rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-08-25 04:47:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
58,542 Commits 36 Branches 606 Tags 423 MiB
C 86%
PLpgSQL 5.5%
Perl 4.1%
Yacc 1.3%
Makefile 0.7%
Other 2.3%
521a7156ab
Go to file
Nathan Bossart 521a7156ab Fix privilege checks in pg_stats_ext and pg_stats_ext_exprs. 
The catalog view pg_stats_ext fails to consider privileges for
expression statistics.  The catalog view pg_stats_ext_exprs fails
to consider privileges and row-level security policies.  To fix,
restrict the data in these views to table owners or roles that
inherit privileges of the table owner.  It may be possible to apply
less restrictive privilege checks in some cases, but that is left
as a future exercise.  Furthermore, for pg_stats_ext_exprs, do not
return data for tables with row-level security enabled, as is
already done for pg_stats_ext.

On the back-branches, a fix-CVE-2024-4317.sql script is provided
that will install into the "share" directory.  This file can be
used to apply the fix to existing clusters.

Bumps catversion on 'master' branch only.

Reported-by: Lukas Fittl
Reviewed-by: Noah Misch, Tomas Vondra, Tom Lane
Security: CVE-2024-4317
Backpatch-through: 14
2024-05-06 09:00:00 -05:00
config Update config.guess and config.sub 2024-04-09 14:21:57 +02:00
contrib Fix an assortment of typos 2024-05-04 02:33:25 +12:00
doc Fix privilege checks in pg_stats_ext and pg_stats_ext_exprs. 2024-05-06 09:00:00 -05:00
src Fix privilege checks in pg_stats_ext and pg_stats_ext_exprs. 2024-05-06 09:00:00 -05:00
.cirrus.star Remove duplicate words in docs and code comments. 2023-10-09 09:18:47 +05:30
.cirrus.tasks.yml Add tests for libpq gssencmode and sslmode options 2024-04-08 02:49:32 +03:00
.cirrus.yml ci: Make compute resources for CI configurable 2023-08-23 15:15:28 -07:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.editorconfig Add .editorconfig 2019-12-18 09:13:13 +01:00
.git-blame-ignore-revs Add commit 64e401b62b to .git-blame-ignore-revs. 2024-03-26 15:08:47 -05:00
.gitattributes Remove non-existing file from .gitattributes 2024-02-16 11:39:09 +01:00
.gitignore Update top-level .gitignore. 2022-12-04 15:23:00 -05:00
aclocal.m4 autoconf: Move export_dynamic determination to configure 2022-12-06 18:55:28 -08:00
configure Avoid unnecessary "touch meson.build" in vpath builds 2024-04-25 07:51:33 -07:00
configure.ac Avoid unnecessary "touch meson.build" in vpath builds 2024-04-25 07:51:33 -07:00
COPYRIGHT Update copyright for 2024 2024-01-03 20:49:05 -05:00
GNUmakefile.in Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
HISTORY Canonicalize some URLs 2020-02-10 20:47:50 +01:00
Makefile Remove AIX support 2024-02-28 15:17:23 +04:00
meson_options.txt Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
meson.build Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
README.md Revise the style of a paragraph in README.md. 2024-03-21 10:16:41 -05:00

README.md

PostgreSQL Database Management System

This directory contains the source code distribution of the PostgreSQL database management system.

PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.

Copyright and license information can be found in the file COPYRIGHT.

General documentation about this version of PostgreSQL can be found at https://www.postgresql.org/docs/devel/. In particular, information about building PostgreSQL from the source code can be found at https://www.postgresql.org/docs/devel/installation.html.

The latest version of this software, and related software, may be obtained at https://www.postgresql.org/download/. For more information look at our web site located at https://www.postgresql.org/.