[COMMITTERS] pgsql: Always require SELECT permission for ON CONFLICT DO UPDATE.
Always require SELECT permission for ON CONFLICT DO UPDATE. The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table's SELECT policies when the update path was taken (regardless of how the arbiter index was specified). Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced. Security: CVE-2017-15099 Branch -- REL9_6_STABLE Details --- https://git.postgresql.org/pg/commitdiff/1f23d1cd21ed46dba882729bedd9c40b71995989 Modified Files -- src/backend/catalog/pg_constraint.c | 98 +++ src/backend/parser/parse_clause.c | 21 ++- src/backend/rewrite/rowsecurity.c | 20 ++- src/include/catalog/pg_constraint_fn.h| 2 + src/test/regress/expected/privileges.out | 16 - src/test/regress/expected/rowsecurity.out | 15 - src/test/regress/sql/privileges.sql | 19 +- src/test/regress/sql/rowsecurity.sql | 14 - 8 files changed, 194 insertions(+), 11 deletions(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
[COMMITTERS] pgsql: Always require SELECT permission for ON CONFLICT DO UPDATE.
Always require SELECT permission for ON CONFLICT DO UPDATE. The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table's SELECT policies when the update path was taken (regardless of how the arbiter index was specified). Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced. Security: CVE-2017-15099 Branch -- REL_10_STABLE Details --- https://git.postgresql.org/pg/commitdiff/3f80895723037c0d1c684dbdd50b7e03453df90f Modified Files -- src/backend/catalog/pg_constraint.c | 98 +++ src/backend/parser/parse_clause.c | 21 ++- src/backend/rewrite/rowsecurity.c | 20 ++- src/include/catalog/pg_constraint_fn.h| 2 + src/test/regress/expected/privileges.out | 16 - src/test/regress/expected/rowsecurity.out | 15 - src/test/regress/sql/privileges.sql | 19 +- src/test/regress/sql/rowsecurity.sql | 14 - 8 files changed, 194 insertions(+), 11 deletions(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
[COMMITTERS] pgsql: Always require SELECT permission for ON CONFLICT DO UPDATE.
Always require SELECT permission for ON CONFLICT DO UPDATE. The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table's SELECT policies when the update path was taken (regardless of how the arbiter index was specified). Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced. Security: CVE-2017-15099 Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/87b2ebd352c4afe1ded0841604b59a3afbae97d1 Modified Files -- src/backend/catalog/pg_constraint.c | 98 +++ src/backend/parser/parse_clause.c | 21 ++- src/backend/rewrite/rowsecurity.c | 20 ++- src/include/catalog/pg_constraint_fn.h| 2 + src/test/regress/expected/privileges.out | 16 - src/test/regress/expected/rowsecurity.out | 15 - src/test/regress/sql/privileges.sql | 19 +- src/test/regress/sql/rowsecurity.sql | 14 - 8 files changed, 194 insertions(+), 11 deletions(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
[COMMITTERS] pgsql: Always require SELECT permission for ON CONFLICT DO UPDATE.
Always require SELECT permission for ON CONFLICT DO UPDATE. The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table's SELECT policies when the update path was taken (regardless of how the arbiter index was specified). Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced. Security: CVE-2017-15099 Branch -- REL9_5_STABLE Details --- https://git.postgresql.org/pg/commitdiff/045a1f38bd46f5b50e145470095f461cc41c Modified Files -- src/backend/catalog/pg_constraint.c | 99 +++ src/backend/parser/parse_clause.c | 21 ++- src/backend/rewrite/rowsecurity.c | 20 ++- src/include/catalog/pg_constraint.h | 2 + src/test/regress/expected/privileges.out | 18 +- src/test/regress/expected/rowsecurity.out | 15 - src/test/regress/sql/privileges.sql | 21 ++- src/test/regress/sql/rowsecurity.sql | 14 - 8 files changed, 197 insertions(+), 13 deletions(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
