Debian issued a security advisory for postgresql today: https://www.debian.org/security/2016/dsa-3646 . So I want to upgrade my pgsql install on stable. The advisory says "these problems have been fixed in version 9.4.9-0+deb8u1." I upgraded, and found myself with version 9.4+165+deb8u1. And this has me very confused, particularly since the online database ( https://packages.debian.org/search?searchon=sourcenames&keywords=postgresql-9.4 ) shows the jessie version recommended by the advisory. If I run "lsb_release -c" I get "Codename: jessie" in response. The sources.list is basic but complete(?): deb http://http.debian.net/debian jessie main deb http://security.debian.org/ jessie/updates main deb http://http.debian.net/debian jessie-updates main (I've left out the deb-src statements.) First, why the discrepancy? Second, where do I go to find out what went into the current package? ie. is there a place to look that will say "9.4+165+deb8u1 was compiled for X reason?" I installed a new virtual machine from a fresh download of debian-8.5.0-amd64-netinst.iso. A final "apt-get update ; apt-get dist-upgrade" finds me at the same 9.4+165+deb8u1. -- Giles http://www.gilesorr.com/ gilesorr@gmail.com
On 11 August 2016 at 17:27, Giles Orr <gilesorr@gmail.com> wrote:
Debian issued a security advisory for postgresql today: https://www.debian.org/security/2016/dsa-3646 . So I want to upgrade my pgsql install on stable. The advisory says "these problems have been fixed in version 9.4.9-0+deb8u1." I upgraded, and found myself with version 9.4+165+deb8u1. And this has me very confused, particularly since the online database ( https://packages.debian.org/search?searchon=sourcenames&keywords=postgresql-9.4 ) shows the jessie version recommended by the advisory. If I run "lsb_release -c" I get "Codename: jessie" in response. The sources.list is basic but complete(?):
deb http://http.debian.net/debian jessie main deb http://security.debian.org/ jessie/updates main deb http://http.debian.net/debian jessie-updates main
(I've left out the deb-src statements.)
First, why the discrepancy? Second, where do I go to find out what went into the current package? ie. is there a place to look that will say "9.4+165+deb8u1 was compiled for X reason?"
I installed a new virtual machine from a fresh download of debian-8.5.0-amd64-netinst.iso. A final "apt-get update ; apt-get dist-upgrade" finds me at the same 9.4+165+deb8u1.
The security advisory was against "postgresql-9.4", but I updated "postgresql" - that seems reasonable, right? No, you literally have to do "apt-get install postgresql-9.4" - with the numbers - to install the correct package. The installation of two separate packages like that seems counter-intuitive and misleading ... although I can also guess at the reasons for it. But one would hope that upgrading one would haul the other with it. <sigh> -- Giles http://www.gilesorr.com/ gilesorr@gmail.com
On Fri, Aug 12, 2016 at 11:12:43AM -0400, Giles Orr via talk wrote:
The security advisory was against "postgresql-9.4", but I updated "postgresql" - that seems reasonable, right? No, you literally have to do "apt-get install postgresql-9.4" - with the numbers - to install the correct package. The installation of two separate packages like that seems counter-intuitive and misleading ... although I can also guess at the reasons for it. But one would hope that upgrading one would haul the other with it. <sigh>
Doing 'apt-get dist-upgrade' would make sense for getting all the fixes. -- Len Sorensen
On Thu, Aug 11, 2016 at 05:27:00PM -0400, Giles Orr via talk wrote:
Debian issued a security advisory for postgresql today: https://www.debian.org/security/2016/dsa-3646 . So I want to upgrade my pgsql install on stable. The advisory says "these problems have been fixed in version 9.4.9-0+deb8u1." I upgraded, and found myself with version 9.4+165+deb8u1. And this has me very confused, particularly since the online database ( https://packages.debian.org/search?searchon=sourcenames&keywords=postgresql-9.4 ) shows the jessie version recommended by the advisory. If I run "lsb_release -c" I get "Codename: jessie" in response. The sources.list is basic but complete(?):
deb http://http.debian.net/debian jessie main deb http://security.debian.org/ jessie/updates main deb http://http.debian.net/debian jessie-updates main
(I've left out the deb-src statements.)
First, why the discrepancy? Second, where do I go to find out what went into the current package? ie. is there a place to look that will say "9.4+165+deb8u1 was compiled for X reason?"
I installed a new virtual machine from a fresh download of debian-8.5.0-amd64-netinst.iso. A final "apt-get update ; apt-get dist-upgrade" finds me at the same 9.4+165+deb8u1.
Make sure you don't mix up the packages: postgresql postgresql-9.4 The first is a meta package, the second is the actual database. postgresql simply depends on the current version, which is postgresql-9.4 in Jessie. -- Len Sorensen
participants (2)
-
Giles Orr -
Lennart Sorensen