diff --git a/postgresql-10.23-CVE-2023-2454.patch b/postgresql-10.23-CVE-2023-2454.patch index cdc46b4..736790a 100644 --- a/postgresql-10.23-CVE-2023-2454.patch +++ b/postgresql-10.23-CVE-2023-2454.patch @@ -35,95 +35,6 @@ Security: CVE-2023-2454 create mode 100644 contrib/seg/expected/security.out create mode 100644 contrib/seg/sql/security.sql -diff --git a/contrib/seg/Makefile b/contrib/seg/Makefile -index c6c134b8f1..a1e49bf051 100644 ---- a/contrib/seg/Makefile -+++ b/contrib/seg/Makefile -@@ -14,7 +14,7 @@ PGFILEDESC = "seg - line segment data type" - DATA = seg--1.1.sql seg--1.0--1.1.sql seg--unpackaged--1.0.sql - PGFILEDESC = "seg - line segment data type" - --REGRESS = seg -+REGRESS = security seg - - EXTRA_CLEAN = y.tab.c y.tab.h - -diff --git a/contrib/seg/expected/security.out b/contrib/seg/expected/security.out -new file mode 100644 -index 0000000000..b47598d039 ---- /dev/null -+++ b/contrib/seg/expected/security.out -@@ -0,0 +1,32 @@ -+-- -+-- Test extension script protection against search path overriding -+-- -+CREATE ROLE regress_seg_role; -+SELECT current_database() AS datname \gset -+GRANT CREATE ON DATABASE :"datname" TO regress_seg_role; -+SET ROLE regress_seg_role; -+CREATE SCHEMA regress_seg_schema; -+CREATE FUNCTION regress_seg_schema.exfun(i int) RETURNS int AS $$ -+BEGIN -+ CREATE EXTENSION seg VERSION '1.2'; -+ -+ CREATE FUNCTION regress_seg_schema.compare(oid, regclass) RETURNS boolean AS -+ 'BEGIN RAISE EXCEPTION ''overloaded compare() called by %'', current_user; END;' LANGUAGE plpgsql; -+ -+ CREATE OPERATOR = (LEFTARG = oid, RIGHTARG = regclass, PROCEDURE = regress_seg_schema.compare); -+ -+ ALTER EXTENSION seg UPDATE TO '1.3'; -+ -+ RETURN i; -+END; $$ LANGUAGE plpgsql; -+CREATE SCHEMA test_schema -+CREATE TABLE t(i int) PARTITION BY RANGE (i) -+CREATE TABLE p1 PARTITION OF t FOR VALUES FROM (1) TO (regress_seg_schema.exfun(2)); -+DROP SCHEMA test_schema CASCADE; -+NOTICE: drop cascades to 3 other objects -+DETAIL: drop cascades to table test_schema.t -+drop cascades to extension seg -+drop cascades to operator test_schema.=(oid,regclass) -+RESET ROLE; -+DROP OWNED BY regress_seg_role; -+DROP ROLE regress_seg_role; -diff --git a/contrib/seg/sql/security.sql b/contrib/seg/sql/security.sql -new file mode 100644 -index 0000000000..7dfbbaa304 ---- /dev/null -+++ b/contrib/seg/sql/security.sql -@@ -0,0 +1,32 @@ -+-- -+-- Test extension script protection against search path overriding -+-- -+ -+CREATE ROLE regress_seg_role; -+SELECT current_database() AS datname \gset -+GRANT CREATE ON DATABASE :"datname" TO regress_seg_role; -+SET ROLE regress_seg_role; -+CREATE SCHEMA regress_seg_schema; -+ -+CREATE FUNCTION regress_seg_schema.exfun(i int) RETURNS int AS $$ -+BEGIN -+ CREATE EXTENSION seg VERSION '1.2'; -+ -+ CREATE FUNCTION regress_seg_schema.compare(oid, regclass) RETURNS boolean AS -+ 'BEGIN RAISE EXCEPTION ''overloaded compare() called by %'', current_user; END;' LANGUAGE plpgsql; -+ -+ CREATE OPERATOR = (LEFTARG = oid, RIGHTARG = regclass, PROCEDURE = regress_seg_schema.compare); -+ -+ ALTER EXTENSION seg UPDATE TO '1.3'; -+ -+ RETURN i; -+END; $$ LANGUAGE plpgsql; -+ -+CREATE SCHEMA test_schema -+CREATE TABLE t(i int) PARTITION BY RANGE (i) -+CREATE TABLE p1 PARTITION OF t FOR VALUES FROM (1) TO (regress_seg_schema.exfun(2)); -+ -+DROP SCHEMA test_schema CASCADE; -+RESET ROLE; -+DROP OWNED BY regress_seg_role; -+DROP ROLE regress_seg_role; diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c index 14e57adee2..73ddb67882 100644 --- a/src/backend/catalog/namespace.c