This is a minor release to address CVEs and other bug fixes without new features. Remove patches that are fixed in this release. Release notes are available at:
https://www.postgresql.org/docs/release/14.6/ https://www.postgresql.org/docs/release/14.7/ https://www.postgresql.org/docs/release/14.8/ https://www.postgresql.org/docs/release/14.9/ License-Update: Copyright year updated Signed-off-by: Robert Joslyn <[email protected]> --- ...rminate-GSS-receive-buffer-on-error-.patch | 50 ---- .../postgresql/files/CVE-2023-2454.patch | 235 ------------------ .../postgresql/files/CVE-2023-2455.patch | 118 --------- .../postgresql/files/remove_duplicate.patch | 38 --- ...{postgresql_14.5.bb => postgresql_14.9.bb} | 8 +- 5 files changed, 2 insertions(+), 447 deletions(-) delete mode 100644 meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-2454.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2023-2455.patch delete mode 100644 meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch rename meta-oe/recipes-dbs/postgresql/{postgresql_14.5.bb => postgresql_14.9.bb} (54%) diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch deleted file mode 100644 index 2d11b1888..000000000 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 586b074026d703c29057b04b1318e984701fe195 Mon Sep 17 00:00:00 2001 -From: Changqing Li <[email protected]> -Date: Thu, 2 Mar 2023 19:10:47 +0800 -Subject: [PATCH] Properly NULL-terminate GSS receive buffer on error packet - reception - -pqsecure_open_gss() includes a code path handling error messages with -v2-style protocol messages coming from the server. The client-side -buffer holding the error message does not force a NULL-termination, with -the data of the server getting copied to the errorMessage of the -connection. Hence, it would be possible for a server to send an -unterminated string and copy arbitrary bytes in the buffer receiving the -error message in the client, opening the door to a crash or even data -exposure. - -As at this stage of the authentication process the exchange has not been -completed yet, this could be abused by an attacker without Kerberos -credentials. Clients that have a valid kerberos cache are vulnerable as -libpq opportunistically requests for it except if gssencmode is -disabled. - -Author: Jacob Champion -Backpatch-through: 12 -Security: CVE-2022-41862 - -Upstream-Status: Backport [https://github.com/postgres/postgres/commit/71c37797d7bd78266146a5829ab62b3687c47295] -CVE: CVE-2022-41862 - -Signed-off-by: Changqing Li <[email protected]> ---- - src/interfaces/libpq/fe-secure-gssapi.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c -index c783a53..a42ebc0 100644 ---- a/src/interfaces/libpq/fe-secure-gssapi.c -+++ b/src/interfaces/libpq/fe-secure-gssapi.c -@@ -577,7 +577,8 @@ pqsecure_open_gss(PGconn *conn) - return result; - - PqGSSRecvLength += ret; -- -+ Assert(PqGSSRecvLength < PQ_GSS_RECV_BUFFER_SIZE); -+ PqGSSRecvBuffer[PqGSSRecvLength] = '\0'; - appendPQExpBuffer(&conn->errorMessage, "%s\n", PqGSSRecvBuffer + 1); - - return PGRES_POLLING_FAILED; --- -2.25.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2023-2454.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2023-2454.patch deleted file mode 100644 index a2f6927e3..000000000 --- a/meta-oe/recipes-dbs/postgresql/files/CVE-2023-2454.patch +++ /dev/null @@ -1,235 +0,0 @@ -From 23cb8eaeb97df350273cb8902e55842a955339c8 Mon Sep 17 00:00:00 2001 -From: Noah Misch <[email protected]> -Date: Mon, 8 May 2023 06:14:07 -0700 -Subject: [PATCH] Replace last PushOverrideSearchPath() call with - set_config_option(). - -The two methods don't cooperate, so set_config_option("search_path", -...) has been ineffective under non-empty overrideStack. This defect -enabled an attacker having database-level CREATE privilege to execute -arbitrary code as the bootstrap superuser. While that particular attack -requires v13+ for the trusted extension attribute, other attacks are -feasible in all supported versions. - -Standardize on the combination of NewGUCNestLevel() and -set_config_option("search_path", ...). It is newer than -PushOverrideSearchPath(), more-prevalent, and has no known -disadvantages. The "override" mechanism remains for now, for -compatibility with out-of-tree code. Users should update such code, -which likely suffers from the same sort of vulnerability closed here. -Back-patch to v11 (all supported versions). - -Alexander Lakhin. Reported by Alexander Lakhin. - -Security: CVE-2023-2454 - -Upstream-Status: Backport [https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=23cb8eaeb97df350273cb8902e55842a955339c8] -CVE: CVE-2023-2454 -Signed-off-by: Vivek Kumbhar <[email protected]> ---- - src/backend/catalog/namespace.c | 4 +++ - src/backend/commands/schemacmds.c | 37 ++++++++++++++------ - src/test/regress/expected/namespace.out | 45 +++++++++++++++++++++++++ - src/test/regress/sql/namespace.sql | 24 +++++++++++++ - 4 files changed, 100 insertions(+), 10 deletions(-) - -diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c -index 81b6472..0175a91 100644 ---- a/src/backend/catalog/namespace.c -+++ b/src/backend/catalog/namespace.c -@@ -3518,6 +3518,10 @@ OverrideSearchPathMatchesCurrent(OverrideSearchPath *path) - /* - * PushOverrideSearchPath - temporarily override the search path - * -+ * Do not use this function; almost any usage introduces a security -+ * vulnerability. It exists for the benefit of legacy code running in -+ * non-security-sensitive environments. -+ * - * We allow nested overrides, hence the push/pop terminology. The GUC - * search_path variable is ignored while an override is active. - * -diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c -index 66306d1..ecd0cbb 100644 ---- a/src/backend/commands/schemacmds.c -+++ b/src/backend/commands/schemacmds.c -@@ -29,6 +29,7 @@ - #include "commands/schemacmds.h" - #include "miscadmin.h" - #include "parser/parse_utilcmd.h" -+#include "parser/scansup.h" - #include "tcop/utility.h" - #include "utils/acl.h" - #include "utils/builtins.h" -@@ -52,14 +53,16 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString, - { - const char *schemaName = stmt->schemaname; - Oid namespaceId; -- OverrideSearchPath *overridePath; - List *parsetree_list; - ListCell *parsetree_item; - Oid owner_uid; - Oid saved_uid; - int save_sec_context; -+ int save_nestlevel; -+ char *nsp = namespace_search_path; - AclResult aclresult; - ObjectAddress address; -+ StringInfoData pathbuf; - - GetUserIdAndSecContext(&saved_uid, &save_sec_context); - -@@ -152,14 +155,26 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString, - CommandCounterIncrement(); - - /* -- * Temporarily make the new namespace be the front of the search path, as -- * well as the default creation target namespace. This will be undone at -- * the end of this routine, or upon error. -+ * Prepend the new schema to the current search path. -+ * -+ * We use the equivalent of a function SET option to allow the setting to -+ * persist for exactly the duration of the schema creation. guc.c also -+ * takes care of undoing the setting on error. - */ -- overridePath = GetOverrideSearchPath(CurrentMemoryContext); -- overridePath->schemas = lcons_oid(namespaceId, overridePath->schemas); -- /* XXX should we clear overridePath->useTemp? */ -- PushOverrideSearchPath(overridePath); -+ save_nestlevel = NewGUCNestLevel(); -+ -+ initStringInfo(&pathbuf); -+ appendStringInfoString(&pathbuf, quote_identifier(schemaName)); -+ -+ while (scanner_isspace(*nsp)) -+ nsp++; -+ -+ if (*nsp != '\0') -+ appendStringInfo(&pathbuf, ", %s", nsp); -+ -+ (void) set_config_option("search_path", pathbuf.data, -+ PGC_USERSET, PGC_S_SESSION, -+ GUC_ACTION_SAVE, true, 0, false); - - /* - * Report the new schema to possibly interested event triggers. Note we -@@ -213,8 +228,10 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString, - CommandCounterIncrement(); - } - -- /* Reset search path to normal state */ -- PopOverrideSearchPath(); -+ /* -+ * Restore the GUC variable search_path we set above. -+ */ -+ AtEOXact_GUC(true, save_nestlevel); - - /* Reset current user and security context */ - SetUserIdAndSecContext(saved_uid, save_sec_context); -diff --git a/src/test/regress/expected/namespace.out b/src/test/regress/expected/namespace.out -index 2564d1b..a62fd8d 100644 ---- a/src/test/regress/expected/namespace.out -+++ b/src/test/regress/expected/namespace.out -@@ -1,6 +1,14 @@ - -- - -- Regression tests for schemas (namespaces) - -- -+-- set the whitespace-only search_path to test that the -+-- GUC list syntax is preserved during a schema creation -+SELECT pg_catalog.set_config('search_path', ' ', false); -+ set_config -+------------ -+ -+(1 row) -+ - CREATE SCHEMA test_ns_schema_1 - CREATE UNIQUE INDEX abc_a_idx ON abc (a) - CREATE VIEW abc_view AS -@@ -9,6 +17,43 @@ CREATE SCHEMA test_ns_schema_1 - a serial, - b int UNIQUE - ); -+-- verify that the correct search_path restored on abort -+SET search_path to public; -+BEGIN; -+SET search_path to public, test_ns_schema_1; -+CREATE SCHEMA test_ns_schema_2 -+ CREATE VIEW abc_view AS SELECT c FROM abc; -+ERROR: column "c" does not exist -+LINE 2: CREATE VIEW abc_view AS SELECT c FROM abc; -+ ^ -+COMMIT; -+SHOW search_path; -+ search_path -+------------- -+ public -+(1 row) -+ -+-- verify that the correct search_path preserved -+-- after creating the schema and on commit -+BEGIN; -+SET search_path to public, test_ns_schema_1; -+CREATE SCHEMA test_ns_schema_2 -+ CREATE VIEW abc_view AS SELECT a FROM abc; -+SHOW search_path; -+ search_path -+-------------------------- -+ public, test_ns_schema_1 -+(1 row) -+ -+COMMIT; -+SHOW search_path; -+ search_path -+-------------------------- -+ public, test_ns_schema_1 -+(1 row) -+ -+DROP SCHEMA test_ns_schema_2 CASCADE; -+NOTICE: drop cascades to view test_ns_schema_2.abc_view - -- verify that the objects were created - SELECT COUNT(*) FROM pg_class WHERE relnamespace = - (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1'); -diff --git a/src/test/regress/sql/namespace.sql b/src/test/regress/sql/namespace.sql -index 6b12c96..3474f5e 100644 ---- a/src/test/regress/sql/namespace.sql -+++ b/src/test/regress/sql/namespace.sql -@@ -2,6 +2,10 @@ - -- Regression tests for schemas (namespaces) - -- - -+-- set the whitespace-only search_path to test that the -+-- GUC list syntax is preserved during a schema creation -+SELECT pg_catalog.set_config('search_path', ' ', false); -+ - CREATE SCHEMA test_ns_schema_1 - CREATE UNIQUE INDEX abc_a_idx ON abc (a) - -@@ -13,6 +17,26 @@ CREATE SCHEMA test_ns_schema_1 - b int UNIQUE - ); - -+-- verify that the correct search_path restored on abort -+SET search_path to public; -+BEGIN; -+SET search_path to public, test_ns_schema_1; -+CREATE SCHEMA test_ns_schema_2 -+ CREATE VIEW abc_view AS SELECT c FROM abc; -+COMMIT; -+SHOW search_path; -+ -+-- verify that the correct search_path preserved -+-- after creating the schema and on commit -+BEGIN; -+SET search_path to public, test_ns_schema_1; -+CREATE SCHEMA test_ns_schema_2 -+ CREATE VIEW abc_view AS SELECT a FROM abc; -+SHOW search_path; -+COMMIT; -+SHOW search_path; -+DROP SCHEMA test_ns_schema_2 CASCADE; -+ - -- verify that the objects were created - SELECT COUNT(*) FROM pg_class WHERE relnamespace = - (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1'); --- -2.25.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/CVE-2023-2455.patch b/meta-oe/recipes-dbs/postgresql/files/CVE-2023-2455.patch deleted file mode 100644 index a94c65cc0..000000000 --- a/meta-oe/recipes-dbs/postgresql/files/CVE-2023-2455.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 473626cf00babd829eb15c36b51dfb358d32bc95 Mon Sep 17 00:00:00 2001 -From: Tom Lane <[email protected]> -Date: Mon, 8 May 2023 10:12:45 -0400 -Subject: [PATCH] Handle RLS dependencies in inlined set-returning functions - properly. - -If an SRF in the FROM clause references a table having row-level -security policies, and we inline that SRF into the calling query, -we neglected to mark the plan as potentially dependent on which -role is executing it. This could lead to later executions in the -same session returning or hiding rows that should have been hidden -or returned instead. - -Our thanks to Wolfgang Walther for reporting this problem. - -Stephen Frost and Tom Lane - -Security: CVE-2023-2455 - -Upstream-Status: Backport [https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=473626cf00babd829eb15c36b51dfb358d32bc95] -CVE: CVE-2023-2455 -Signed-off-by: Vivek Kumbhar <[email protected]> ---- - src/backend/optimizer/util/clauses.c | 7 ++++++ - src/test/regress/expected/rowsecurity.out | 27 +++++++++++++++++++++++ - src/test/regress/sql/rowsecurity.sql | 20 +++++++++++++++++ - 3 files changed, 54 insertions(+) - -diff --git a/src/backend/optimizer/util/clauses.c b/src/backend/optimizer/util/clauses.c -index 9d7aa8b..da50bef 100644 ---- a/src/backend/optimizer/util/clauses.c -+++ b/src/backend/optimizer/util/clauses.c -@@ -5095,6 +5095,13 @@ inline_set_returning_function(PlannerInfo *root, RangeTblEntry *rte) - */ - record_plan_function_dependency(root, func_oid); - -+ /* -+ * We must also notice if the inserted query adds a dependency on the -+ * calling role due to RLS quals. -+ */ -+ if (querytree->hasRowSecurity) -+ root->glob->dependsOnRole = true; -+ - return querytree; - - /* Here if func is not inlinable: release temp memory and return NULL */ -diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out -index 89397e4..379f988 100644 ---- a/src/test/regress/expected/rowsecurity.out -+++ b/src/test/regress/expected/rowsecurity.out -@@ -3982,6 +3982,33 @@ SELECT * FROM rls_tbl; - - DROP TABLE rls_tbl; - RESET SESSION AUTHORIZATION; -+-- CVE-2023-2455: inlining an SRF may introduce an RLS dependency -+create table rls_t (c text); -+insert into rls_t values ('invisible to bob'); -+alter table rls_t enable row level security; -+grant select on rls_t to regress_rls_alice, regress_rls_bob; -+create policy p1 on rls_t for select to regress_rls_alice using (true); -+create policy p2 on rls_t for select to regress_rls_bob using (false); -+create function rls_f () returns setof rls_t -+ stable language sql -+ as $$ select * from rls_t $$; -+prepare q as select current_user, * from rls_f(); -+set role regress_rls_alice; -+execute q; -+ current_user | c -+-------------------+------------------ -+ regress_rls_alice | invisible to bob -+(1 row) -+ -+set role regress_rls_bob; -+execute q; -+ current_user | c -+--------------+--- -+(0 rows) -+ -+RESET ROLE; -+DROP FUNCTION rls_f(); -+DROP TABLE rls_t; - -- - -- Clean up objects - -- -diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql -index 44deb42..3015d89 100644 ---- a/src/test/regress/sql/rowsecurity.sql -+++ b/src/test/regress/sql/rowsecurity.sql -@@ -1839,6 +1839,26 @@ SELECT * FROM rls_tbl; - DROP TABLE rls_tbl; - RESET SESSION AUTHORIZATION; - -+-- CVE-2023-2455: inlining an SRF may introduce an RLS dependency -+create table rls_t (c text); -+insert into rls_t values ('invisible to bob'); -+alter table rls_t enable row level security; -+grant select on rls_t to regress_rls_alice, regress_rls_bob; -+create policy p1 on rls_t for select to regress_rls_alice using (true); -+create policy p2 on rls_t for select to regress_rls_bob using (false); -+create function rls_f () returns setof rls_t -+ stable language sql -+ as $$ select * from rls_t $$; -+prepare q as select current_user, * from rls_f(); -+set role regress_rls_alice; -+execute q; -+set role regress_rls_bob; -+execute q; -+ -+RESET ROLE; -+DROP FUNCTION rls_f(); -+DROP TABLE rls_t; -+ - -- - -- Clean up objects - -- --- -2.25.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch b/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch deleted file mode 100644 index 92a3dcc71..000000000 --- a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch +++ /dev/null @@ -1,38 +0,0 @@ -Remove duplicate code for riscv - -Upstream-Status: Pending -Signed-off-by: Khem Raj <[email protected]> - ---- a/src/include/storage/s_lock.h -+++ b/src/include/storage/s_lock.h -@@ -341,30 +341,6 @@ tas(volatile slock_t *lock) - #endif /* HAVE_GCC__SYNC_INT32_TAS */ - #endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - -- --/* -- * RISC-V likewise uses __sync_lock_test_and_set(int *, int) if available. -- */ --#if defined(__riscv) --#ifdef HAVE_GCC__SYNC_INT32_TAS --#define HAS_TEST_AND_SET -- --#define TAS(lock) tas(lock) -- --typedef int slock_t; -- --static __inline__ int --tas(volatile slock_t *lock) --{ -- return __sync_lock_test_and_set(lock, 1); --} -- --#define S_UNLOCK(lock) __sync_lock_release(lock) -- --#endif /* HAVE_GCC__SYNC_INT32_TAS */ --#endif /* __riscv */ -- -- - /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ - #if defined(__s390__) || defined(__s390x__) - #define HAS_TEST_AND_SET diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.9.bb similarity index 54% rename from meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb rename to meta-oe/recipes-dbs/postgresql/postgresql_14.9.bb index 315f6db56..f779ea7ab 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb +++ b/meta-oe/recipes-dbs/postgresql/postgresql_14.9.bb @@ -1,21 +1,17 @@ require postgresql.inc -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=75af6e3eeec4a06cdd2e578673236fc3" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=c31f662bb2bfb3b4187fe9a53e0ffe7c" SRC_URI += "\ file://not-check-libperl.patch \ file://0001-Add-support-for-RISC-V.patch \ file://0001-Improve-reproducibility.patch \ file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ - file://remove_duplicate.patch \ file://0001-config_info.c-not-expose-build-info.patch \ - file://0001-Properly-NULL-terminate-GSS-receive-buffer-on-error-.patch \ file://0001-postgresql-fix-ptest-failure-of-sysviews.patch \ - file://CVE-2023-2454.patch \ - file://CVE-2023-2455.patch \ " -SRC_URI[sha256sum] = "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30" +SRC_URI[sha256sum] = "b1fe3ba9b1a7f3a9637dd1656dfdad2889016073fd4d35f13b50143cbbb6a8ef" CVE_CHECK_IGNORE += "\ CVE-2017-8806 \ -- 2.41.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104503): https://lists.openembedded.org/g/openembedded-devel/message/104503 Mute This Topic: https://lists.openembedded.org/mt/100866164/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
