NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commit66579d7

committed

Merge branch 'PGPRO9_6' into PGPROEE9_6

Update PGPROEE up to upstream 9.6.4Conflicts:src/backend/libpq/crypt.csrc/include/pg_config.h.win32

2 parentsd6b785d +23802e2 commit66579d7Copy full SHA for 66579d7

File tree

66 files changed

+22100

-16371

lines changed

configure
configure.in
doc
- bug.template
- src/sgml
src
- backend
  - catalog
    - system_views.sql
  - libpq
  - po
- bin
  - initdb/po
    - es.po
  - pg_basebackup/po
  - pg_config/po
    - es.po
    - sv.po
  - pg_controldata/po
    - es.po
  - pg_ctl/po
    - es.po
    - it.po
  - pg_dump/po
  - pg_resetxlog/po
  - pg_rewind/po
  - psql
    - nls.mk
    - po
  - scripts/po
    - es.po
- include
  - pg_config.h.win32
- interfaces
  - ecpg
    - ecpglib/po
      - es.po
    - preproc/po
      - es.po
      - pt_BR.po
  - libpq
    - libpq.rc.in
    - po
- pl
  - plperl/po
    - es.po
  - plpgsql/src/po
    - es.po
  - plpython/po
    - es.po
    - pt_BR.po
  - tcl/po
    - es.po
- port
  - win32ver.rc
- test/regress
  - expected
  - sql
    - foreign_data.sql
    - privileges.sql

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

66 files changed

+22100

-16371

lines changed

`‎configure`

Lines changed: 10 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`#! /bin/sh`
`2`	`2`	`# Guess values for system-dependent variables and create Makefiles.`
`3`		`-# Generated by GNU Autoconf 2.69 for PostgreSQL 9.6.3.`
	`3`	`+# Generated by GNU Autoconf 2.69 for PostgreSQL 9.6.4.`
`4`	`4`	`#`
`5`	`5`	`# Report bugs to <bugs@postgrespro.ru>.`
`6`	`6`	`#`
`@@ -583,8 +583,8 @@ MAKEFLAGS=`
`583`	`583`	`# Identity of this package.`
`584`	`584`	`PACKAGE_NAME='PostgreSQL'`
`585`	`585`	`PACKAGE_TARNAME='postgrespro'`
`586`		`-PACKAGE_VERSION='9.6.3'`
`587`		`-PACKAGE_STRING='PostgreSQL 9.6.3'`
	`586`	`+PACKAGE_VERSION='9.6.4'`
	`587`	`+PACKAGE_STRING='PostgreSQL 9.6.4'`
`588`	`588`	`PACKAGE_BUGREPORT='bugs@postgrespro.ru'`
`589`	`589`	`PACKAGE_URL=''`
`590`	`590`
`@@ -1407,7 +1407,7 @@ if test "$ac_init_help" = "long"; then`
`1407`	`1407`	`# Omit some internal or obsolete options to make the list less imposing.`
`1408`	`1408`	`# This message is too long to be a string in the A/UX 3.1 sh.`
`1409`	`1409`	`cat <<_ACEOF`
`1410`		-\`configure' configures PostgreSQL 9.6.3 to adapt to many kinds of systems.
	`1410`	+\`configure' configures PostgreSQL 9.6.4 to adapt to many kinds of systems.
`1411`	`1411`
`1412`	`1412`	`Usage: $0 [OPTION]... [VAR=VALUE]...`
`1413`	`1413`
`@@ -1472,7 +1472,7 @@ fi`
`1472`	`1472`
`1473`	`1473`	`if test -n "$ac_init_help"; then`
`1474`	`1474`	`case $ac_init_help in`
`1475`		`- short \| recursive ) echo "Configuration of PostgreSQL 9.6.3:";;`
	`1475`	`+ short \| recursive ) echo "Configuration of PostgreSQL 9.6.4:";;`
`1476`	`1476`	`esac`
`1477`	`1477`	`cat <<\_ACEOF`
`1478`	`1478`
`@@ -1626,7 +1626,7 @@ fi`
`1626`	`1626`	`test -n "$ac_init_help" && exit $ac_status`
`1627`	`1627`	`if $ac_init_version; then`
`1628`	`1628`	`cat <<\_ACEOF`
`1629`		`-PostgreSQL configure 9.6.3`
	`1629`	`+PostgreSQL configure 9.6.4`
`1630`	`1630`	`generated by GNU Autoconf 2.69`
`1631`	`1631`
`1632`	`1632`	`Copyright (C) 2012 Free Software Foundation, Inc.`
`@@ -2338,7 +2338,7 @@ cat >config.log <<_ACEOF`
`2338`	`2338`	`This file contains any messages produced by compilers while`
`2339`	`2339`	`running configure, to aid debugging if configure makes a mistake.`
`2340`	`2340`
`2341`		`-It was created by PostgreSQL $as_me 9.6.3, which was`
	`2341`	`+It was created by PostgreSQL $as_me 9.6.4, which was`
`2342`	`2342`	`generated by GNU Autoconf 2.69. Invocation command line was`
`2343`	`2343`
`2344`	`2344`	`$ $0 $@`
`@@ -2755,7 +2755,7 @@ else`
`2755`	`2755`	`fi`
`2756`	`2756`
`2757`	`2757`
`2758`		`-PGPRO_VERSION="$PACKAGE_VERSION.3"`
	`2758`	`+PGPRO_VERSION="$PACKAGE_VERSION.1"`
`2759`	`2759`	`PGPRO_PACKAGE_NAME="PostgresPro"`
`2760`	`2760`	`PGPRO_EDITION="enterprise"`
`2761`	`2761`
`@@ -18785,7 +18785,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF \|\| ac_write_fail=1`
`18785`	`18785`	`# report actual input values of CONFIG_FILES etc. instead of their`
`18786`	`18786`	`# values after options handling.`
`18787`	`18787`	`ac_log="`
`18788`		`-This file was extended by PostgreSQL $as_me 9.6.3, which was`
	`18788`	`+This file was extended by PostgreSQL $as_me 9.6.4, which was`
`18789`	`18789`	`generated by GNU Autoconf 2.69. Invocation command line was`
`18790`	`18790`
`18791`	`18791`	`CONFIG_FILES = $CONFIG_FILES`
`@@ -18855,7 +18855,7 @@ _ACEOF`
`18855`	`18855`	`cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1`
`18856`	`18856`	ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
`18857`	`18857`	`ac_cs_version="\\`
`18858`		`-PostgreSQL config.status 9.6.3`
	`18858`	`+PostgreSQL config.status 9.6.4`
`18859`	`18859`	`configured by $0, generated by GNU Autoconf 2.69,`
`18860`	`18860`	`with options \\"\$ac_cs_config\\"`
`18861`	`18861`

`‎configure.in`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ dnl Read the Autoconf manual for details.`
`17`	`17`	`dnl`
`18`	`18`	`m4_pattern_forbid(^PGAC_)dnl to catch undefined macros`
`19`	`19`
`20`		`-AC_INIT([PostgreSQL], [9.6.3], [bugs@postgrespro.ru],[postgrespro])`
	`20`	`+AC_INIT([PostgreSQL], [9.6.4], [bugs@postgrespro.ru],[postgrespro])`
`21`	`21`	`PACKAGE_TARNAME=postgrespro`
`22`	`22`
`23`	`23`	`m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.`
`@@ -38,7 +38,7 @@ AC_DEFINE_UNQUOTED(PG_MAJORVERSION, "$PG_MAJORVERSION", [PostgreSQL major versio`
`38`	`38`	`PGAC_ARG_REQ(with, extra-version, [STRING], [append STRING to version],`
`39`	`39`	`[PG_VERSION="$PACKAGE_VERSION$withval"],`
`40`	`40`	`[PG_VERSION="$PACKAGE_VERSION"])`
`41`		`-PGPRO_VERSION="$PACKAGE_VERSION.3"`
	`41`	`+PGPRO_VERSION="$PACKAGE_VERSION.1"`
`42`	`42`	`PGPRO_PACKAGE_NAME="PostgresPro"`
`43`	`43`	`PGPRO_EDITION="enterprise"`
`44`	`44`	`AC_SUBST(PGPRO_PACKAGE_NAME)`

`‎doc/bug.template`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ System Configuration:`
`27`	`27`
`28`	`28`	`Operating System (example: Linux 2.4.18):`
`29`	`29`
`30`		`- PostgreSQL version (example: PostgreSQL 9.6.3): PostgreSQL 9.6.3`
	`30`	`+ PostgreSQL version (example: PostgreSQL 9.6.4): PostgreSQL 9.6.4`
`31`	`31`
`32`	`32`	`Compiler used (example: gcc 3.3.5):`
`33`	`33`

`‎doc/src/sgml/catalogs.sgml`

Lines changed: 26 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -10063,17 +10063,37 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx`
`10063`	`10063`	`<entry><type>text[]</type></entry>`
`10064`	`10064`	`<entry></entry>`
`10065`	`10065`	`<entry>`
`10066`		`- User mapping specific options, as <quote>keyword=value</>`
`10067`		`- strings. This column will show as null unless the current user`
`10068`		`- is the user being mapped, or the mapping is for`
`10069`		`- <literal>PUBLIC</literal> and the current user is the server`
`10070`		`- owner, or the current user is a superuser. The intent is`
`10071`		`- to protect password information stored as user mapping option.`
	`10066`	`+ User mapping specific options, as <quote>keyword=value</> strings`
`10072`	`10067`	`</entry>`
`10073`	`10068`	`</row>`
`10074`	`10069`	`</tbody>`
`10075`	`10070`	`</tgroup>`
`10076`	`10071`	`</table>`
	`10072`	`+`
	`10073`	`+ <para>`
	`10074`	`+ To protect password information stored as a user mapping option,`
	`10075`	`+ the <structfield>umoptions</structfield> column will read as null`
	`10076`	`+ unless one of the following applies:`
	`10077`	`+ <itemizedlist>`
	`10078`	`+ <listitem>`
	`10079`	`+ <para>`
	`10080`	`+ current user is the user being mapped, and owns the server or`
	`10081`	`+ holds <literal>USAGE</> privilege on it`
	`10082`	`+ </para>`
	`10083`	`+ </listitem>`
	`10084`	`+ <listitem>`
	`10085`	`+ <para>`
	`10086`	`+ current user is the server owner and mapping is for <literal>PUBLIC</>`
	`10087`	`+ </para>`
	`10088`	`+ </listitem>`
	`10089`	`+ <listitem>`
	`10090`	`+ <para>`
	`10091`	`+ current user is a superuser`
	`10092`	`+ </para>`
	`10093`	`+ </listitem>`
	`10094`	`+ </itemizedlist>`
	`10095`	`+ </para>`
	`10096`	`+`
`10077`	`10097`	`</sect1>`
`10078`	`10098`
`10079`	`10099`

`‎doc/src/sgml/release-9.2.sgml`

Lines changed: 128 additions & 71 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,12 @@`
`29`	`29`	`</para>`
`30`	`30`
`31`	`31`	`<para>`
`32`		`- However, if you are upgrading from a version earlier than 9.2.20,`
	`32`	`+ However, if you use foreign data servers that make use of user`
	`33`	`+ passwords for authentication, see the first changelog entry below.`
	`34`	`+ </para>`
	`35`	`+`
	`36`	`+ <para>`
	`37`	`+ Also, if you are upgrading from a version earlier than 9.2.20,`
`33`	`38`	`see <xref linkend="release-9-2-20">.`
`34`	`39`	`</para>`
`35`	`40`
`@@ -40,6 +45,126 @@`
`40`	`45`
`41`	`46`	`<itemizedlist>`
`42`	`47`
	`48`	`+ <listitem>`
	`49`	`+ <para>`
	`50`	`+ Further restrict visibility`
	`51`	`+ of <structname>pg_user_mappings</>.<structfield>umoptions</>, to`
	`52`	`+ protect passwords stored as user mapping options`
	`53`	`+ (Noah Misch)`
	`54`	`+ </para>`
	`55`	`+`
	`56`	`+ <para>`
	`57`	`+ The fix for CVE-2017-7486 was incorrect: it allowed a user`
	`58`	`+ to see the options in her own user mapping, even if she did not`
	`59`	`+ have <literal>USAGE</> permission on the associated foreign server.`
	`60`	`+ Such options might include a password that had been provided by the`
	`61`	`+ server owner rather than the user herself.`
	`62`	`+ Since <structname>information_schema.user_mapping_options</> does not`
	`63`	`+ show the options in such cases, <structname>pg_user_mappings</>`
	`64`	`+ should not either.`
	`65`	`+ (CVE-2017-7547)`
	`66`	`+ </para>`
	`67`	`+`
	`68`	`+ <para>`
	`69`	`+ By itself, this patch will only fix the behavior in newly initdb'd`
	`70`	`+ databases. If you wish to apply this change in an existing database,`
	`71`	`+ you will need to do the following:`
	`72`	`+ </para>`
	`73`	`+`
	`74`	`+ <procedure>`
	`75`	`+ <step>`
	`76`	`+ <para>`
	`77`	`+ Restart the postmaster after adding <literal>allow_system_table_mods`
	`78`	`+ = true</> to <filename>postgresql.conf</>. (In versions`
	`79`	`+ supporting <command>ALTER SYSTEM</>, you can use that to make the`
	`80`	`+ configuration change, but you'll still need a restart.)`
	`81`	`+ </para>`
	`82`	`+ </step>`
	`83`	`+`
	`84`	`+ <step>`
	`85`	`+ <para>`
	`86`	`+ In <emphasis>each</> database of the cluster,`
	`87`	`+ run the following commands as superuser:`
	`88`	`+<programlisting>`
	`89`	`+SET search_path = pg_catalog;`
	`90`	`+CREATE OR REPLACE VIEW pg_user_mappings AS`
	`91`	`+ SELECT`
	`92`	`+ U.oid AS umid,`
	`93`	`+ S.oid AS srvid,`
	`94`	`+ S.srvname AS srvname,`
	`95`	`+ U.umuser AS umuser,`
	`96`	`+ CASE WHEN U.umuser = 0 THEN`
	`97`	`+ 'public'`
	`98`	`+ ELSE`
	`99`	`+ A.rolname`
	`100`	`+ END AS usename,`
	`101`	`+ CASE WHEN (U.umuser <> 0 AND A.rolname = current_user`
	`102`	`+ AND (pg_has_role(S.srvowner, 'USAGE')`
	`103`	`+ OR has_server_privilege(S.oid, 'USAGE')))`
	`104`	`+ OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))`
	`105`	`+ OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)`
	`106`	`+ THEN U.umoptions`
	`107`	`+ ELSE NULL END AS umoptions`
	`108`	`+ FROM pg_user_mapping U`
	`109`	`+ LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN`
	`110`	`+ pg_foreign_server S ON (U.umserver = S.oid);`
	`111`	`+</programlisting>`
	`112`	`+ </para>`
	`113`	`+ </step>`
	`114`	`+`
	`115`	`+ <step>`
	`116`	`+ <para>`
	`117`	`+ Do not forget to include the <literal>template0</>`
	`118`	`+ and <literal>template1</> databases, or the vulnerability will still`
	`119`	`+ exist in databases you create later. To fix <literal>template0</>,`
	`120`	`+ you'll need to temporarily make it accept connections.`
	`121`	`+ In <productname>PostgreSQL</> 9.5 and later, you can use`
	`122`	`+<programlisting>`
	`123`	`+ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;`
	`124`	`+</programlisting>`
	`125`	`+ and then after fixing <literal>template0</>, undo that with`
	`126`	`+<programlisting>`
	`127`	`+ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;`
	`128`	`+</programlisting>`
	`129`	`+ In prior versions, instead use`
	`130`	`+<programlisting>`
	`131`	`+UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';`
	`132`	`+UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';`
	`133`	`+</programlisting>`
	`134`	`+ </para>`
	`135`	`+ </step>`
	`136`	`+`
	`137`	`+ <step>`
	`138`	`+ <para>`
	`139`	`+ Finally, remove the <literal>allow_system_table_mods</> configuration`
	`140`	`+ setting, and again restart the postmaster.`
	`141`	`+ </para>`
	`142`	`+ </step>`
	`143`	`+ </procedure>`
	`144`	`+ </listitem>`
	`145`	`+`
	`146`	`+ <listitem>`
	`147`	`+ <para>`
	`148`	`+ Disallow empty passwords in all password-based authentication methods`
	`149`	`+ (Heikki Linnakangas)`
	`150`	`+ </para>`
	`151`	`+`
	`152`	`+ <para>`
	`153`	`+ <application>libpq</> ignores empty password specifications, and does`
	`154`	`+ not transmit them to the server. So, if a user's password has been`
	`155`	`+ set to the empty string, it's impossible to log in with that password`
	`156`	`+ via <application>psql</> or other <application>libpq</>-based`
	`157`	`+ clients. An administrator might therefore believe that setting the`
	`158`	`+ password to empty is equivalent to disabling password login.`
	`159`	`+ However, with a modified or non-<application>libpq</>-based client,`
	`160`	`+ logging in could be possible, depending on which authentication`
	`161`	`+ method is configured. In particular the most common`
	`162`	`+ method, <literal>md5</>, accepted empty passwords.`
	`163`	`+ Change the server to reject empty passwords in all cases.`
	`164`	`+ (CVE-2017-7546)`
	`165`	`+ </para>`
	`166`	`+ </listitem>`
	`167`	`+`
`43`	`168`	`<listitem>`
`44`	`169`	`<para>`
`45`	`170`	`On Windows, retry process creation if we fail to reserve the address`
`@@ -410,77 +535,9 @@`
`410`	`535`	`<para>`
`411`	`536`	`By itself, this patch will only fix the behavior in newly initdb'd`
`412`	`537`	`databases. If you wish to apply this change in an existing database,`
`413`		`- you will need to do the following:`
	`538`	`+ follow the corrected procedure shown in the changelog entry for`
	`539`	`+ CVE-2017-7547, in <xref linkend="release-9-2-22">.`
`414`	`540`	`</para>`
`415`		`-`
`416`		`- <procedure>`
`417`		`- <step>`
`418`		`- <para>`
`419`		`- Restart the postmaster after adding <literal>allow_system_table_mods`
`420`		`- = true</> to <filename>postgresql.conf</>. (In versions`
`421`		`- supporting <command>ALTER SYSTEM</>, you can use that to make the`
`422`		`- configuration change, but you'll still need a restart.)`
`423`		`- </para>`
`424`		`- </step>`
`425`		`-`
`426`		`- <step>`
`427`		`- <para>`
`428`		`- In <emphasis>each</> database of the cluster,`
`429`		`- run the following commands as superuser:`
`430`		`-<programlisting>`
`431`		`-SET search_path = pg_catalog;`
`432`		`-CREATE OR REPLACE VIEW pg_user_mappings AS`
`433`		`- SELECT`
`434`		`- U.oid AS umid,`
`435`		`- S.oid AS srvid,`
`436`		`- S.srvname AS srvname,`
`437`		`- U.umuser AS umuser,`
`438`		`- CASE WHEN U.umuser = 0 THEN`
`439`		`- 'public'`
`440`		`- ELSE`
`441`		`- A.rolname`
`442`		`- END AS usename,`
`443`		`- CASE WHEN (U.umuser <> 0 AND A.rolname = current_user)`
`444`		`- OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))`
`445`		`- OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)`
`446`		`- THEN U.umoptions`
`447`		`- ELSE NULL END AS umoptions`
`448`		`- FROM pg_user_mapping U`
`449`		`- LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN`
`450`		`- pg_foreign_server S ON (U.umserver = S.oid);`
`451`		`-</programlisting>`
`452`		`- </para>`
`453`		`- </step>`
`454`		`-`
`455`		`- <step>`
`456`		`- <para>`
`457`		`- Do not forget to include the <literal>template0</>`
`458`		`- and <literal>template1</> databases, or the vulnerability will still`
`459`		`- exist in databases you create later. To fix <literal>template0</>,`
`460`		`- you'll need to temporarily make it accept connections.`
`461`		`- In <productname>PostgreSQL</> 9.5 and later, you can use`
`462`		`-<programlisting>`
`463`		`-ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;`
`464`		`-</programlisting>`
`465`		`- and then after fixing <literal>template0</>, undo that with`
`466`		`-<programlisting>`
`467`		`-ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;`
`468`		`-</programlisting>`
`469`		`- In prior versions, instead use`
`470`		`-<programlisting>`
`471`		`-UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';`
`472`		`-UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';`
`473`		`-</programlisting>`
`474`		`- </para>`
`475`		`- </step>`
`476`		`-`
`477`		`- <step>`
`478`		`- <para>`
`479`		`- Finally, remove the <literal>allow_system_table_mods</> configuration`
`480`		`- setting, and again restart the postmaster.`
`481`		`- </para>`
`482`		`- </step>`
`483`		`- </procedure>`
`484`	`541`	`</listitem>`
`485`	`542`
`486`	`543`	`<listitem>`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit66579d7

File tree

66 files changed

Some content is hidden

66 files changed

`‎configure`

`‎configure.in`

`‎doc/bug.template`

`‎doc/src/sgml/catalogs.sgml`

`‎doc/src/sgml/release-9.2.sgml`

0 commit comments