![]() Fix race condition when checking transaction visibility (Simon Riggs).To prevent inconsistency without breaking use-cases that work today, force an implicit commit after such commands. #UNINSTALL POSTGRES APP MAC SERIES#The mechanisms intended to prevent that situation turn out to work for multiple commands in a simple-Query message, but not for a series of extended-protocol messages. If the client does not send a Sync message immediately after such a command, but instead sends another command, any failure in that command would lead to rolling back the preceding command, typically leaving inconsistent state on-disk (such as a missing or extra database directory).In extended query protocol, force an immediate commit after CREATE DATABASE and other commands that can't run in a transaction block (Tom Lane).This broke dump/restore scenarios, because pg_dump issues CREATE INDEX before re-granting permissions. The fix for CVE-2022-1552 caused CREATE INDEX to apply the table owner's permissions while performing lookups of operator classes and other objects, where formerly the calling user's permissions were used.Fix permissions checks in CREATE INDEX (Nathan Bossart, Noah Misch).Moreover, it is necessary to support the CREATE DATABASE replay fix, which transiently creates a missing tablespace as an "in place" tablespace. While this has no use for separating tables onto different filesystems, it is a convenient setup for testing. This change allows it to just be a plain directory. Normally a Postgres tablespace is a symbolic link to a directory on some other filesystem.Support "in place" tablespaces (Thomas Munro, Michael Paquier, Álvaro Herrera).Create the tablespace (as a plain directory), then check that it has been dropped again once replay reaches a consistent state. Prior to this patch, a standby would fail to recover in such a case however, such directories could be legitimately missing. Standby servers may encounter missing tablespace directories when replaying database-creation WAL records.Fix replay of CREATE DATABASE WAL records on standby servers (Kyotaro Horiguchi, Asim R Praveen, Paul Guo).The PostgreSQL Project thanks Sven Klemm for reporting this problem.As a side benefit, it also reduces the risk of accidentally replacing objects one did not mean to. This prevents a form of trojan-horse attack in which a hostile database user could become the owner of an extension object and then modify it to compromise future uses of the object by other users. It also prevents CREATE IF NOT EXISTS in the same situation. This change prevents extension scripts from doing CREATE OR REPLACE if there is an existing object that does not belong to the extension.Do not let extension scripts replace objects not already belonging to the extension (Tom Lane). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |