1/postmaster.1.gz +# the alternatives for postmaster to drop pg_basebackup.1.gz from the group; we +# also need to do this when upgrading from stable-updates/security, i. e. from +# a -0something version +if [ "$1" = "upgrade" ] || [ "$1" = "install" ]; then + if dpkg --compare-versions "$2" lt-nl "9.1.4-2~" || echo "$2" | grep -q -- '-0'; then + update-alternatives --remove postmaster.1.gz /usr/share/postgresql/9.1/man/man1/postmaster.1.gz + fi fi #DEBHELPER# diff -Nru postgresql-9.1-9.1.5/debian/rules postgresql-9.1-9.1.5/debian/rules --- postgresql-9.1-9.1.5/debian/rules 2012-08-17 12:42:45.000000000 +0000 +++ postgresql-9.1-9.1.5/debian/rules 2012-08-31 07:55:01.000000000 +0000 @@ -4,10 +4,11 @@ # support both hardening-wrapper (for backports) and dpkg-buildflags export DEB_BUILD_HARDENING = 1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie DPKG_EXPORT_BUILDFLAGS = 1 -include /usr/share/dpkg/buildflags.mk -LDFLAGS+= -Wl,--as-needed -Wl,-z,now -CFLAGS+= -fPIC +LDFLAGS+= -Wl,--as-needed +CFLAGS+= -fPIC -pie # When protecting the postmaster with oom_adj=-17, allow the OOM killer to slay # the backends (http://archives.postgresql.org/pgsql-hackers/2010-01/msg00170.php)Attachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Martin Pitt <mpitt@debian.org>, 687236-done@bugs.debian.org
- Subject: Re: Bug#687236: unblock: postgresql-9.1/9.1.5-2
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Wed, 19 Sep 2012 20:26:14 +0100
- Message-id: <1348082774.26713.16.camel@jacala.jungle.funky-badger.org>
- In-reply-to: <[🔎] 20120917051633.GD20249@piware.de>
- References: <[🔎] 20120911042013.GE2598@piware.de> <[🔎] 1347805049.28617.110.camel@jacala.jungle.funky-badger.org> <[🔎] 20120917051633.GD20249@piware.de>
On Mon, 2012-09-17 at 07:16 +0200, Martin Pitt wrote: > Adam D. Barratt [2012-09-16 15:17 +0100]: > > On Tue, 2012-09-11 at 06:20 +0200, Martin Pitt wrote: > > > The other change in -2 is a Breaks/Replaces fix for handling backports > > > variants, > > > > + * Fix upgrades from older 9.1 releases in stable Ubuntu -updates/-security > > + releasese. The strict "<< 9.1.4-2~" check for moving pg_basebackup.1.gz is s/releasese/releases/, fwiw. > > + not sufficient, as Ubuntu stables have newer upstream releases by now. > > + - debian/control: Move Breaks/Replaces: from static version to > > + ${binary:Version}. > > > > Newer upstream releases without the manpage move? Apologies if I'm > > missing something here. > > We released e. g. 9.1.1-1 into Ubuntu 11.10, which had the manpage at > the wrong place. For security updates, both Debian and Ubuntu just > take the new upstream version, not the complete backport (including > packaging changes) from the development release. In this specific case it looks like that won't affect Debian as we don't have a stable release containing 9.1 yet. However, the changes look sane enough, supporting upgrades from Ubuntu releases wouldn't hurt :) and there's already similar lock-step upgrade requirements for other binary packages so meh. Unblocked; thanks. Regards, Adam
--- End Message ---