postgresql/contrib
Tom Lane adc97d03b9 Prevent access to external files/URLs via contrib/xml2's xslt_process().
libxslt offers the ability to read and write both files and URLs through
stylesheet commands, thus allowing unprivileged database users to both read
and write data with the privileges of the database server.  Disable that
through proper use of libxslt's security options.

Also, remove xslt_process()'s ability to fetch documents and stylesheets
from external files/URLs.  While this was a documented "feature", it was
long regarded as a terrible idea.  The fix for CVE-2012-3489 broke that
capability, and rather than expend effort on trying to fix it, we're just
going to summarily remove it.

While the ability to write as well as read makes this security hole
considerably worse than CVE-2012-3489, the problem is mitigated by the fact
that xslt_process() is not available unless contrib/xml2 is installed,
and the longstanding warnings about security risks from that should have
discouraged prudent DBAs from installing it in security-exposed databases.

Reported and fixed by Peter Eisentraut.

Security: CVE-2012-3488
2012-08-14 18:31:18 -04:00
..
adminpack Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
auth_delay pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
auto_explain Run pgindent on 9.2 source tree in preparation for first 9.3 2012-06-10 15:20:04 -04:00
btree_gin Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
btree_gist Reduce messages about implicit indexes and sequences to DEBUG1. 2012-07-04 20:35:29 -04:00
chkpass Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
citext Reduce messages about implicit indexes and sequences to DEBUG1. 2012-07-04 20:35:29 -04:00
cube Replace int2/int4 in C code with int16/int32 2012-06-25 01:51:46 +03:00
dblink Replace libpq's "row processor" API with a "single row" mode. 2012-08-02 13:10:30 -04:00
dict_int Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
dict_xsyn Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
dummy_seclabel Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
earthdistance Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
file_fdw Skip text->binary conversion of unnecessary columns in contrib/file_fdw. 2012-07-12 16:26:59 -04:00
fuzzystrmatch Even more duplicate word removal, in the spirit of the season 2012-05-02 20:56:03 +03:00
hstore Remove unreachable code 2012-07-16 22:15:03 +03:00
intagg Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
intarray Remove unreachable code 2012-07-16 22:15:03 +03:00
isn Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
lo Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
ltree Remove unreachable code 2012-07-16 22:15:03 +03:00
oid2name Make oid2name, pgbench, and vacuumlo set fallback_application_name. 2012-07-04 15:39:33 -04:00
pageinspect Replace XLogRecPtr struct with a 64-bit integer. 2012-06-24 19:19:45 +03:00
passwordcheck Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
pg_archivecleanup Make documentation of --help and --version options more consistent 2012-06-18 02:46:59 +03:00
pg_buffercache Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
pg_freespacemap Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
pg_standby Make documentation of --help and --version options more consistent 2012-06-18 02:46:59 +03:00
pg_stat_statements Make new event trigger facility actually do something. 2012-07-20 11:39:01 -04:00
pg_test_fsync Run pgindent on 9.2 source tree in preparation for first 9.3 2012-06-10 15:20:04 -04:00
pg_test_timing Run pgindent on 9.2 source tree in preparation for first 9.3 2012-06-10 15:20:04 -04:00
pg_trgm Replace int2/int4 in C code with int16/int32 2012-06-25 01:51:46 +03:00
pg_upgrade Prevent pg_upgrade from crashing if it can't write to the current 2012-08-10 17:14:48 -04:00
pg_upgrade_support Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
pgbench Make pgbench vacuum before building indexes. 2012-07-23 14:42:35 -04:00
pgcrypto Run pgindent on 9.2 source tree in preparation for first 9.3 2012-06-10 15:20:04 -04:00
pgrowlocks Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
pgstattuple Reduce messages about implicit indexes and sequences to DEBUG1. 2012-07-04 20:35:29 -04:00
seg Run newly-configured perltidy script on Perl files. 2012-07-04 21:47:49 -04:00
sepgsql Reduce messages about implicit indexes and sequences to DEBUG1. 2012-07-04 20:35:29 -04:00
spi Run pgindent on 9.2 source tree in preparation for first 9.3 2012-06-10 15:20:04 -04:00
sslinfo Lots of doc corrections. 2012-04-23 22:43:09 -04:00
start-scripts Support Linux's oom_score_adj API as well as the older oom_adj API. 2012-06-13 15:35:52 -04:00
tablefunc Reduce messages about implicit indexes and sequences to DEBUG1. 2012-07-04 20:35:29 -04:00
tcn Triggered change notifications. 2012-01-19 23:15:15 -05:00
test_parser Fix one-byte buffer overrun in contrib/test_parser. 2012-01-09 19:56:27 -05:00
tsearch2 Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
unaccent Fix some typos 2012-04-22 19:23:47 +03:00
uuid-ossp Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
vacuumlo Make oid2name, pgbench, and vacuumlo set fallback_application_name. 2012-07-04 15:39:33 -04:00
xml2 Prevent access to external files/URLs via contrib/xml2's xslt_process(). 2012-08-14 18:31:18 -04:00
contrib-global.mk Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
Makefile pg_test_timing utility, to measure clock monotonicity and timing cost. 2012-03-27 16:14:00 -04:00
README Update contrib/README 2012-04-14 09:29:54 +03:00

The PostgreSQL contrib tree
---------------------------

This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly
because they address a limited audience or are too experimental to be
part of the main source tree.  This does not preclude their
usefulness.

User documentation for each module appears in the main SGML
documentation.

When building from the source distribution, these modules are not
built automatically, unless you build the "world" target.  You can
also build and install them all by running "gmake all" and "gmake
install" in this directory; or to build and install just one selected
module, do the same in that module's subdirectory.

Some directories supply new user-defined functions, operators, or
types.  To make use of one of these modules, after you have installed
the code you need to register the new SQL objects in the database
system by executing a CREATE EXTENSION command.  In a fresh database,
you can simply do

    CREATE EXTENSION module_name;

See the PostgreSQL documentation for more information about this
procedure.