[Update] PostgreSQL 10.6

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Update] PostgreSQL 10.6

Pierre-Emmanuel André
Hi,

Here is a diff to update PostgreSQL to it's latest version (10.6).
Release note : https://www.postgresql.org/about/news/1905/
(It fixes CVE-2018-16850)

Tested on @amd64.
Comments, ok ?

Regards,

postgresql-10.6.diff (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Update] PostgreSQL 10.6

Stuart Henderson
On 2018/11/08 18:35, Pierre-Emmanuel André wrote:

> Hi,
>
> Here is a diff to update PostgreSQL to it's latest version (10.6).
> Release note : https://www.postgresql.org/about/news/1905/
> (It fixes CVE-2018-16850)
>
> Tested on @amd64.
> Comments, ok ?
>
> Regards,

Fails on i386:

checking whether the C compiler still works... yes
configure: error: Compiling PostgreSQL with clang, on 32bit x86, requires SSE2 support. Use -msse2 or use gcc.


Reply | Threaded
Open this post in threaded view
|

Re: [Update] PostgreSQL 10.6

Stuart Henderson
On 2018/12/02 11:40, Stuart Henderson wrote:

> On 2018/11/08 18:35, Pierre-Emmanuel André wrote:
> > Hi,
> >
> > Here is a diff to update PostgreSQL to it's latest version (10.6).
> > Release note : https://www.postgresql.org/about/news/1905/
> > (It fixes CVE-2018-16850)
> >
> > Tested on @amd64.
> > Comments, ok ?
> >
> > Regards,
>
> Fails on i386:
>
> checking whether the C compiler still works... yes
> configure: error: Compiling PostgreSQL with clang, on 32bit x86, requires SSE2 support. Use -msse2 or use gcc.
>
>

Haven't looked at i386 yet, but here's another fix:

"Backport fix for using foreign tables with SCRAM authentication" in
patch-src_Makefile_shlib was mis-merged, it has been committed upstream
so the patch adds a second copy of the BUILD.exports/exports_file/etc
lines.

Diff below fixes that, removes the "zap -soname" patch, and fixes upstream's
-soname line to use the full library version number.

$ for i in lib*.so.?.?; do echo $i `objdump -p $i|grep SONAME`; done
libecpg.so.7.9 SONAME libecpg.so.7.9
libecpg_compat.so.4.9 SONAME libecpg_compat.so.4.9
libpgtypes.so.4.8 SONAME libpgtypes.so.4.8

OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/databases/postgresql/Makefile,v
retrieving revision 1.245
diff -u -p -r1.245 Makefile
--- Makefile 2 Dec 2018 12:27:12 -0000 1.245
+++ Makefile 3 Dec 2018 13:04:24 -0000
@@ -17,9 +17,7 @@ PKGNAME-contrib=postgresql-contrib-${VER
 PKGNAME-plpython=postgresql-plpython-${VERSION}
 PKGNAME-pg_upgrade=postgresql-pg_upgrade-${VERSION}
 
-REVISION-server= 0
-REVISION-contrib= 0
-REVISION-pg_upgrade= 0
+REVISION= 1
 
 CATEGORIES= databases
 SHARED_LIBS= ecpg 7.9 \
Index: patches/patch-src_Makefile_shlib
===================================================================
RCS file: /cvs/ports/databases/postgresql/patches/patch-src_Makefile_shlib,v
retrieving revision 1.11
diff -u -p -r1.11 patch-src_Makefile_shlib
--- patches/patch-src_Makefile_shlib 4 Oct 2018 14:48:15 -0000 1.11
+++ patches/patch-src_Makefile_shlib 3 Dec 2018 13:04:24 -0000
@@ -1,22 +1,14 @@
-$OpenBSD: patch-src_Makefile_shlib,v 1.11 2018/10/04 14:48:15 jeremy Exp $
-
-Backport fix for using foreign tables with SCRAM authentication from
-upstream commit d6ff5322c23272b15af606d7da12f49eca4d4470.
+$OpenBSD$
 
 Index: src/Makefile.shlib
 --- src/Makefile.shlib.orig
 +++ src/Makefile.shlib
-@@ -146,7 +146,12 @@ ifeq ($(PORTNAME), openbsd)
-   ifdef ELF_SYSTEM
-     LINK.shared = $(COMPILER) -shared
-     ifdef soname
--      LINK.shared += -Wl,-x,-soname,$(soname)
-+      LINK.shared += -Wl,-x
-+    endif
-+    BUILD.exports = ( echo '{ global:'; $(AWK) '/^[^\#]/ {printf "%s;\n",$$1}' $<; echo ' local: *; };' ) >$@
-+    exports_file = $(SHLIB_EXPORTS:%.txt=%.list)
-+    ifneq (,$(exports_file))
-+      LINK.shared += -Wl,--version-script=$(exports_file)
-     endif
-     SHLIB_LINK += -lc
-   else
+@@ -80,7 +80,7 @@ shlib_major = lib$(NAME)$(DLSUFFIX).$(SO_MAJOR_VERSION
+ shlib_bare = lib$(NAME)$(DLSUFFIX)
+ # Testing the soname variable is a reliable way to determine whether a
+ # linkable library is being built.
+-soname = $(shlib_major)
++soname = $(shlib_major).$(SO_MINOR_VERSION)
+ pkgconfigdir = $(libdir)/pkgconfig
+ else
+ # Naming convention for dynamically loadable modules

Reply | Threaded
Open this post in threaded view
|

Re: [Update] PostgreSQL 10.6

Pierre-Emmanuel André
On Mon, Dec 03, 2018 at 01:08:25PM +0000, Stuart Henderson wrote:

> On 2018/12/02 11:40, Stuart Henderson wrote:
> > On 2018/11/08 18:35, Pierre-Emmanuel André wrote:
> > > Hi,
> > >
> > > Here is a diff to update PostgreSQL to it's latest version (10.6).
> > > Release note : https://www.postgresql.org/about/news/1905/
> > > (It fixes CVE-2018-16850)
> > >
> > > Tested on @amd64.
> > > Comments, ok ?
> > >
> > > Regards,
> >
> > Fails on i386:
> >
> > checking whether the C compiler still works... yes
> > configure: error: Compiling PostgreSQL with clang, on 32bit x86, requires SSE2 support. Use -msse2 or use gcc.
> >
> >
>
> Haven't looked at i386 yet, but here's another fix:
>
> "Backport fix for using foreign tables with SCRAM authentication" in
> patch-src_Makefile_shlib was mis-merged, it has been committed upstream
> so the patch adds a second copy of the BUILD.exports/exports_file/etc
> lines.
>
> Diff below fixes that, removes the "zap -soname" patch, and fixes upstream's
> -soname line to use the full library version number.
>
> $ for i in lib*.so.?.?; do echo $i `objdump -p $i|grep SONAME`; done
> libecpg.so.7.9 SONAME libecpg.so.7.9
> libecpg_compat.so.4.9 SONAME libecpg_compat.so.4.9
> libpgtypes.so.4.8 SONAME libpgtypes.so.4.8
>
> OK?

Yes, ok pea@
Thanks

>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/databases/postgresql/Makefile,v
> retrieving revision 1.245
> diff -u -p -r1.245 Makefile
> --- Makefile 2 Dec 2018 12:27:12 -0000 1.245
> +++ Makefile 3 Dec 2018 13:04:24 -0000
> @@ -17,9 +17,7 @@ PKGNAME-contrib=postgresql-contrib-${VER
>  PKGNAME-plpython=postgresql-plpython-${VERSION}
>  PKGNAME-pg_upgrade=postgresql-pg_upgrade-${VERSION}
>  
> -REVISION-server= 0
> -REVISION-contrib= 0
> -REVISION-pg_upgrade= 0
> +REVISION= 1
>  
>  CATEGORIES= databases
>  SHARED_LIBS= ecpg 7.9 \
> Index: patches/patch-src_Makefile_shlib
> ===================================================================
> RCS file: /cvs/ports/databases/postgresql/patches/patch-src_Makefile_shlib,v
> retrieving revision 1.11
> diff -u -p -r1.11 patch-src_Makefile_shlib
> --- patches/patch-src_Makefile_shlib 4 Oct 2018 14:48:15 -0000 1.11
> +++ patches/patch-src_Makefile_shlib 3 Dec 2018 13:04:24 -0000
> @@ -1,22 +1,14 @@
> -$OpenBSD: patch-src_Makefile_shlib,v 1.11 2018/10/04 14:48:15 jeremy Exp $
> -
> -Backport fix for using foreign tables with SCRAM authentication from
> -upstream commit d6ff5322c23272b15af606d7da12f49eca4d4470.
> +$OpenBSD$
>  
>  Index: src/Makefile.shlib
>  --- src/Makefile.shlib.orig
>  +++ src/Makefile.shlib
> -@@ -146,7 +146,12 @@ ifeq ($(PORTNAME), openbsd)
> -   ifdef ELF_SYSTEM
> -     LINK.shared = $(COMPILER) -shared
> -     ifdef soname
> --      LINK.shared += -Wl,-x,-soname,$(soname)
> -+      LINK.shared += -Wl,-x
> -+    endif
> -+    BUILD.exports = ( echo '{ global:'; $(AWK) '/^[^\#]/ {printf "%s;\n",$$1}' $<; echo ' local: *; };' ) >$@
> -+    exports_file = $(SHLIB_EXPORTS:%.txt=%.list)
> -+    ifneq (,$(exports_file))
> -+      LINK.shared += -Wl,--version-script=$(exports_file)
> -     endif
> -     SHLIB_LINK += -lc
> -   else
> +@@ -80,7 +80,7 @@ shlib_major = lib$(NAME)$(DLSUFFIX).$(SO_MAJOR_VERSION
> + shlib_bare = lib$(NAME)$(DLSUFFIX)
> + # Testing the soname variable is a reliable way to determine whether a
> + # linkable library is being built.
> +-soname = $(shlib_major)
> ++soname = $(shlib_major).$(SO_MINOR_VERSION)
> + pkgconfigdir = $(libdir)/pkgconfig
> + else
> + # Naming convention for dynamically loadable modules
>

Reply | Threaded
Open this post in threaded view
|

Re: [Update] PostgreSQL 10.6

Stuart Henderson
In reply to this post by Stuart Henderson
On 2018/12/02 11:40, Stuart Henderson wrote:

> On 2018/11/08 18:35, Pierre-Emmanuel André wrote:
> > Hi,
> >
> > Here is a diff to update PostgreSQL to it's latest version (10.6).
> > Release note : https://www.postgresql.org/about/news/1905/
> > (It fixes CVE-2018-16850)
> >
> > Tested on @amd64.
> > Comments, ok ?
> >
> > Regards,
>
> Fails on i386:
>
> checking whether the C compiler still works... yes
> configure: error: Compiling PostgreSQL with clang, on 32bit x86, requires SSE2 support. Use -msse2 or use gcc.
>
>

A special check was added for this, description as follows:

# Defend against clang being used on x86-32 without SSE2 enabled.  As current
# versions of clang do not understand -fexcess-precision=standard, the use of
# x87 floating point operations leads to problems like isinf possibly returning
# false for a value that is infinite when converted from the 80bit register to
# the 8byte memory representation.

I'm unsure which approach I like least, gcc or -msse2...

Index: Makefile
===================================================================
RCS file: /cvs/ports/databases/postgresql/Makefile,v
retrieving revision 1.246
diff -u -p -r1.246 Makefile
--- Makefile 3 Dec 2018 16:22:08 -0000 1.246
+++ Makefile 3 Dec 2018 21:46:42 -0000
@@ -79,6 +79,18 @@ CONFIGURE_ARGS= --disable-rpath --with-o
 CONFIGURE_ARGS+=--disable-spinlocks
 .endif
 
+# To avoid problems with missed floating point overflow checks.
+# pgsql 10.6+ refuses to build on i386 clang unless -msse2 is set.
+# If clang gains "-fexcess-precision=standard" support then this
+# should be removed.
+MODULES+= gcc4
+MODGCC4_ARCHS= i386
+MODGCC4_LANGS= c
+# An alternative workaround:
+# .if ${MACHINE_ARCH} == "i386"
+# CFLAGS += -msse2
+# .endif
+
 MODGNU_CONFIG_GUESS_DIRS= ${WRKSRC}/config
 
 ALL_TARGET= world

Reply | Threaded
Open this post in threaded view
|

Re: [Update] PostgreSQL 10.6

Pierre-Emmanuel André
On Mon, Dec 03, 2018 at 09:47:46PM +0000, Stuart Henderson wrote:

> On 2018/12/02 11:40, Stuart Henderson wrote:
> > On 2018/11/08 18:35, Pierre-Emmanuel André wrote:
> > > Hi,
> > >
> > > Here is a diff to update PostgreSQL to it's latest version (10.6).
> > > Release note : https://www.postgresql.org/about/news/1905/
> > > (It fixes CVE-2018-16850)
> > >
> > > Tested on @amd64.
> > > Comments, ok ?
> > >
> > > Regards,
> >
> > Fails on i386:
> >
> > checking whether the C compiler still works... yes
> > configure: error: Compiling PostgreSQL with clang, on 32bit x86, requires SSE2 support. Use -msse2 or use gcc.
> >
> >
>
> A special check was added for this, description as follows:
>
> # Defend against clang being used on x86-32 without SSE2 enabled.  As current
> # versions of clang do not understand -fexcess-precision=standard, the use of
> # x87 floating point operations leads to problems like isinf possibly returning
> # false for a value that is infinite when converted from the 80bit register to
> # the 8byte memory representation.
>
> I'm unsure which approach I like least, gcc or -msse2...
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/databases/postgresql/Makefile,v
> retrieving revision 1.246
> diff -u -p -r1.246 Makefile
> --- Makefile 3 Dec 2018 16:22:08 -0000 1.246
> +++ Makefile 3 Dec 2018 21:46:42 -0000
> @@ -79,6 +79,18 @@ CONFIGURE_ARGS= --disable-rpath --with-o
>  CONFIGURE_ARGS+=--disable-spinlocks
>  .endif
>  
> +# To avoid problems with missed floating point overflow checks.
> +# pgsql 10.6+ refuses to build on i386 clang unless -msse2 is set.
> +# If clang gains "-fexcess-precision=standard" support then this
> +# should be removed.
> +MODULES+= gcc4
> +MODGCC4_ARCHS= i386
> +MODGCC4_LANGS= c
> +# An alternative workaround:
> +# .if ${MACHINE_ARCH} == "i386"
> +# CFLAGS += -msse2
> +# .endif
> +
>  MODGNU_CONFIG_GUESS_DIRS= ${WRKSRC}/config
>  
>  ALL_TARGET= world
>

Go for the fix.
ok pea@

Reply | Threaded
Open this post in threaded view
|

Re: [Update] PostgreSQL 10.6

Christian Weisgerber
In reply to this post by Stuart Henderson
On 2018-12-03, Stuart Henderson <[hidden email]> wrote:

> # Defend against clang being used on x86-32 without SSE2 enabled.  As current
> # versions of clang do not understand -fexcess-precision=standard, the use of
> # x87 floating point operations leads to problems like isinf possibly returning
> # false for a value that is infinite when converted from the 80bit register to
> # the 8byte memory representation.
>
> I'm unsure which approach I like least, gcc or -msse2...

A third possibility would be to ignore this corner case and disable
the check.  I think from a practical point of view this would be
fine.  The number of people who do scientific computing in Postgres
on i386 should be very limited.  However, I imagine this would burn
whatever goodwill we have with upstream.

--
Christian "naddy" Weisgerber                          [hidden email]