Noah Misch 12fd81cb7f Ignore attempts to \gset into specially treated variables. ... If an interactive psql session used \gset when querying a compromised server, the attacker could execute arbitrary code as the operating system account running psql. Using a prefix not found among specially treated variables, e.g. every lowercase string, precluded the attack. Fix by issuing a warning and setting no variable for the column in question. Users wanting the old behavior can use a prefix and then a meta-command like "\set HISTSIZE :prefix_HISTSIZE". Back-patch to 9.5 (all supported versions). Reviewed by Robert Haas. Reported by Nick Cleaton. Security: CVE-2020-25696		2020-11-09 07:32:14 -08:00
..
initdb	Translation updates	2020-11-09 12:47:52 +01:00
pg_archivecleanup	Fix new warnings from GCC 7	2017-05-16 08:52:39 -04:00
pg_basebackup	Translation updates	2020-11-09 12:47:52 +01:00
pg_config	Translation updates	2020-11-09 12:47:52 +01:00
pg_controldata	Translation updates	2020-08-10 15:34:18 +02:00
pg_ctl	Translation updates	2020-11-09 12:47:52 +01:00
pg_dump	Translation updates	2020-11-09 12:47:52 +01:00
pg_resetxlog	Translation updates	2020-08-10 15:34:18 +02:00
pg_rewind	Translation updates	2020-11-09 12:47:52 +01:00
pg_test_fsync	Switch pg_test_fsync to use binary mode on Windows	2020-07-16 15:53:09 +09:00
pg_test_timing	Move pg_test_timing from contrib/ to src/bin/	2015-04-20 21:30:12 -04:00
pg_upgrade	pg_upgrade: remove C99 compiler req. from commit 3c0471b5fd	2020-10-15 20:37:19 -04:00
pg_xlogdump	pg_waldump: Fix --bkp-details to not issue spurious newlines for FPWs.	2019-10-29 22:54:36 -07:00
pgbench	Fix integer-overflow edge case detection in interval_mul and pgbench.	2019-11-07 11:23:03 -05:00
pgevent	Update copyright for 2016	2016-01-02 13:33:40 -05:00
psql	Ignore attempts to \gset into specially treated variables.	2020-11-09 07:32:14 -08:00
scripts	Translation updates	2020-11-09 12:47:52 +01:00
Makefile	Update copyright for 2016	2016-01-02 13:33:40 -05:00