34039 – postgresql new versions that fix a regression introduced by the fix for CVE-2025-1094

Bug 34039 - postgresql new versions that fix a regression introduced by the fix for CVE-2025-1094

Summary: postgresql new versions that fix a regression introduced by the fix for CVE-2...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-02-24 11:09 CET by Nicolas Salguero
Modified:	2025-02-24 22:10 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	postgresql15, postgresql13
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-02-24 11:09:31 CET

PostgreSQL has released new versions on February 20:
https://www.postgresql.org/about/news/postgresql-174-168-1512-1417-and-1320-released-3018/

They fix a regression introduced by the fix for CVE-2025-1094 and a memory leak in pg_createsubscriber.

Nicolas Salguero 2025-02-24 11:09:44 CET

Source RPM: (none) => postgresql17, postgresql15, postgresql13
Whiteboard: (none) => MGA9TOO

Comment 1 Nicolas Salguero 2025-02-24 14:03:17 CET

Suggested advisory:
========================

The updated packages fix a regression introduced by the fix for CVE-2025-1094 and a memory leak in pg_createsubscriber.

References:
https://www.postgresql.org/about/news/postgresql-174-168-1512-1417-and-1320-released-3018/
========================

Updated packages in core/updates_testing:
========================
lib(64)ecpg15_6-15.12-1.mga9
lib(64)pq5-15.12-1.mga9
postgresql15-15.12-1.mga9
postgresql15-contrib-15.12-1.mga9
postgresql15-devel-15.12-1.mga9
postgresql15-docs-15.12-1.mga9
postgresql15-pl-15.12-1.mga9
postgresql15-plperl-15.12-1.mga9
postgresql15-plpgsql-15.12-1.mga9
postgresql15-plpython3-15.12-1.mga9
postgresql15-pltcl-15.12-1.mga9
postgresql15-server-15.12-1.mga9

lib(64)ecpg13_6-13.20-1.mga9
lib(64)pq5.13-13.20-1.mga9
postgresql13-13.20-1.mga9
postgresql13-contrib-13.20-1.mga9
postgresql13-devel-13.20-1.mga9
postgresql13-docs-13.20-1.mga9
postgresql13-pl-13.20-1.mga9
postgresql13-plperl-13.20-1.mga9
postgresql13-plpgsql-13.20-1.mga9
postgresql13-plpython3-13.20-1.mga9
postgresql13-pltcl-13.20-1.mga9
postgresql13-server-13.20-1.mga9

from SRPMS:
postgresql15-15.12-1.mga9.src.rpm
postgresql13-13.20-1.mga9.src.rpm

Assignee: bugsquad => qa-bugs
Source RPM: postgresql17, postgresql15, postgresql13 => postgresql15, postgresql13
Status: NEW => ASSIGNED
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)

Comment 2 Herman Viaene 2025-02-24 16:15:35 CET

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug34018 for testing.
# systemctl start postgresql
# systemctl -l status postgresql
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; preset: disabled)
     Active: active (running) since Mon 2025-02-24 16:04:39 CET; 27s ago
    Process: 150809 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS)
    Process: 151342 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
   Main PID: 151353 (postgres)
      Tasks: 7 (limit: 8806)
     Memory: 59.7M
        CPU: 4.061s
     CGroup: /system.slice/postgresql.service
             ├─151353 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─151391 "postgres: checkpointer "
             ├─151392 "postgres: background writer "
             ├─151393 "postgres: walwriter "
             ├─151395 "postgres: autovacuum launcher "
             ├─151396 "postgres: stats collector "
             └─151398 "postgres: logical replication launcher "

Feb 24 16:04:33 mach3.hviaene.thuis systemd[1]: Starting postgresql.service...
Feb 24 16:04:39 mach3.hviaene.thuis pg_ctl[151353]: 2025-02-24 16:04:39.190 CET [151353] LOG:  starting PostgreSQL 13.20 on x86_64-mageia-linux-gnu, compile>
Feb 24 16:04:39 mach3.hviaene.thuis pg_ctl[151353]: 2025-02-24 16:04:39.194 CET [151353] LOG:  listening on IPv6 address "::1", port 5432
Feb 24 16:04:39 mach3.hviaene.thuis pg_ctl[151353]: 2025-02-24 16:04:39.195 CET [151353] LOG:  listening on IPv4 address "127.0.0.1", port 5432
Feb 24 16:04:39 mach3.hviaene.thuis pg_ctl[151353]: 2025-02-24 16:04:39.223 CET [151353] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
Feb 24 16:04:39 mach3.hviaene.thuis pg_ctl[151382]: 2025-02-24 16:04:39.304 CET [151382] LOG:  database system was shut down at 2025-02-24 16:04:38 CET
Feb 24 16:04:39 mach3.hviaene.thuis pg_ctl[151353]: 2025-02-24 16:04:39.386 CET [151353] LOG:  database system is ready to accept connections
# systemctl enable postgresql
Created symlink /etc/systemd/system/multi-user.target.wants/postgresql.service → /usr/lib/systemd/system/postgresql.service.
# systemctl restart postgresql
# systemctl -l status postgresql
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; preset: disabled)
     Active: active (running) since Mon 2025-02-24 16:06:22 CET; 4s ago
    Process: 158875 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS)
    Process: 158877 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
   Main PID: 158879 (postgres)
      Tasks: 7 (limit: 8806)
     Memory: 15.0M
        CPU: 190ms
     CGroup: /system.slice/postgresql.service
             ├─158879 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─158882 "postgres: checkpointer "
             ├─158883 "postgres: background writer "
             ├─158884 "postgres: walwriter "
             ├─158885 "postgres: autovacuum launcher "
             ├─158886 "postgres: stats collector "
             └─158887 "postgres: logical replication launcher "

Feb 24 16:06:22 mach3.hviaene.thuis systemd[1]: Starting postgresql.service...
Feb 24 16:06:22 mach3.hviaene.thuis pg_ctl[158879]: 2025-02-24 16:06:22.467 CET [158879] LOG:  starting PostgreSQL 13.20 on x86_64-mageia-linux-gnu, compile>
Feb 24 16:06:22 mach3.hviaene.thuis pg_ctl[158879]: 2025-02-24 16:06:22.469 CET [158879] LOG:  listening on IPv6 address "::1", port 5432
Feb 24 16:06:22 mach3.hviaene.thuis pg_ctl[158879]: 2025-02-24 16:06:22.469 CET [158879] LOG:  listening on IPv4 address "127.0.0.1", port 5432
Feb 24 16:06:22 mach3.hviaene.thuis pg_ctl[158879]: 2025-02-24 16:06:22.502 CET [158879] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
Feb 24 16:06:22 mach3.hviaene.thuis pg_ctl[158881]: 2025-02-24 16:06:22.573 CET [158881] LOG:  database system was shut down at 2025-02-24 16:06:22 CET
Feb 24 16:06:22 mach3.hviaene.thuis pg_ctl[158879]: 2025-02-24 16:06:22.630 CET [158879] LOG:  database system is ready to accept connections

Started httpd, then used phppgadmin to create a new table testtab1320 with PK, unique key, plain text and timestamp. Populated a few records, all OK.
Comong back for version 15.

CC: (none) => herman.viaene

Comment 3 Herman Viaene 2025-02-24 16:49:20 CET

Delete all postgres13, install 15 without issues.
# systemctl start postgresql
# systemctl -l status postgresql
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; preset: disabled)
     Active: active (running) since Mon 2025-02-24 16:39:41 CET; 8s ago
    Process: 230708 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS)
    Process: 230724 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
   Main PID: 230726 (postgres)
      Tasks: 6 (limit: 8806)
     Memory: 56.0M
        CPU: 3.697s
     CGroup: /system.slice/postgresql.service
             ├─230726 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─230727 "postgres: checkpointer "
             ├─230728 "postgres: background writer "
             ├─230730 "postgres: walwriter "
             ├─230731 "postgres: autovacuum launcher "
             └─230732 "postgres: logical replication launcher "

Feb 24 16:39:36 mach3.hviaene.thuis systemd[1]: Starting postgresql.service...
Feb 24 16:39:40 mach3.hviaene.thuis pg_ctl[230726]: 2025-02-24 16:39:40.780 CET [230726] LOG:  starting PostgreSQL 15.12 on x86_64-mageia-linux-gnu, compile>
Feb 24 16:39:40 mach3.hviaene.thuis pg_ctl[230726]: 2025-02-24 16:39:40.782 CET [230726] LOG:  listening on IPv6 address "::1", port 5432
Feb 24 16:39:40 mach3.hviaene.thuis pg_ctl[230726]: 2025-02-24 16:39:40.782 CET [230726] LOG:  listening on IPv4 address "127.0.0.1", port 5432
Feb 24 16:39:40 mach3.hviaene.thuis pg_ctl[230726]: 2025-02-24 16:39:40.826 CET [230726] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
Feb 24 16:39:40 mach3.hviaene.thuis pg_ctl[230729]: 2025-02-24 16:39:40.924 CET [230729] LOG:  database system was shut down at 2025-02-24 16:39:39 CET
Feb 24 16:39:40 mach3.hviaene.thuis pg_ctl[230726]: 2025-02-24 16:39:40.990 CET [230726] LOG:  database system is ready to accept connections
Feb 24 16:39:41 mach3.hviaene.thuis systemd[1]: Started postgresql.service.
# systemctl enable postgresql
Created symlink /etc/systemd/system/multi-user.target.wants/postgresql.service → /usr/lib/systemd/system/postgresql.service.
# systemctl restart postgresql
# systemctl -l status postgresql
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; preset: disabled)
     Active: active (running) since Mon 2025-02-24 16:40:14 CET; 4s ago
    Process: 230789 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS)
    Process: 230791 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
   Main PID: 230793 (postgres)
      Tasks: 6 (limit: 8806)
     Memory: 15.7M
        CPU: 172ms
     CGroup: /system.slice/postgresql.service
             ├─230793 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─230794 "postgres: checkpointer "
             ├─230795 "postgres: background writer "
             ├─230797 "postgres: walwriter "
             ├─230798 "postgres: autovacuum launcher "
             └─230799 "postgres: logical replication launcher "

Feb 24 16:40:14 mach3.hviaene.thuis systemd[1]: Starting postgresql.service...
Feb 24 16:40:14 mach3.hviaene.thuis pg_ctl[230793]: 2025-02-24 16:40:14.341 CET [230793] LOG:  starting PostgreSQL 15.12 on x86_64-mageia-linux-gnu, compile>
Feb 24 16:40:14 mach3.hviaene.thuis pg_ctl[230793]: 2025-02-24 16:40:14.343 CET [230793] LOG:  listening on IPv6 address "::1", port 5432
Feb 24 16:40:14 mach3.hviaene.thuis pg_ctl[230793]: 2025-02-24 16:40:14.343 CET [230793] LOG:  listening on IPv4 address "127.0.0.1", port 5432
Feb 24 16:40:14 mach3.hviaene.thuis pg_ctl[230793]: 2025-02-24 16:40:14.378 CET [230793] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
Feb 24 16:40:14 mach3.hviaene.thuis pg_ctl[230796]: 2025-02-24 16:40:14.451 CET [230796] LOG:  database system was shut down at 2025-02-24 16:40:13 CET
Feb 24 16:40:14 mach3.hviaene.thuis pg_ctl[230793]: 2025-02-24 16:40:14.508 CET [230793] LOG:  database system is ready to accept connections
Feb 24 16:40:14 mach3.hviaene.thuis systemd[1]: Started postgresql.service.

As normal user:
$ psql -U postgres
psql (15.12)
Type "help" for help.

postgres=# create database testpg1512;
CREATE DATABASE
postgres=# \c testpg1512;
You are now connected to database "testpg1512" as user "postgres".
testpg1512=# create table mag_versions (name varchar(12), cr_date date);
CREATE TABLE
testpg1512=# create index magidx on mag_versions(name);
CREATE INDEX
testpg1512=# insert into mag_versions values ('10', '25-Mar-2025');
INSERT 0 1
testpg1512=# insert into mag_versions values ('8', '2-Feb-2021');
INSERT 0 1
testpg1512=# insert into mag_versions values ('9', '26-Aug-2023');
INSERT 0 1
testpg1512=# select * from mag_versions;
 name |  cr_date   
------+------------
 10   | 2025-03-25
 8    | 2021-02-02
 9    | 2023-08-26
(3 rows)

testpg1512=# delete from mag_versions where name = '10';
DELETE 1
testpg1512=# select * from mag_versions;
 name |  cr_date   
------+------------
 8    | 2021-02-02
 9    | 2023-08-26
(2 rows)

testpg1512=# quit


Looks OK.

Whiteboard: (none) => MGA9-64-OK

katnatek 2025-02-24 18:53:40 CET

Keywords: (none) => advisory

Comment 4 Thomas Andrews 2025-02-24 20:12:08 CET

Thank you, Herman. Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Mageia Robot 2025-02-24 22:10:09 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2025-0020.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.