Re: More on the libxml2 update situation

On Fri, Dec 11, 2015 at 10:55:40AM -0500, Tom Lane wrote:
> So I did a routine software update on my RHEL6 workstation, and noticed
> a security update for libxml2 go by. And guess what: now an XML-enabled
> build of Postgres fails regression tests for me, just as previously
> discussed in
> http://www.postgresql.org/message-id/flat/CAFj8pRA4xJQFGNQCqMCYGx-umgMr3Stt3xFEUw7kBsOiOvGhkA(at)mail(dot)gmail(dot)com
>
> A little bit of digging shows that the behavior we're unhappy about was
> introduced as part of the official patch for CVE-2015-7499. This means
> that, whether or not we can persuade Veillard that it was a bad idea and
> he should undo it, the bogus behavior is likely to spread into mainstream
> distributions a lot faster than any followup fix will :-(. Bugfix updates
> just don't get accepted as quickly as security updates.

That settles PostgreSQL's need to accept this variation.

> I'm starting to think that maybe we'd better knuckle under and provide
> a variant expected file that matches this behavior. We're likely to be
> seeing it in the wild for some time to come.

I would look at handling this by suppressing the exact error message from the
output. Route affected tests through a wrapper function:

SELECT expect_errdetail($$INSERT INTO xmltest VALUES (3, '<wrong')$$,
E'^line 1: Couldn't find end of Start Tag wrong line 1\n');

A variant expected output would be okay, though.