Description of problem:
Looking for a way to test CVE-2015-0243, I have found that it is covered already by the upstream testsuite. However, these tests are not included in our packages, neither in -test and neither in -contrib (or not yet existing -contrib-test if you prefer).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. rpm -ql postgresql92-postgresql-test postgresql92-postgresql-contrib | grep pgp-decrypt.sql ; echo $?
While at it, shouldn't the tests be installed rather into /usr/share as they aren't libraries, and pg_regress binary into /usr/bin?
(oops, I've meant 'pgp-pubkey-decrypt.sql', not 'pgp-decrypt.sql', to be correct about the CVE)
Thanks for the question. The postgresql-test subpackage is kind of hacky and
brittle stuff which I would be against touching in production, however.
(In reply to Karel Volný from comment #0)
> Description of problem:
> Looking for a way to test CVE-2015-0243, I have found that it is covered
> already by the upstream testsuite. However, these tests are not included in
> our packages, neither in -test and neither in -contrib (or not yet existing
> -contrib-test if you prefer).
Its in our packages, its in src.rpm. Those contrib tests should be run during
package build. Do you observe any problem with particular build-time
testcase? You're free to pick that sql file and reuse it, however.
> Additional info:
> While at it, shouldn't the tests be installed rather into /usr/share as they
> aren't libraries,
> and pg_regress binary into /usr/bin?
Even the "main" testsuite in src/test/regress are not designed to be
distributed. Files in postgresql-test have hard-wired relative paths for
dependencies etc. End, IIRC %_libdir was choosen because it is architecture
dependant stuff. The way it is packaged is really hacky and historically, we
distribute only core testsuite.
I don't agree that 'postgresql-contrib-tests' or something like that would be
material for production (for RHEL, RHSCL i tend to WONTFIX). I would agree
with Fedora Rawhide bug and following precise communication with upstream how
to make testsuite distributed out of the box.