postgresql/contrib
Alvaro Herrera 3e1338475f Add missing checks to some of pageinspect's BRIN functions
brin_page_type() and brin_metapage_info() did not enforce being called
by superuser, like other pageinspect functions that take bytea do.
Since they don't verify the passed page thoroughly, it is possible to
use them to read the server memory with a carefully crafted bytea value,
up to a file kilobytes from where the input bytea is located.

Have them throw errors if called by a non-superuser.

Report and initial patch: Andreas Seltenreich

Security: CVE-2016-3065
2016-03-28 10:57:42 -03:00
..
adminpack Update copyright for 2016 2016-01-02 13:33:40 -05:00
auth_delay Update copyright for 2016 2016-01-02 14:19:48 -05:00
auto_explain Rename auto_explain.sample_ratio to sample_rate 2016-03-13 13:18:03 +01:00
btree_gin
btree_gist Fix assorted inconsistencies in GiST opclass support function declarations. 2016-01-19 12:04:36 -05:00
chkpass
citext
cube Fix assorted inconsistencies in GiST opclass support function declarations. 2016-01-19 12:04:36 -05:00
dblink Update copyright for 2016 2016-01-02 13:33:40 -05:00
dict_int Update copyright for 2016 2016-01-02 13:33:40 -05:00
dict_xsyn Update copyright for 2016 2016-01-02 13:33:40 -05:00
earthdistance Add missed CREATE EXTENSION ... CASCADE regression test adjustment. 2015-10-03 21:31:51 +02:00
file_fdw Allow callers of create_foreignscan_path to specify nondefault PathTarget. 2016-03-14 17:31:28 -04:00
fuzzystrmatch Remove new coupling between NAMEDATALEN and MAX_LEVENSHTEIN_STRLEN. 2016-01-22 11:53:06 -05:00
hstore Make hstore_to_jsonb_loose match hstore_to_json_loose on what's a number. 2016-02-03 12:04:02 -05:00
hstore_plperl Use LOAD not actual code execution to pull in plpython library. 2016-01-11 20:06:36 -05:00
hstore_plpython Use LOAD not actual code execution to pull in plpython library. 2016-01-11 20:06:36 -05:00
intagg
intarray Fix assorted inconsistencies in GIN opclass support function declarations. 2016-01-19 22:32:22 -05:00
isn Update copyright for 2016 2016-01-02 13:33:40 -05:00
lo
ltree ltree: Zero padding bytes when allocating memory for externally visible data. 2016-03-08 14:59:29 -08:00
ltree_plpython Use LOAD not actual code execution to pull in plpython library. 2016-01-11 20:06:36 -05:00
oid2name
pageinspect Add missing checks to some of pageinspect's BRIN functions 2016-03-28 10:57:42 -03:00
passwordcheck Update copyright for 2016 2016-01-02 13:33:40 -05:00
pg_buffercache
pg_freespacemap
pg_prewarm Update copyright for 2016 2016-01-02 13:33:40 -05:00
pg_standby
pg_stat_statements Widen query numbers-of-tuples-processed counters to uint64. 2016-03-12 16:05:29 -05:00
pg_trgm Various minor corrections of and improvements to comments. 2016-03-18 09:38:59 -04:00
pg_visibility Add pg_visibility contrib module. 2016-03-08 08:42:01 -05:00
pgcrypto Fix typos. 2016-03-15 18:06:11 -04:00
pgrowlocks
pgstattuple Change the format of the VM fork to add a second bit per page. 2016-03-01 21:49:41 -05:00
postgres_fdw postgres_fdw: Fix crash when pushing down multiple joins. 2016-03-23 12:28:01 -04:00
seg Fix assorted inconsistencies in GiST opclass support function declarations. 2016-01-19 12:04:36 -05:00
sepgsql Don't use !! but != 0/NULL to force boolean evaluation. 2016-03-27 18:10:19 +02:00
spi Widen query numbers-of-tuples-processed counters to uint64. 2016-03-12 16:05:29 -05:00
sslinfo
start-scripts
tablefunc Widen query numbers-of-tuples-processed counters to uint64. 2016-03-12 16:05:29 -05:00
tcn Update copyright for 2016 2016-01-02 13:33:40 -05:00
test_decoding Fix phony .PHONY. 2016-03-19 17:19:37 -04:00
tsearch2 Fix assorted inconsistencies in GIN opclass support function declarations. 2016-01-19 22:32:22 -05:00
tsm_system_rows Update copyright for 2016 2016-01-02 13:33:40 -05:00
tsm_system_time Update copyright for 2016 2016-01-02 13:33:40 -05:00
unaccent fix typo in comment 2016-03-16 17:18:14 +03:00
uuid-ossp Update copyright for 2016 2016-01-02 13:33:40 -05:00
vacuumlo Update copyright for 2016 2016-01-02 13:33:40 -05:00
xml2 Widen query numbers-of-tuples-processed counters to uint64. 2016-03-12 16:05:29 -05:00
contrib-global.mk Respect TEMP_CONFIG when pg_regress_check and friends are called 2016-02-27 12:28:21 -05:00
Makefile Add pg_visibility contrib module. 2016-03-08 08:42:01 -05:00
README

The PostgreSQL contrib tree
---------------------------

This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly
because they address a limited audience or are too experimental to be
part of the main source tree.  This does not preclude their
usefulness.

User documentation for each module appears in the main SGML
documentation.

When building from the source distribution, these modules are not
built automatically, unless you build the "world" target.  You can
also build and install them all by running "make all" and "make
install" in this directory; or to build and install just one selected
module, do the same in that module's subdirectory.

Some directories supply new user-defined functions, operators, or
types.  To make use of one of these modules, after you have installed
the code you need to register the new SQL objects in the database
system by executing a CREATE EXTENSION command.  In a fresh database,
you can simply do

    CREATE EXTENSION module_name;

See the PostgreSQL documentation for more information about this
procedure.