rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
56,474 Commits 36 Branches 606 Tags 423 MiB
C 86%
PLpgSQL 5.5%
Perl 4.1%
Yacc 1.3%
Makefile 0.7%
Other 2.3%
Go to file
Noah Misch f53511010b Reject substituting extension schemas or owners matching ["$'\]. 
Substituting such values in extension scripts facilitated SQL injection
when @extowner@, @extschema@, or @extschema:...@ appeared inside a
quoting construct (dollar quoting, '', or "").  No bundled extension was
vulnerable.  Vulnerable uses do appear in a documentation example and in
non-bundled extensions.  Hence, the attack prerequisite was an
administrator having installed files of a vulnerable, trusted,
non-bundled extension.  Subject to that prerequisite, this enabled an
attacker having database-level CREATE privilege to execute arbitrary
code as the bootstrap superuser.  By blocking this attack in the core
server, there's no need to modify individual extensions.  Back-patch to
v11 (all supported versions).

Reported by Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph
Berg.

Security: CVE-2023-39417
 		2023-08-07 06:05:59 -07:00
config Fix typos in comments 2023-05-02 12:23:08 +09:00
contrib Disallow replacing joins with scans in problematic cases. 2023-07-28 15:45:01 +09:00
doc Doc: update documentation for creating custom scan paths. 2023-08-03 17:45:01 +09:00
src Reject substituting extension schemas or owners matching ["$'\]. 2023-08-07 06:05:59 -07:00
.cirrus.yml ci: Remove OpenSSL 3.1 workaround for missing system CA 2023-04-24 11:40:23 +02:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.editorconfig Add .editorconfig 2019-12-18 09:13:13 +01:00
.git-blame-ignore-revs Add b334612b8 to .git-blame-ignore-revs. 2023-06-20 09:52:52 -04:00
.gitattributes gitattributes: Ignore imported pg_bsd_indent code for whitespace checks 2023-02-22 09:00:28 +01:00
.gitignore Update top-level .gitignore. 2022-12-04 15:23:00 -05:00
COPYRIGHT Update copyright for 2023 2023-01-02 15:00:37 -05:00
GNUmakefile.in Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
HISTORY Canonicalize some URLs 2020-02-10 20:47:50 +01:00
Makefile Dynamically find correct installation docs in Makefile. 2022-01-19 14:48:25 +01:00
README Canonicalize some URLs 2020-02-10 20:47:50 +01:00
README.git Canonicalize some URLs 2020-02-10 20:47:50 +01:00
aclocal.m4 autoconf: Move export_dynamic determination to configure 2022-12-06 18:55:28 -08:00
configure Stamp 16beta2. 2023-06-26 16:07:19 -04:00
configure.ac Stamp 16beta2. 2023-06-26 16:07:19 -04:00
meson.build meson: Tie adding C++ support to the llvm Meson option 2023-07-12 16:26:03 -07:00
meson_options.txt meson: Attach colon to keyword argument 2023-06-29 12:53:41 +02:00

README 

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	https://www.postgresql.org/download/

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
https://www.postgresql.org/download/.  For more information look at our
web site located at https://www.postgresql.org/.