rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
48,347 Commits 36 Branches 606 Tags 423 MiB
C 86%
PLpgSQL 5.5%
Perl 4.1%
Yacc 1.3%
Makefile 0.7%
Other 2.3%
Go to file
Noah Misch ac8f6243cb In security-restricted operations, block enqueue of at-commit user code. 
Specifically, this blocks DECLARE ... WITH HOLD and firing of deferred
triggers within index expressions and materialized view queries.  An
attacker having permission to create non-temp objects in at least one
schema could execute arbitrary SQL functions under the identity of the
bootstrap superuser.  One can work around the vulnerability by disabling
autovacuum and not manually running ANALYZE, CLUSTER, REINDEX, CREATE
INDEX, VACUUM FULL, or REFRESH MATERIALIZED VIEW.  (Don't restore from
pg_dump, since it runs some of those commands.)  Plain VACUUM (without
FULL) is safe, and all commands are fine when a trusted user owns the
target object.  Performance may degrade quickly under this workaround,
however.  Back-patch to 9.5 (all supported versions).

Reviewed by Robert Haas.  Reported by Etienne Stalmans.

Security: CVE-2020-25695
 		2020-11-09 07:32:12 -08:00
config Update config.guess and config.sub 2019-04-27 14:25:00 +02:00
contrib In security-restricted operations, block enqueue of at-commit user code. 2020-11-09 07:32:12 -08:00
doc Release notes for 13.1, 12.5, 11.10, 10.15, 9.6.20, 9.5.24. 2020-11-08 15:16:12 -05:00
src In security-restricted operations, block enqueue of at-commit user code. 2020-11-09 07:32:12 -08:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.gitattributes Add XSL stylesheet to fix up SVG files 2019-06-19 21:26:42 +02:00
.gitignore Support for optimizing and emitting code in LLVM JIT provider. 2018-03-22 11:05:22 -07:00
COPYRIGHT Update copyrights for 2020 2020-01-01 12:21:45 -05:00
GNUmakefile.in Make install-tests target work with vpath builds 2020-05-31 18:35:08 -04:00
HISTORY Change documentation references to PG website to use https: not http: 2017-05-20 21:50:47 -04:00
Makefile Don't unset MAKEFLAGS in non-GNU Makefile. 2019-06-25 09:36:21 +12:00
README Change documentation references to PG website to use https: not http: 2017-05-20 21:50:47 -04:00
README.git Change documentation references to PG website to use https: not http: 2017-05-20 21:50:47 -04:00
aclocal.m4 Fix configure's AC_CHECK_DECLS tests to work correctly with clang. 2018-11-19 12:01:47 -05:00
configure Stamp 12.4. 2020-08-10 17:15:53 -04:00
configure.in Stamp 12.4. 2020-08-10 17:15:53 -04:00

README 

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	https://www.postgresql.org/download

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
https://www.postgresql.org/download/.  For more information look at our
web site located at https://www.postgresql.org/.