mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
postgresql: upgrade 16.3 -> 16.4
0003-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 16.4
drop: CVE-2024-7348.patch
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4d253bca26)
[Drop CVE patch now included in update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
[V2]
Missed dropping CVE patch
This commit is contained in:
Wang Mingyu
committed by
Armin Kuster
Armin Kuster
parent
1b62af8ac6
commit
735ae03108
+3
-3
@@ -13,12 +13,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
|
||||
1 file changed, 4 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 401ce30..27f382d 100644
|
||||
index 65715a4..4ad6340 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros
|
||||
|
||||
AC_INIT([PostgreSQL], [16.3], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
|
||||
AC_INIT([PostgreSQL], [16.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
|
||||
|
||||
-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
|
||||
-Untested combinations of 'autoconf' and PostgreSQL versions are not
|
||||
@@ -28,5 +28,5 @@ index 401ce30..27f382d 100644
|
||||
AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c])
|
||||
AC_CONFIG_AUX_DIR(config)
|
||||
--
|
||||
2.25.1
|
||||
2.34.1
|
||||
|
||||
|
||||
@@ -1,583 +0,0 @@
|
||||
From 6aba85a4b0a0e60126cc7c598b3e010e272516ec Mon Sep 17 00:00:00 2001
|
||||
From: Masahiko Sawada <msawada@postgresql.org>
|
||||
Date: Mon, 5 Aug 2024 06:05:28 -0700
|
||||
Subject: [PATCH] Restrict accesses to non-system views and foreign tables
|
||||
during pg_dump.
|
||||
|
||||
When pg_dump retrieves the list of database objects and performs the
|
||||
data dump, there was possibility that objects are replaced with others
|
||||
of the same name, such as views, and access them. This vulnerability
|
||||
could result in code execution with superuser privileges during the
|
||||
pg_dump process.
|
||||
|
||||
This issue can arise when dumping data of sequences, foreign
|
||||
tables (only 13 or later), or tables registered with a WHERE clause in
|
||||
the extension configuration table.
|
||||
|
||||
To address this, pg_dump now utilizes the newly introduced
|
||||
restrict_nonsystem_relation_kind GUC parameter to restrict the
|
||||
accesses to non-system views and foreign tables during the dump
|
||||
process. This new GUC parameter is added to back branches too, but
|
||||
these changes do not require cluster recreation.
|
||||
|
||||
Back-patch to all supported branches.
|
||||
|
||||
Reviewed-by: Noah Misch
|
||||
Security: CVE-2024-7348
|
||||
Backpatch-through: 12
|
||||
|
||||
Upstream-Status: Backport from [https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=79c7a7e29695a32fef2e65682be224b8d61ec972]
|
||||
CVE: CVE-2024-7348
|
||||
Signed-off-by: Ashish Sharma <asharma@mvista.com>
|
||||
|
||||
.../postgres_fdw/expected/postgres_fdw.out | 11 ++++
|
||||
contrib/postgres_fdw/sql/postgres_fdw.sql | 8 +++
|
||||
doc/src/sgml/config.sgml | 17 +++++
|
||||
doc/src/sgml/ref/pg_dump.sgml | 8 +++
|
||||
src/backend/foreign/foreign.c | 10 +++
|
||||
src/backend/optimizer/plan/createplan.c | 13 ++++
|
||||
src/backend/optimizer/util/plancat.c | 12 ++++
|
||||
src/backend/rewrite/rewriteHandler.c | 17 +++++
|
||||
src/backend/tcop/postgres.c | 64 +++++++++++++++++++
|
||||
src/backend/utils/misc/guc_tables.c | 12 ++++
|
||||
src/bin/pg_dump/pg_dump.c | 47 ++++++++++++++
|
||||
src/include/tcop/tcopprot.h | 6 ++
|
||||
src/include/utils/guc_hooks.h | 3 +
|
||||
src/test/regress/expected/create_view.out | 19 +++++-
|
||||
src/test/regress/sql/create_view.sql | 9 +++
|
||||
15 files changed, 255 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out
|
||||
index a6fd3f6ff0..9b7a7eed05 100644
|
||||
--- a/contrib/postgres_fdw/expected/postgres_fdw.out
|
||||
+++ b/contrib/postgres_fdw/expected/postgres_fdw.out
|
||||
@@ -637,6 +637,17 @@ EXPLAIN (VERBOSE, COSTS OFF) SELECT * FROM ft_empty ORDER BY c1;
|
||||
Remote SQL: SELECT c1, c2 FROM public.loct_empty ORDER BY c1 ASC NULLS LAST
|
||||
(3 rows)
|
||||
|
||||
+-- test restriction on non-system foreign tables.
|
||||
+SET restrict_nonsystem_relation_kind TO 'foreign-table';
|
||||
+SELECT * from ft1 where c1 < 1; -- ERROR
|
||||
+ERROR: access to non-system foreign table is restricted
|
||||
+INSERT INTO ft1 (c1) VALUES (1); -- ERROR
|
||||
+ERROR: access to non-system foreign table is restricted
|
||||
+DELETE FROM ft1 WHERE c1 = 1; -- ERROR
|
||||
+ERROR: access to non-system foreign table is restricted
|
||||
+TRUNCATE ft1; -- ERROR
|
||||
+ERROR: access to non-system foreign table is restricted
|
||||
+RESET restrict_nonsystem_relation_kind;
|
||||
-- ===================================================================
|
||||
-- WHERE with remotely-executable conditions
|
||||
-- ===================================================================
|
||||
diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql
|
||||
index 1c1dedd991..80cc3f9d8e 100644
|
||||
--- a/contrib/postgres_fdw/sql/postgres_fdw.sql
|
||||
+++ b/contrib/postgres_fdw/sql/postgres_fdw.sql
|
||||
@@ -327,6 +327,14 @@ DELETE FROM loct_empty;
|
||||
ANALYZE ft_empty;
|
||||
EXPLAIN (VERBOSE, COSTS OFF) SELECT * FROM ft_empty ORDER BY c1;
|
||||
|
||||
+-- test restriction on non-system foreign tables.
|
||||
+SET restrict_nonsystem_relation_kind TO 'foreign-table';
|
||||
+SELECT * from ft1 where c1 < 1; -- ERROR
|
||||
+INSERT INTO ft1 (c1) VALUES (1); -- ERROR
|
||||
+DELETE FROM ft1 WHERE c1 = 1; -- ERROR
|
||||
+TRUNCATE ft1; -- ERROR
|
||||
+RESET restrict_nonsystem_relation_kind;
|
||||
+
|
||||
-- ===================================================================
|
||||
-- WHERE with remotely-executable conditions
|
||||
-- ===================================================================
|
||||
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
|
||||
index e8c5d2a3b7..69c4bc614f 100644
|
||||
--- a/doc/src/sgml/config.sgml
|
||||
+++ b/doc/src/sgml/config.sgml
|
||||
@@ -9564,6 +9564,23 @@ SET XML OPTION { DOCUMENT | CONTENT };
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry id="guc-restrict-nonsystem-relation-kind" xreflabel="restrict_nonsystem_relation_kind">
|
||||
+ <term><varname>restrict_nonsystem_relation_kind</varname> (<type>string</type>)
|
||||
+ <indexterm>
|
||||
+ <primary><varname>restrict_nonsystem_relation_kind</varname></primary>
|
||||
+ <secondary>configuration parameter</secondary>
|
||||
+ </indexterm>
|
||||
+ </term>
|
||||
+ <listitem>
|
||||
+ <para>
|
||||
+ This variable specifies relation kind to which access is restricted.
|
||||
+ It contains a comma-separated list of relation kind. Currently, the
|
||||
+ supported relation kinds are <literal>view</literal> and
|
||||
+ <literal>foreign-table</literal>.
|
||||
+ </para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
</variablelist>
|
||||
</sect2>
|
||||
<sect2 id="runtime-config-client-format">
|
||||
diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
|
||||
index 7ff5d04c73..b879c30c18 100644
|
||||
--- a/doc/src/sgml/ref/pg_dump.sgml
|
||||
+++ b/doc/src/sgml/ref/pg_dump.sgml
|
||||
@@ -868,6 +868,14 @@ PostgreSQL documentation
|
||||
The only exception is that an empty pattern is disallowed.
|
||||
</para>
|
||||
|
||||
+ <note>
|
||||
+ <para>
|
||||
+ Using wildcards in <option>--include-foreign-data</option> may result
|
||||
+ in access to unexpected foreign servers. Also, to use this option securely,
|
||||
+ make sure that the named server must have a trusted owner.
|
||||
+ </para>
|
||||
+ </note>
|
||||
+
|
||||
<note>
|
||||
<para>
|
||||
When <option>--include-foreign-data</option> is specified,
|
||||
diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c
|
||||
index ca3ad55b62..7335838af3 100644
|
||||
--- a/src/backend/foreign/foreign.c
|
||||
+++ b/src/backend/foreign/foreign.c
|
||||
@@ -23,6 +23,7 @@
|
||||
#include "funcapi.h"
|
||||
#include "lib/stringinfo.h"
|
||||
#include "miscadmin.h"
|
||||
+#include "tcop/tcopprot.h"
|
||||
#include "utils/builtins.h"
|
||||
#include "utils/memutils.h"
|
||||
#include "utils/rel.h"
|
||||
@@ -323,6 +324,15 @@ GetFdwRoutine(Oid fdwhandler)
|
||||
Datum datum;
|
||||
FdwRoutine *routine;
|
||||
|
||||
+ /* Check if the access to foreign tables is restricted */
|
||||
+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
|
||||
+ {
|
||||
+ /* there must not be built-in FDW handler */
|
||||
+ ereport(ERROR,
|
||||
+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
||||
+ errmsg("access to non-system foreign table is restricted")));
|
||||
+ }
|
||||
+
|
||||
datum = OidFunctionCall0(fdwhandler);
|
||||
routine = (FdwRoutine *) DatumGetPointer(datum);
|
||||
|
||||
diff --git a/src/backend/optimizer/plan/createplan.c b/src/backend/optimizer/plan/createplan.c
|
||||
index 4bb38160b3..974c50b29f 100644
|
||||
--- a/src/backend/optimizer/plan/createplan.c
|
||||
+++ b/src/backend/optimizer/plan/createplan.c
|
||||
@@ -40,6 +40,7 @@
|
||||
#include "parser/parse_clause.h"
|
||||
#include "parser/parsetree.h"
|
||||
#include "partitioning/partprune.h"
|
||||
+#include "tcop/tcopprot.h"
|
||||
#include "utils/lsyscache.h"
|
||||
|
||||
|
||||
@@ -7090,7 +7091,19 @@ make_modifytable(PlannerInfo *root, Plan *subplan,
|
||||
|
||||
if (rte->rtekind == RTE_RELATION &&
|
||||
rte->relkind == RELKIND_FOREIGN_TABLE)
|
||||
+ {
|
||||
+ /* Check if the access to foreign tables is restricted */
|
||||
+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
|
||||
+ {
|
||||
+ /* there must not be built-in foreign tables */
|
||||
+ Assert(rte->relid >= FirstNormalObjectId);
|
||||
+ ereport(ERROR,
|
||||
+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
||||
+ errmsg("access to non-system foreign table is restricted")));
|
||||
+ }
|
||||
+
|
||||
fdwroutine = GetFdwRoutineByRelId(rte->relid);
|
||||
+ }
|
||||
else
|
||||
fdwroutine = NULL;
|
||||
}
|
||||
diff --git a/src/backend/optimizer/util/plancat.c b/src/backend/optimizer/util/plancat.c
|
||||
index 07c4ba384a..1a3045479f 100644
|
||||
--- a/src/backend/optimizer/util/plancat.c
|
||||
+++ b/src/backend/optimizer/util/plancat.c
|
||||
@@ -47,6 +47,7 @@
|
||||
#include "rewrite/rewriteManip.h"
|
||||
#include "statistics/statistics.h"
|
||||
#include "storage/bufmgr.h"
|
||||
+#include "tcop/tcopprot.h"
|
||||
#include "utils/builtins.h"
|
||||
#include "utils/lsyscache.h"
|
||||
#include "utils/partcache.h"
|
||||
@@ -500,6 +501,17 @@ get_relation_info(PlannerInfo *root, Oid relationObjectId, bool inhparent,
|
||||
/* Grab foreign-table info using the relcache, while we have it */
|
||||
if (relation->rd_rel->relkind == RELKIND_FOREIGN_TABLE)
|
||||
{
|
||||
+ /* Check if the access to foreign tables is restricted */
|
||||
+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
|
||||
+ {
|
||||
+ /* there must not be built-in foreign tables */
|
||||
+ Assert(RelationGetRelid(relation) >= FirstNormalObjectId);
|
||||
+
|
||||
+ ereport(ERROR,
|
||||
+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
||||
+ errmsg("access to non-system foreign table is restricted")));
|
||||
+ }
|
||||
+
|
||||
rel->serverid = GetForeignServerIdByRelId(RelationGetRelid(relation));
|
||||
rel->fdwroutine = GetFdwRoutineForRelation(relation, true);
|
||||
}
|
||||
diff --git a/src/backend/rewrite/rewriteHandler.c b/src/backend/rewrite/rewriteHandler.c
|
||||
index 6cef936f82..9cd96fd17e 100644
|
||||
--- a/src/backend/rewrite/rewriteHandler.c
|
||||
+++ b/src/backend/rewrite/rewriteHandler.c
|
||||
@@ -41,6 +41,7 @@
|
||||
#include "rewrite/rewriteManip.h"
|
||||
#include "rewrite/rewriteSearchCycle.h"
|
||||
#include "rewrite/rowsecurity.h"
|
||||
+#include "tcop/tcopprot.h"
|
||||
#include "utils/builtins.h"
|
||||
#include "utils/lsyscache.h"
|
||||
#include "utils/rel.h"
|
||||
@@ -1740,6 +1741,14 @@ ApplyRetrieveRule(Query *parsetree,
|
||||
if (rule->qual != NULL)
|
||||
elog(ERROR, "cannot handle qualified ON SELECT rule");
|
||||
|
||||
+ /* Check if the expansion of non-system views are restricted */
|
||||
+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_VIEW) != 0 &&
|
||||
+ RelationGetRelid(relation) >= FirstNormalObjectId))
|
||||
+ ereport(ERROR,
|
||||
+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
||||
+ errmsg("access to non-system view \"%s\" is restricted",
|
||||
+ RelationGetRelationName(relation))));
|
||||
+
|
||||
if (rt_index == parsetree->resultRelation)
|
||||
{
|
||||
/*
|
||||
@@ -3104,6 +3113,14 @@
|
||||
}
|
||||
}
|
||||
|
||||
+ /* Check if the expansion of non-system views are restricted */
|
||||
+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_VIEW) != 0 &&
|
||||
+ RelationGetRelid(view) >= FirstNormalObjectId))
|
||||
+ ereport(ERROR,
|
||||
+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
|
||||
+ errmsg("access to non-system view \"%s\" is restricted",
|
||||
+ RelationGetRelationName(view))));
|
||||
+
|
||||
/*
|
||||
* For INSERT/UPDATE the modified columns must all be updatable. Note that
|
||||
* we get the modified columns from the query's targetlist, not from the
|
||||
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
|
||||
index 36cc99ec9c..e7d486ca2f 100644
|
||||
--- a/src/backend/tcop/postgres.c
|
||||
+++ b/src/backend/tcop/postgres.c
|
||||
@@ -77,6 +77,7 @@
|
||||
#include "utils/snapmgr.h"
|
||||
#include "utils/timeout.h"
|
||||
#include "utils/timestamp.h"
|
||||
+#include "utils/varlena.h"
|
||||
|
||||
/* ----------------
|
||||
* global variables
|
||||
@@ -101,6 +102,9 @@ int PostAuthDelay = 0;
|
||||
/* Time between checks that the client is still connected. */
|
||||
int client_connection_check_interval = 0;
|
||||
|
||||
+/* flags for non-system relation kinds to restrict use */
|
||||
+int restrict_nonsystem_relation_kind;
|
||||
+
|
||||
/* ----------------
|
||||
* private typedefs etc
|
||||
* ----------------
|
||||
@@ -3628,6 +3632,66 @@ check_log_stats(bool *newval, void **extra, GucSource source)
|
||||
return true;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * GUC check_hook for restrict_nonsystem_relation_kind
|
||||
+ */
|
||||
+bool
|
||||
+check_restrict_nonsystem_relation_kind(char **newval, void **extra, GucSource source)
|
||||
+{
|
||||
+ char *rawstring;
|
||||
+ List *elemlist;
|
||||
+ ListCell *l;
|
||||
+ int flags = 0;
|
||||
+
|
||||
+ /* Need a modifiable copy of string */
|
||||
+ rawstring = pstrdup(*newval);
|
||||
+
|
||||
+ if (!SplitIdentifierString(rawstring, ',', &elemlist))
|
||||
+ {
|
||||
+ /* syntax error in list */
|
||||
+ GUC_check_errdetail("List syntax is invalid.");
|
||||
+ pfree(rawstring);
|
||||
+ list_free(elemlist);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ foreach(l, elemlist)
|
||||
+ {
|
||||
+ char *tok = (char *) lfirst(l);
|
||||
+
|
||||
+ if (pg_strcasecmp(tok, "view") == 0)
|
||||
+ flags |= RESTRICT_RELKIND_VIEW;
|
||||
+ else if (pg_strcasecmp(tok, "foreign-table") == 0)
|
||||
+ flags |= RESTRICT_RELKIND_FOREIGN_TABLE;
|
||||
+ else
|
||||
+ {
|
||||
+ GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
|
||||
+ pfree(rawstring);
|
||||
+ list_free(elemlist);
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ pfree(rawstring);
|
||||
+ list_free(elemlist);
|
||||
+
|
||||
+ /* Save the flags in *extra, for use by the assign function */
|
||||
+ *extra = guc_malloc(ERROR, sizeof(int));
|
||||
+ *((int *) *extra) = flags;
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * GUC assign_hook for restrict_nonsystem_relation_kind
|
||||
+ */
|
||||
+void
|
||||
+assign_restrict_nonsystem_relation_kind(const char *newval, void *extra)
|
||||
+{
|
||||
+ int *flags = (int *) extra;
|
||||
+
|
||||
+ restrict_nonsystem_relation_kind = *flags;
|
||||
+}
|
||||
|
||||
/*
|
||||
* set_debug_options --- apply "-d N" command line option
|
||||
diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
|
||||
index b078b934a7..a515ecde97 100644
|
||||
--- a/src/backend/utils/misc/guc_tables.c
|
||||
+++ b/src/backend/utils/misc/guc_tables.c
|
||||
@@ -564,6 +564,7 @@ static char *server_encoding_string;
|
||||
static char *server_version_string;
|
||||
static int server_version_num;
|
||||
static char *debug_io_direct_string;
|
||||
+static char *restrict_nonsystem_relation_kind_string;
|
||||
|
||||
#ifdef HAVE_SYSLOG
|
||||
#define DEFAULT_SYSLOG_FACILITY LOG_LOCAL0
|
||||
@@ -4549,6 +4550,17 @@ struct config_string ConfigureNamesString[] =
|
||||
check_debug_io_direct, assign_debug_io_direct, NULL
|
||||
},
|
||||
|
||||
+ {
|
||||
+ {"restrict_nonsystem_relation_kind", PGC_USERSET, CLIENT_CONN_STATEMENT,
|
||||
+ gettext_noop("Sets relation kinds of non-system relation to restrict use"),
|
||||
+ NULL,
|
||||
+ GUC_LIST_INPUT | GUC_NOT_IN_SAMPLE
|
||||
+ },
|
||||
+ &restrict_nonsystem_relation_kind_string,
|
||||
+ "",
|
||||
+ check_restrict_nonsystem_relation_kind, assign_restrict_nonsystem_relation_kind, NULL
|
||||
+ },
|
||||
+
|
||||
/* End-of-list marker */
|
||||
{
|
||||
{NULL, 0, 0, NULL, NULL}, NULL, NULL, NULL, NULL, NULL
|
||||
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
|
||||
index 300fe071fc..1694ff55f8 100644
|
||||
--- a/src/bin/pg_dump/pg_dump.c
|
||||
+++ b/src/bin/pg_dump/pg_dump.c
|
||||
@@ -324,6 +324,7 @@ static bool nonemptyReloptions(const char *reloptions);
|
||||
static void appendReloptionsArrayAH(PQExpBuffer buffer, const char *reloptions,
|
||||
const char *prefix, Archive *fout);
|
||||
static char *get_synchronized_snapshot(Archive *fout);
|
||||
+static void set_restrict_relation_kind(Archive *AH, const char *value);
|
||||
static void setupDumpWorker(Archive *AH);
|
||||
static TableInfo *getRootTableInfo(const TableInfo *tbinfo);
|
||||
static bool forcePartitionRootLoad(const TableInfo *tbinfo);
|
||||
@@ -1252,6 +1253,13 @@ setup_connection(Archive *AH, const char *dumpencoding,
|
||||
ExecuteSqlStatement(AH, "SET row_security = off");
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * For security reasons, we restrict the expansion of non-system views and
|
||||
+ * access to foreign tables during the pg_dump process. This restriction
|
||||
+ * is adjusted when dumping foreign table data.
|
||||
+ */
|
||||
+ set_restrict_relation_kind(AH, "view, foreign-table");
|
||||
+
|
||||
/*
|
||||
* Initialize prepared-query state to "nothing prepared". We do this here
|
||||
* so that a parallel dump worker will have its own state.
|
||||
@@ -2114,6 +2122,10 @@ dumpTableData_copy(Archive *fout, const void *dcontext)
|
||||
*/
|
||||
if (tdinfo->filtercond || tbinfo->relkind == RELKIND_FOREIGN_TABLE)
|
||||
{
|
||||
+ /* Temporary allows to access to foreign tables to dump data */
|
||||
+ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
|
||||
+ set_restrict_relation_kind(fout, "view");
|
||||
+
|
||||
appendPQExpBufferStr(q, "COPY (SELECT ");
|
||||
/* klugery to get rid of parens in column list */
|
||||
if (strlen(column_list) > 2)
|
||||
@@ -2225,6 +2237,11 @@ dumpTableData_copy(Archive *fout, const void *dcontext)
|
||||
classname);
|
||||
|
||||
destroyPQExpBuffer(q);
|
||||
+
|
||||
+ /* Revert back the setting */
|
||||
+ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
|
||||
+ set_restrict_relation_kind(fout, "view, foreign-table");
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -2251,6 +2268,10 @@ dumpTableData_insert(Archive *fout, const void *dcontext)
|
||||
int rows_per_statement = dopt->dump_inserts;
|
||||
int rows_this_statement = 0;
|
||||
|
||||
+ /* Temporary allows to access to foreign tables to dump data */
|
||||
+ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
|
||||
+ set_restrict_relation_kind(fout, "view");
|
||||
+
|
||||
/*
|
||||
* If we're going to emit INSERTs with column names, the most efficient
|
||||
* way to deal with generated columns is to exclude them entirely. For
|
||||
@@ -2490,6 +2511,10 @@ dumpTableData_insert(Archive *fout, const void *dcontext)
|
||||
destroyPQExpBuffer(insertStmt);
|
||||
free(attgenerated);
|
||||
|
||||
+ /* Revert back the setting */
|
||||
+ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
|
||||
+ set_restrict_relation_kind(fout, "view, foreign-table");
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -4590,6 +4615,28 @@ is_superuser(Archive *fout)
|
||||
return false;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Set the given value to restrict_nonsystem_relation_kind value. Since
|
||||
+ * restrict_nonsystem_relation_kind is introduced in minor version releases,
|
||||
+ * the setting query is effective only where available.
|
||||
+ */
|
||||
+static void
|
||||
+set_restrict_relation_kind(Archive *AH, const char *value)
|
||||
+{
|
||||
+ PQExpBuffer query = createPQExpBuffer();
|
||||
+ PGresult *res;
|
||||
+
|
||||
+ appendPQExpBuffer(query,
|
||||
+ "SELECT set_config(name, '%s', false) "
|
||||
+ "FROM pg_settings "
|
||||
+ "WHERE name = 'restrict_nonsystem_relation_kind'",
|
||||
+ value);
|
||||
+ res = ExecuteSqlQuery(AH, query->data, PGRES_TUPLES_OK);
|
||||
+
|
||||
+ PQclear(res);
|
||||
+ destroyPQExpBuffer(query);
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* getSubscriptions
|
||||
* get information about subscriptions
|
||||
diff --git a/src/include/tcop/tcopprot.h b/src/include/tcop/tcopprot.h
|
||||
index abd7b4fff3..e529e9f06c 100644
|
||||
--- a/src/include/tcop/tcopprot.h
|
||||
+++ b/src/include/tcop/tcopprot.h
|
||||
@@ -43,6 +43,12 @@ typedef enum
|
||||
|
||||
extern PGDLLIMPORT int log_statement;
|
||||
|
||||
+/* Flags for restrict_nonsystem_relation_kind value */
|
||||
+#define RESTRICT_RELKIND_VIEW 0x01
|
||||
+#define RESTRICT_RELKIND_FOREIGN_TABLE 0x02
|
||||
+
|
||||
+extern PGDLLIMPORT int restrict_nonsystem_relation_kind;
|
||||
+
|
||||
extern List *pg_parse_query(const char *query_string);
|
||||
extern List *pg_rewrite_query(Query *query);
|
||||
extern List *pg_analyze_and_rewrite_fixedparams(RawStmt *parsetree,
|
||||
diff --git a/src/include/utils/guc_hooks.h b/src/include/utils/guc_hooks.h
|
||||
index 952293a1c3..0ea33fede9 100644
|
||||
--- a/src/include/utils/guc_hooks.h
|
||||
+++ b/src/include/utils/guc_hooks.h
|
||||
@@ -118,6 +118,9 @@ extern void assign_recovery_target_xid(const char *newval, void *extra);
|
||||
extern bool check_role(char **newval, void **extra, GucSource source);
|
||||
extern void assign_role(const char *newval, void *extra);
|
||||
extern const char *show_role(void);
|
||||
+extern bool check_restrict_nonsystem_relation_kind(char **newval, void **extra,
|
||||
+ GucSource source);
|
||||
+extern void assign_restrict_nonsystem_relation_kind(const char *newval, void *extra);
|
||||
extern bool check_search_path(char **newval, void **extra, GucSource source);
|
||||
extern void assign_search_path(const char *newval, void *extra);
|
||||
extern bool check_session_authorization(char **newval, void **extra, GucSource source);
|
||||
diff --git a/src/test/regress/expected/create_view.out b/src/test/regress/expected/create_view.out
|
||||
index 61825ef7d4..f3f8c7b5a2 100644
|
||||
--- a/src/test/regress/expected/create_view.out
|
||||
+++ b/src/test/regress/expected/create_view.out
|
||||
@@ -2202,6 +2202,21 @@ select pg_get_viewdef('tt26v', true);
|
||||
FROM ( VALUES (1,2,3)) v(x, y, z);
|
||||
(1 row)
|
||||
|
||||
+-- test restriction on non-system view expansion.
|
||||
+create table tt27v_tbl (a int);
|
||||
+create view tt27v as select a from tt27v_tbl;
|
||||
+set restrict_nonsystem_relation_kind to 'view';
|
||||
+select a from tt27v where a > 0; -- Error
|
||||
+ERROR: access to non-system view "tt27v" is restricted
|
||||
+insert into tt27v values (1); -- Error
|
||||
+ERROR: access to non-system view "tt27v" is restricted
|
||||
+select viewname from pg_views where viewname = 'tt27v'; -- Ok to access a system view.
|
||||
+ viewname
|
||||
+----------
|
||||
+ tt27v
|
||||
+(1 row)
|
||||
+
|
||||
+reset restrict_nonsystem_relation_kind;
|
||||
-- clean up all the random objects we made above
|
||||
DROP SCHEMA temp_view_test CASCADE;
|
||||
NOTICE: drop cascades to 27 other objects
|
||||
@@ -2233,7 +2248,7 @@ drop cascades to view aliased_view_2
|
||||
drop cascades to view aliased_view_3
|
||||
drop cascades to view aliased_view_4
|
||||
DROP SCHEMA testviewschm2 CASCADE;
|
||||
-NOTICE: drop cascades to 77 other objects
|
||||
+NOTICE: drop cascades to 79 other objects
|
||||
DETAIL: drop cascades to table t1
|
||||
drop cascades to view temporal1
|
||||
drop cascades to view temporal2
|
||||
@@ -2311,3 +2326,5 @@ drop cascades to view tt23v
|
||||
drop cascades to view tt24v
|
||||
drop cascades to view tt25v
|
||||
drop cascades to view tt26v
|
||||
+drop cascades to table tt27v_tbl
|
||||
+drop cascades to view tt27v
|
||||
diff --git a/src/test/regress/sql/create_view.sql b/src/test/regress/sql/create_view.sql
|
||||
index 8838a40f7a..3a78be1b0c 100644
|
||||
--- a/src/test/regress/sql/create_view.sql
|
||||
+++ b/src/test/regress/sql/create_view.sql
|
||||
@@ -813,6 +813,15 @@ select x + y + z as c1,
|
||||
from (values(1,2,3)) v(x,y,z);
|
||||
select pg_get_viewdef('tt26v', true);
|
||||
|
||||
+-- test restriction on non-system view expansion.
|
||||
+create table tt27v_tbl (a int);
|
||||
+create view tt27v as select a from tt27v_tbl;
|
||||
+set restrict_nonsystem_relation_kind to 'view';
|
||||
+select a from tt27v where a > 0; -- Error
|
||||
+insert into tt27v values (1); -- Error
|
||||
+select viewname from pg_views where viewname = 'tt27v'; -- Ok to access a system view.
|
||||
+reset restrict_nonsystem_relation_kind;
|
||||
+
|
||||
-- clean up all the random objects we made above
|
||||
DROP SCHEMA temp_view_test CASCADE;
|
||||
DROP SCHEMA testviewschm2 CASCADE;
|
||||
--
|
||||
2.30.2
|
||||
|
||||
+1
-2
@@ -9,9 +9,8 @@ SRC_URI += "\
|
||||
file://0003-configure.ac-bypass-autoconf-2.69-version-check.patch \
|
||||
file://0004-config_info.c-not-expose-build-info.patch \
|
||||
file://0005-postgresql-fix-ptest-failure-of-sysviews.patch \
|
||||
file://CVE-2024-7348.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585"
|
||||
SRC_URI[sha256sum] = "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f"
|
||||
|
||||
CVE_STATUS[CVE-2017-8806] = "not-applicable-config: Ddoesn't apply to out configuration of postgresql so we can safely ignore it."
|
||||
Reference in New Issue
Block a user