Again match pg_user_mappings to information_schema.user_mapping_options. Commit 3eefc51053f250837c3115c12f8119d16881a2d7 claimed to make pg_user_mappings enforce the qualifications user_mapping_options had been enforcing, but its removal of a longstanding restriction left them distinct when the current user is the subject of a mapping yet has no server privileges. user_mapping_options emits no rows for such a mapping, but pg_user_mappings includes full umoptions. Change pg_user_mappings to show null for umoptions. Back-patch to 9.2, like the above commit.
Reviewed by Tom Lane. Reported by Jeff Janes. Security: CVE-2017-7547 Branch ------ REL9_5_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/36f9f60958d471c62515494a0c7b0058e578c2eb Modified Files -------------- doc/src/sgml/catalogs.sgml | 32 +++++++++++++++++++----- src/backend/catalog/system_views.sql | 4 ++- src/test/regress/expected/foreign_data.out | 39 +++++++++++++++--------------- src/test/regress/expected/rules.out | 2 +- src/test/regress/sql/foreign_data.sql | 19 +++++++++------ 5 files changed, 61 insertions(+), 35 deletions(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
