From 392e230d5e63fe0f5d7aa9b5085516250630d879 Mon Sep 17 00:00:00 2001
From: Léo Le Bouter <lle-bout@zaclys.net>
Date: Sun, 14 Feb 2021 22:09:13 +0100
Subject: gnu: postgresql: Update to 13.2 [security fixes].

Fixes CVE-2021-3393 and CVE-2021-20229.

* gnu/packages/databases.scm (postgresql-13.2): New variable.
(postgresql-13)[replacement]: New field.

Signed-off-by: Leo Famulari <leo@famulari.name>
---
 gnu/packages/databases.scm | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'gnu/packages/databases.scm')

diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 9e7e11b380..3694a93df2 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1194,6 +1194,7 @@ developed in C/C++ to MariaDB and MySQL databases.")
 (define-public postgresql-13
   (package
     (name "postgresql")
+    (replacement postgresql-13.2)
     (version "13.1")
     (source (origin
               (method url-fetch)
@@ -1242,6 +1243,20 @@ TIMESTAMP.  It also supports storage of binary large objects, including
 pictures, sounds, or video.")
     (license (license:x11-style "file://COPYRIGHT"))))
 
+(define-public postgresql-13.2
+  (package
+    (inherit postgresql-13)
+    (name "postgresql")
+    (version "13.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://ftp.postgresql.org/pub/source/v"
+                                  version "/postgresql-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1z5d847jnajcfr3wa6jn52a8xjhamvwzmz18xlm5nvxqip8grmsz"))
+              (patches (search-patches "postgresql-disable-resolve_symlinks.patch"))))))
+
 (define-public postgresql-11
   (package
     (inherit postgresql-13)
-- 
cgit v1.2.3