upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-17 17:55:04 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/backend
History
Nathan Bossart 2485a85e96 Fix privilege checks in pg_stats_ext and pg_stats_ext_exprs. 
The catalog view pg_stats_ext fails to consider privileges for
expression statistics.  The catalog view pg_stats_ext_exprs fails
to consider privileges and row-level security policies.  To fix,
restrict the data in these views to table owners or roles that
inherit privileges of the table owner.  It may be possible to apply
less restrictive privilege checks in some cases, but that is left
as a future exercise.  Furthermore, for pg_stats_ext_exprs, do not
return data for tables with row-level security enabled, as is
already done for pg_stats_ext.

On the back-branches, a fix-CVE-2024-4317.sql script is provided
that will install into the "share" directory.  This file can be
used to apply the fix to existing clusters.

Bumps catversion on 'master' branch only.

Reported-by: Lukas Fittl
Reviewed-by: Noah Misch, Tomas Vondra, Tom Lane
Security: CVE-2024-4317
Backpatch-through: 14
2024-05-06 09:00:07 -05:00
..
access Fix parallel vacuum buffer usage reporting. 2024-05-01 12:34:04 +09:00
archive Redesign archive modules 2023-02-17 14:26:42 +09:00
backup Skip .DS_Store files in server side utils 2024-02-13 13:47:12 +01:00
bootstrap Fix CREATE INDEX progress reporting for multi-level partitioning. 2023-03-25 15:34:03 -04:00
catalog Fix privilege checks in pg_stats_ext and pg_stats_ext_exprs. 2024-05-06 09:00:07 -05:00
commands Throw a more on-point error for publications depending on columns. 2024-05-02 17:36:31 -04:00
executor Ensure we allocate NAMEDATALEN bytes for names in Index Only Scans 2024-05-01 13:21:50 +12:00
foreign Expand some more uses of "deleg" to "delegation" or "delegated". 2023-05-21 10:55:18 -04:00
jit Fix illegal attribute propagation in LLVM JIT. 2024-04-10 10:46:15 +12:00
lib Fix ILIST_DEBUG build 2023-01-18 10:26:15 -08:00
libpq Disconnect if socket cannot be put into non-blocking mode 2024-03-12 10:18:44 +02:00
main Remove obsolete defense against strxfrm() bugs. 2023-04-20 13:20:14 +12:00
nodes Use a safer outfuncs/readfuncs representation for BitStrings. 2024-02-13 12:18:25 -05:00
optimizer Ensure generated join clauses for child rels have correct relids. 2024-04-16 11:03:43 -04:00
parser Fix type-checking of RECORD-returning functions in FROM, redux. 2024-04-15 12:56:56 -04:00
partitioning Fix incorrect pruning of NULL partition for boolean IS NOT clauses 2024-02-20 12:50:09 +13:00
po Translation updates 2024-05-06 12:08:30 +02:00
port Close socket in case of errors in setting non-blocking 2024-01-17 11:24:11 +01:00
postmaster Avoid deadlock during orphan temp table removal. 2024-04-02 14:59:04 -04:00
regex Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
replication Fix the missing table sync due to improper invalidation handling. 2024-04-25 10:52:34 +05:30
rewrite Make INSERT-from-multiple-VALUES-rows handle domain target columns. 2024-03-14 14:57:16 -04:00
snowball Fix the install rule for snowball_create.sql. 2023-05-23 11:15:57 -04:00
statistics Fix incorrectly reported stats kind in "can't happen" ERROR 2024-03-05 16:17:53 +13:00
storage freespace: Don't return blocks past the end of the main fork. 2024-04-13 08:35:06 -07:00
tcop Be more rigorous about local variables in PostgresMain(). 2023-07-10 12:14:34 -04:00
tsearch Limit to_tsvector_byid's initial array allocation to something sane. 2023-09-25 11:50:28 -04:00
utils Disable run condition optimization for some WindowFuncs 2024-05-01 16:35:05 +12:00
.gitignore Add .gitignore entries for AIX-specific intermediate build artifacts. 2015-07-08 20:44:22 -04:00
common.mk Blind attempt to fix LLVM dependency in the backend 2022-09-15 10:53:48 +07:00
Makefile Fix make headerscheck 2024-04-27 11:38:41 +07:00
meson.build Add win32ver data to meson-built postgres.exe. 2023-06-12 07:40:38 -07:00
nls.mk Add missing gettext triggers 2023-05-10 13:51:51 +02:00