1
0
mirror of https://github.com/postgres/postgres.git synced 2025-10-25 13:17:41 +03:00
Commit Graph

25 Commits

Author SHA1 Message Date
Noah Misch
254eb04f17 Obstruct shell, SQL, and conninfo injection via database and role names.
Due to simplistic quoting and confusion of database names with conninfo
strings, roles with the CREATEDB or CREATEROLE option could escalate to
superuser privileges when a superuser next ran certain maintenance
commands.  The new coding rule for PQconnectdbParams() calls, documented
at conninfo_array_parse(), is to pass expand_dbname=true and wrap
literal database names in a trivial connection string.  Escape
zero-length values in appendConnStrVal().  Back-patch to 9.1 (all
supported versions).

Nathan Bossart, Michael Paquier, and Noah Misch.  Reviewed by Peter
Eisentraut.  Reported by Nathan Bossart.

Security: CVE-2016-5424
2016-08-08 10:07:51 -04:00
Bruce Momjian
f91c4e326a pg_upgrade: fix CopyFile() on Windows to fail on file existence
Also fix getErrorText() to return the right error string on failure.
This behavior now matches that of other operating systems.

Report by Noah Misch

Backpatch through 9.1
2015-11-24 17:18:28 -05:00
Peter Eisentraut
2f8e68bd7e Fix whitespace 2014-05-15 13:23:31 -04:00
Bruce Momjian
bb797b6404 pg_upgrade: error out on 'line' data type usage
The data type internal format changed in 9.4.  Also mention this in the
9.4 release notes.
2014-05-14 16:26:13 -04:00
Bruce Momjian
7e04792a1c Update copyright for 2014
Update all files in head, and files COPYRIGHT and legal.sgml in all back
branches.
2014-01-07 16:05:30 -05:00
Peter Eisentraut
264aa14a2f pg_upgrade: Split off pg_fatal() from pg_log()
This allows decorating pg_fatal() with noreturn compiler hints, leading
to better diagnostics.

Reviewed-by: Marko Tiikkaja <marko@joh.to>
2013-10-09 22:48:41 -04:00
Alvaro Herrera
8396447cdb Create libpgcommon, and move pg_malloc et al to it
libpgcommon is a new static library to allow sharing code among the
various frontend programs and backend; this lets us eliminate duplicate
implementations of common routines.  We avoid libpgport, because that's
intended as a place for porting issues; per discussion, it seems better
to keep them separate.

The first use case, and the only implemented by this patch, is pg_malloc
and friends, which many frontend programs were already using.

At the same time, we can use this to provide palloc emulation functions
for the frontend; this way, some palloc-using files in the backend can
also be used by the frontend cleanly.  To do this, we change palloc() in
the backend to be a function instead of a macro on top of
MemoryContextAlloc().  This was previously believed to cause loss of
performance, but this implementation has been tweaked by Tom and Andres
so that on modern compilers it provides a slight improvement over the
previous one.

This lets us clean up some places that were already with
localized hacks.

Most of the pg_malloc/palloc changes in this patch were authored by
Andres Freund. Zoltán Böszörményi also independently provided a form of
that.  libpgcommon infrastructure was authored by Álvaro.
2013-02-12 11:21:05 -03:00
Bruce Momjian
bd61a623ac Update copyrights for 2013
Fully update git head, and update back branches in ./COPYRIGHT and
legal.sgml files.
2013-01-01 17:15:01 -05:00
Bruce Momjian
717f6d6085 In pg_upgrade, add various logging improvements:
add ability to control permissions of created files
	have psql echo its queries for easier debugging
	output four separate log files, and delete them on success
	add -r/--retain option to keep log files after success
	make logs file append-only
	remove -g/-G/-l logging options
	sugggest tailing appropriate log file on failure
	enhance -v/--verbose behavior
2012-03-12 19:48:03 -04:00
Bruce Momjian
e126958c2e Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
Bruce Momjian
6416a82a62 Remove unnecessary #include references, per pgrminclude script. 2011-09-01 10:04:27 -04:00
Bruce Momjian
f1312b5ed3 Add postgres.h to *.c files for pg_upgrade, ltree, and btree_gist, and
remove from local *.h files.

Per suggestion from Alvaro.
2011-08-26 21:16:24 -04:00
Peter Eisentraut
912bc4f038 Make pg_upgrade output more consistent with project style
Add errno-based output to error messages where appropriate, reformat
blocks to about 72 characters per line, use spaces instead of tabs for
indentation, and other style adjustments.
2011-07-12 07:13:51 +03:00
Bruce Momjian
5c5f83507c Adjust pg_upgrade FATAL error messages to have consistent newlines.
Also adjust some error message capitalization for consistency.
2011-05-06 21:47:42 -04:00
Bruce Momjian
d367d41d66 Fix file descriptor leaks in pg_upgrade in failure code paths. 2011-03-08 21:36:17 -05:00
Bruce Momjian
5d950e3b0c Stamp copyrights for year 2011. 2011-01-01 13:18:15 -05:00
Bruce Momjian
6e6bee987f In pg_upgrade, remove use of whichCluster, and just pass old/new cluster
pointers, which simplifies the code.  This was not possible in 9.0 because
everything was in a single nested struct, but is possible now.

Per suggestion from Tom.
2011-01-01 12:06:36 -05:00
Bruce Momjian
16b5e08dec Use "upgrade" in preference over "migrate" in pg_upgrade messages and
documentation.  (Many were left over from the old pg_migrator naming.)
2010-12-15 07:11:31 -05:00
Bruce Momjian
e13f7e9a71 Restructure the pg_upgrade code to use several global structures rather
than packing everything into 'ctx' and passing that to every function.
2010-10-19 21:38:34 +00:00
Magnus Hagander
9f2e211386 Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
Bruce Momjian
da254e3d16 Make pg_upgrade copyrights just 2010, not 2010-2010. 2010-07-03 16:33:15 +00:00
Bruce Momjian
de255a6eb1 Add copyrights to pg_upgrade and pg_upgrade_tools files, per Tom. 2010-07-03 16:25:01 +00:00
Bruce Momjian
ccbe0c14e6 Add CVS tags to pg_upgrade and pg_upgrade_support files, per request
from Tom.
2010-07-03 14:23:14 +00:00
Bruce Momjian
1dc7c796c9 Have pg_upgrade create its output files in the current directory, rather
than in a subdirectory of the $HOME directory, or $TMP in Windows.
2010-06-12 17:05:29 +00:00
Bruce Momjian
c2e9b2f288 Add pg_upgrade to /contrib; will be in 9.0 beta2.
Add documentation.

Supports migration from PG 8.3 and 8.4.
2010-05-12 02:19:11 +00:00