new file mode 100644
@@ -0,0 +1,583 @@
+From 6aba85a4b0a0e60126cc7c598b3e010e272516ec Mon Sep 17 00:00:00 2001
+From: Masahiko Sawada <msawada@postgresql.org>
+Date: Mon, 5 Aug 2024 06:05:28 -0700
+Subject: [PATCH] Restrict accesses to non-system views and foreign tables
+ during pg_dump.
+
+When pg_dump retrieves the list of database objects and performs the
+data dump, there was possibility that objects are replaced with others
+of the same name, such as views, and access them. This vulnerability
+could result in code execution with superuser privileges during the
+pg_dump process.
+
+This issue can arise when dumping data of sequences, foreign
+tables (only 13 or later), or tables registered with a WHERE clause in
+the extension configuration table.
+
+To address this, pg_dump now utilizes the newly introduced
+restrict_nonsystem_relation_kind GUC parameter to restrict the
+accesses to non-system views and foreign tables during the dump
+process. This new GUC parameter is added to back branches too, but
+these changes do not require cluster recreation.
+
+Back-patch to all supported branches.
+
+Reviewed-by: Noah Misch
+Security: CVE-2024-7348
+Backpatch-through: 12
+
+Upstream-Status: Backport from [https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=79c7a7e29695a32fef2e65682be224b8d61ec972]
+CVE: CVE-2024-7348
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ .../postgres_fdw/expected/postgres_fdw.out | 11 ++++
+ contrib/postgres_fdw/sql/postgres_fdw.sql | 8 +++
+ doc/src/sgml/config.sgml | 17 +++++
+ doc/src/sgml/ref/pg_dump.sgml | 8 +++
+ src/backend/foreign/foreign.c | 10 +++
+ src/backend/optimizer/plan/createplan.c | 13 ++++
+ src/backend/optimizer/util/plancat.c | 12 ++++
+ src/backend/rewrite/rewriteHandler.c | 17 +++++
+ src/backend/tcop/postgres.c | 64 +++++++++++++++++++
+ src/backend/utils/misc/guc_tables.c | 12 ++++
+ src/bin/pg_dump/pg_dump.c | 47 ++++++++++++++
+ src/include/tcop/tcopprot.h | 6 ++
+ src/include/utils/guc_hooks.h | 3 +
+ src/test/regress/expected/create_view.out | 19 +++++-
+ src/test/regress/sql/create_view.sql | 9 +++
+ 15 files changed, 255 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out
+index a6fd3f6ff0..9b7a7eed05 100644
+--- a/contrib/postgres_fdw/expected/postgres_fdw.out
++++ b/contrib/postgres_fdw/expected/postgres_fdw.out
+@@ -637,6 +637,17 @@ EXPLAIN (VERBOSE, COSTS OFF) SELECT * FROM ft_empty ORDER BY c1;
+ Remote SQL: SELECT c1, c2 FROM public.loct_empty ORDER BY c1 ASC NULLS LAST
+ (3 rows)
+
++-- test restriction on non-system foreign tables.
++SET restrict_nonsystem_relation_kind TO 'foreign-table';
++SELECT * from ft1 where c1 < 1; -- ERROR
++ERROR: access to non-system foreign table is restricted
++INSERT INTO ft1 (c1) VALUES (1); -- ERROR
++ERROR: access to non-system foreign table is restricted
++DELETE FROM ft1 WHERE c1 = 1; -- ERROR
++ERROR: access to non-system foreign table is restricted
++TRUNCATE ft1; -- ERROR
++ERROR: access to non-system foreign table is restricted
++RESET restrict_nonsystem_relation_kind;
+ -- ===================================================================
+ -- WHERE with remotely-executable conditions
+ -- ===================================================================
+diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql
+index 1c1dedd991..80cc3f9d8e 100644
+--- a/contrib/postgres_fdw/sql/postgres_fdw.sql
++++ b/contrib/postgres_fdw/sql/postgres_fdw.sql
+@@ -327,6 +327,14 @@ DELETE FROM loct_empty;
+ ANALYZE ft_empty;
+ EXPLAIN (VERBOSE, COSTS OFF) SELECT * FROM ft_empty ORDER BY c1;
+
++-- test restriction on non-system foreign tables.
++SET restrict_nonsystem_relation_kind TO 'foreign-table';
++SELECT * from ft1 where c1 < 1; -- ERROR
++INSERT INTO ft1 (c1) VALUES (1); -- ERROR
++DELETE FROM ft1 WHERE c1 = 1; -- ERROR
++TRUNCATE ft1; -- ERROR
++RESET restrict_nonsystem_relation_kind;
++
+ -- ===================================================================
+ -- WHERE with remotely-executable conditions
+ -- ===================================================================
+diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
+index e8c5d2a3b7..69c4bc614f 100644
+--- a/doc/src/sgml/config.sgml
++++ b/doc/src/sgml/config.sgml
+@@ -9564,6 +9564,23 @@ SET XML OPTION { DOCUMENT | CONTENT };
+ </listitem>
+ </varlistentry>
+
++ <varlistentry id="guc-restrict-nonsystem-relation-kind" xreflabel="restrict_nonsystem_relation_kind">
++ <term><varname>restrict_nonsystem_relation_kind</varname> (<type>string</type>)
++ <indexterm>
++ <primary><varname>restrict_nonsystem_relation_kind</varname></primary>
++ <secondary>configuration parameter</secondary>
++ </indexterm>
++ </term>
++ <listitem>
++ <para>
++ This variable specifies relation kind to which access is restricted.
++ It contains a comma-separated list of relation kind. Currently, the
++ supported relation kinds are <literal>view</literal> and
++ <literal>foreign-table</literal>.
++ </para>
++ </listitem>
++ </varlistentry>
++
+ </variablelist>
+ </sect2>
+ <sect2 id="runtime-config-client-format">
+diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
+index 7ff5d04c73..b879c30c18 100644
+--- a/doc/src/sgml/ref/pg_dump.sgml
++++ b/doc/src/sgml/ref/pg_dump.sgml
+@@ -868,6 +868,14 @@ PostgreSQL documentation
+ The only exception is that an empty pattern is disallowed.
+ </para>
+
++ <note>
++ <para>
++ Using wildcards in <option>--include-foreign-data</option> may result
++ in access to unexpected foreign servers. Also, to use this option securely,
++ make sure that the named server must have a trusted owner.
++ </para>
++ </note>
++
+ <note>
+ <para>
+ When <option>--include-foreign-data</option> is specified,
+diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c
+index ca3ad55b62..7335838af3 100644
+--- a/src/backend/foreign/foreign.c
++++ b/src/backend/foreign/foreign.c
+@@ -23,6 +23,7 @@
+ #include "funcapi.h"
+ #include "lib/stringinfo.h"
+ #include "miscadmin.h"
++#include "tcop/tcopprot.h"
+ #include "utils/builtins.h"
+ #include "utils/memutils.h"
+ #include "utils/rel.h"
+@@ -323,6 +324,15 @@ GetFdwRoutine(Oid fdwhandler)
+ Datum datum;
+ FdwRoutine *routine;
+
++ /* Check if the access to foreign tables is restricted */
++ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
++ {
++ /* there must not be built-in FDW handler */
++ ereport(ERROR,
++ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
++ errmsg("access to non-system foreign table is restricted")));
++ }
++
+ datum = OidFunctionCall0(fdwhandler);
+ routine = (FdwRoutine *) DatumGetPointer(datum);
+
+diff --git a/src/backend/optimizer/plan/createplan.c b/src/backend/optimizer/plan/createplan.c
+index 4bb38160b3..974c50b29f 100644
+--- a/src/backend/optimizer/plan/createplan.c
++++ b/src/backend/optimizer/plan/createplan.c
+@@ -40,6 +40,7 @@
+ #include "parser/parse_clause.h"
+ #include "parser/parsetree.h"
+ #include "partitioning/partprune.h"
++#include "tcop/tcopprot.h"
+ #include "utils/lsyscache.h"
+
+
+@@ -7090,7 +7091,19 @@ make_modifytable(PlannerInfo *root, Plan *subplan,
+
+ if (rte->rtekind == RTE_RELATION &&
+ rte->relkind == RELKIND_FOREIGN_TABLE)
++ {
++ /* Check if the access to foreign tables is restricted */
++ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
++ {
++ /* there must not be built-in foreign tables */
++ Assert(rte->relid >= FirstNormalObjectId);
++ ereport(ERROR,
++ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
++ errmsg("access to non-system foreign table is restricted")));
++ }
++
+ fdwroutine = GetFdwRoutineByRelId(rte->relid);
++ }
+ else
+ fdwroutine = NULL;
+ }
+diff --git a/src/backend/optimizer/util/plancat.c b/src/backend/optimizer/util/plancat.c
+index 07c4ba384a..1a3045479f 100644
+--- a/src/backend/optimizer/util/plancat.c
++++ b/src/backend/optimizer/util/plancat.c
+@@ -47,6 +47,7 @@
+ #include "rewrite/rewriteManip.h"
+ #include "statistics/statistics.h"
+ #include "storage/bufmgr.h"
++#include "tcop/tcopprot.h"
+ #include "utils/builtins.h"
+ #include "utils/lsyscache.h"
+ #include "utils/partcache.h"
+@@ -500,6 +501,17 @@ get_relation_info(PlannerInfo *root, Oid relationObjectId, bool inhparent,
+ /* Grab foreign-table info using the relcache, while we have it */
+ if (relation->rd_rel->relkind == RELKIND_FOREIGN_TABLE)
+ {
++ /* Check if the access to foreign tables is restricted */
++ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
++ {
++ /* there must not be built-in foreign tables */
++ Assert(RelationGetRelid(relation) >= FirstNormalObjectId);
++
++ ereport(ERROR,
++ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
++ errmsg("access to non-system foreign table is restricted")));
++ }
++
+ rel->serverid = GetForeignServerIdByRelId(RelationGetRelid(relation));
+ rel->fdwroutine = GetFdwRoutineForRelation(relation, true);
+ }
+diff --git a/src/backend/rewrite/rewriteHandler.c b/src/backend/rewrite/rewriteHandler.c
+index 6cef936f82..9cd96fd17e 100644
+--- a/src/backend/rewrite/rewriteHandler.c
++++ b/src/backend/rewrite/rewriteHandler.c
+@@ -41,6 +41,7 @@
+ #include "rewrite/rewriteManip.h"
+ #include "rewrite/rewriteSearchCycle.h"
+ #include "rewrite/rowsecurity.h"
++#include "tcop/tcopprot.h"
+ #include "utils/builtins.h"
+ #include "utils/lsyscache.h"
+ #include "utils/rel.h"
+@@ -1740,6 +1741,14 @@ ApplyRetrieveRule(Query *parsetree,
+ if (rule->qual != NULL)
+ elog(ERROR, "cannot handle qualified ON SELECT rule");
+
++ /* Check if the expansion of non-system views are restricted */
++ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_VIEW) != 0 &&
++ RelationGetRelid(relation) >= FirstNormalObjectId))
++ ereport(ERROR,
++ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
++ errmsg("access to non-system view \"%s\" is restricted",
++ RelationGetRelationName(relation))));
++
+ if (rt_index == parsetree->resultRelation)
+ {
+ /*
+@@ -3104,6 +3113,14 @@
+ }
+ }
+
++ /* Check if the expansion of non-system views are restricted */
++ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_VIEW) != 0 &&
++ RelationGetRelid(view) >= FirstNormalObjectId))
++ ereport(ERROR,
++ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
++ errmsg("access to non-system view \"%s\" is restricted",
++ RelationGetRelationName(view))));
++
+ /*
+ * For INSERT/UPDATE the modified columns must all be updatable. Note that
+ * we get the modified columns from the query's targetlist, not from the
+diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
+index 36cc99ec9c..e7d486ca2f 100644
+--- a/src/backend/tcop/postgres.c
++++ b/src/backend/tcop/postgres.c
+@@ -77,6 +77,7 @@
+ #include "utils/snapmgr.h"
+ #include "utils/timeout.h"
+ #include "utils/timestamp.h"
++#include "utils/varlena.h"
+
+ /* ----------------
+ * global variables
+@@ -101,6 +102,9 @@ int PostAuthDelay = 0;
+ /* Time between checks that the client is still connected. */
+ int client_connection_check_interval = 0;
+
++/* flags for non-system relation kinds to restrict use */
++int restrict_nonsystem_relation_kind;
++
+ /* ----------------
+ * private typedefs etc
+ * ----------------
+@@ -3628,6 +3632,66 @@ check_log_stats(bool *newval, void **extra, GucSource source)
+ return true;
+ }
+
++/*
++ * GUC check_hook for restrict_nonsystem_relation_kind
++ */
++bool
++check_restrict_nonsystem_relation_kind(char **newval, void **extra, GucSource source)
++{
++ char *rawstring;
++ List *elemlist;
++ ListCell *l;
++ int flags = 0;
++
++ /* Need a modifiable copy of string */
++ rawstring = pstrdup(*newval);
++
++ if (!SplitIdentifierString(rawstring, ',', &elemlist))
++ {
++ /* syntax error in list */
++ GUC_check_errdetail("List syntax is invalid.");
++ pfree(rawstring);
++ list_free(elemlist);
++ return false;
++ }
++
++ foreach(l, elemlist)
++ {
++ char *tok = (char *) lfirst(l);
++
++ if (pg_strcasecmp(tok, "view") == 0)
++ flags |= RESTRICT_RELKIND_VIEW;
++ else if (pg_strcasecmp(tok, "foreign-table") == 0)
++ flags |= RESTRICT_RELKIND_FOREIGN_TABLE;
++ else
++ {
++ GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
++ pfree(rawstring);
++ list_free(elemlist);
++ return false;
++ }
++ }
++
++ pfree(rawstring);
++ list_free(elemlist);
++
++ /* Save the flags in *extra, for use by the assign function */
++ *extra = guc_malloc(ERROR, sizeof(int));
++ *((int *) *extra) = flags;
++
++ return true;
++}
++
++/*
++ * GUC assign_hook for restrict_nonsystem_relation_kind
++ */
++void
++assign_restrict_nonsystem_relation_kind(const char *newval, void *extra)
++{
++ int *flags = (int *) extra;
++
++ restrict_nonsystem_relation_kind = *flags;
++}
+
+ /*
+ * set_debug_options --- apply "-d N" command line option
+diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
+index b078b934a7..a515ecde97 100644
+--- a/src/backend/utils/misc/guc_tables.c
++++ b/src/backend/utils/misc/guc_tables.c
+@@ -564,6 +564,7 @@ static char *server_encoding_string;
+ static char *server_version_string;
+ static int server_version_num;
+ static char *debug_io_direct_string;
++static char *restrict_nonsystem_relation_kind_string;
+
+ #ifdef HAVE_SYSLOG
+ #define DEFAULT_SYSLOG_FACILITY LOG_LOCAL0
+@@ -4549,6 +4550,17 @@ struct config_string ConfigureNamesString[] =
+ check_debug_io_direct, assign_debug_io_direct, NULL
+ },
+
++ {
++ {"restrict_nonsystem_relation_kind", PGC_USERSET, CLIENT_CONN_STATEMENT,
++ gettext_noop("Sets relation kinds of non-system relation to restrict use"),
++ NULL,
++ GUC_LIST_INPUT | GUC_NOT_IN_SAMPLE
++ },
++ &restrict_nonsystem_relation_kind_string,
++ "",
++ check_restrict_nonsystem_relation_kind, assign_restrict_nonsystem_relation_kind, NULL
++ },
++
+ /* End-of-list marker */
+ {
+ {NULL, 0, 0, NULL, NULL}, NULL, NULL, NULL, NULL, NULL
+diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
+index 300fe071fc..1694ff55f8 100644
+--- a/src/bin/pg_dump/pg_dump.c
++++ b/src/bin/pg_dump/pg_dump.c
+@@ -324,6 +324,7 @@ static bool nonemptyReloptions(const char *reloptions);
+ static void appendReloptionsArrayAH(PQExpBuffer buffer, const char *reloptions,
+ const char *prefix, Archive *fout);
+ static char *get_synchronized_snapshot(Archive *fout);
++static void set_restrict_relation_kind(Archive *AH, const char *value);
+ static void setupDumpWorker(Archive *AH);
+ static TableInfo *getRootTableInfo(const TableInfo *tbinfo);
+ static bool forcePartitionRootLoad(const TableInfo *tbinfo);
+@@ -1252,6 +1253,13 @@ setup_connection(Archive *AH, const char *dumpencoding,
+ ExecuteSqlStatement(AH, "SET row_security = off");
+ }
+
++ /*
++ * For security reasons, we restrict the expansion of non-system views and
++ * access to foreign tables during the pg_dump process. This restriction
++ * is adjusted when dumping foreign table data.
++ */
++ set_restrict_relation_kind(AH, "view, foreign-table");
++
+ /*
+ * Initialize prepared-query state to "nothing prepared". We do this here
+ * so that a parallel dump worker will have its own state.
+@@ -2114,6 +2122,10 @@ dumpTableData_copy(Archive *fout, const void *dcontext)
+ */
+ if (tdinfo->filtercond || tbinfo->relkind == RELKIND_FOREIGN_TABLE)
+ {
++ /* Temporary allows to access to foreign tables to dump data */
++ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
++ set_restrict_relation_kind(fout, "view");
++
+ appendPQExpBufferStr(q, "COPY (SELECT ");
+ /* klugery to get rid of parens in column list */
+ if (strlen(column_list) > 2)
+@@ -2225,6 +2237,11 @@ dumpTableData_copy(Archive *fout, const void *dcontext)
+ classname);
+
+ destroyPQExpBuffer(q);
++
++ /* Revert back the setting */
++ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
++ set_restrict_relation_kind(fout, "view, foreign-table");
++
+ return 1;
+ }
+
+@@ -2251,6 +2268,10 @@ dumpTableData_insert(Archive *fout, const void *dcontext)
+ int rows_per_statement = dopt->dump_inserts;
+ int rows_this_statement = 0;
+
++ /* Temporary allows to access to foreign tables to dump data */
++ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
++ set_restrict_relation_kind(fout, "view");
++
+ /*
+ * If we're going to emit INSERTs with column names, the most efficient
+ * way to deal with generated columns is to exclude them entirely. For
+@@ -2490,6 +2511,10 @@ dumpTableData_insert(Archive *fout, const void *dcontext)
+ destroyPQExpBuffer(insertStmt);
+ free(attgenerated);
+
++ /* Revert back the setting */
++ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
++ set_restrict_relation_kind(fout, "view, foreign-table");
++
+ return 1;
+ }
+
+@@ -4590,6 +4615,28 @@ is_superuser(Archive *fout)
+ return false;
+ }
+
++/*
++ * Set the given value to restrict_nonsystem_relation_kind value. Since
++ * restrict_nonsystem_relation_kind is introduced in minor version releases,
++ * the setting query is effective only where available.
++ */
++static void
++set_restrict_relation_kind(Archive *AH, const char *value)
++{
++ PQExpBuffer query = createPQExpBuffer();
++ PGresult *res;
++
++ appendPQExpBuffer(query,
++ "SELECT set_config(name, '%s', false) "
++ "FROM pg_settings "
++ "WHERE name = 'restrict_nonsystem_relation_kind'",
++ value);
++ res = ExecuteSqlQuery(AH, query->data, PGRES_TUPLES_OK);
++
++ PQclear(res);
++ destroyPQExpBuffer(query);
++}
++
+ /*
+ * getSubscriptions
+ * get information about subscriptions
+diff --git a/src/include/tcop/tcopprot.h b/src/include/tcop/tcopprot.h
+index abd7b4fff3..e529e9f06c 100644
+--- a/src/include/tcop/tcopprot.h
++++ b/src/include/tcop/tcopprot.h
+@@ -43,6 +43,12 @@ typedef enum
+
+ extern PGDLLIMPORT int log_statement;
+
++/* Flags for restrict_nonsystem_relation_kind value */
++#define RESTRICT_RELKIND_VIEW 0x01
++#define RESTRICT_RELKIND_FOREIGN_TABLE 0x02
++
++extern PGDLLIMPORT int restrict_nonsystem_relation_kind;
++
+ extern List *pg_parse_query(const char *query_string);
+ extern List *pg_rewrite_query(Query *query);
+ extern List *pg_analyze_and_rewrite_fixedparams(RawStmt *parsetree,
+diff --git a/src/include/utils/guc_hooks.h b/src/include/utils/guc_hooks.h
+index 952293a1c3..0ea33fede9 100644
+--- a/src/include/utils/guc_hooks.h
++++ b/src/include/utils/guc_hooks.h
+@@ -118,6 +118,9 @@ extern void assign_recovery_target_xid(const char *newval, void *extra);
+ extern bool check_role(char **newval, void **extra, GucSource source);
+ extern void assign_role(const char *newval, void *extra);
+ extern const char *show_role(void);
++extern bool check_restrict_nonsystem_relation_kind(char **newval, void **extra,
++ GucSource source);
++extern void assign_restrict_nonsystem_relation_kind(const char *newval, void *extra);
+ extern bool check_search_path(char **newval, void **extra, GucSource source);
+ extern void assign_search_path(const char *newval, void *extra);
+ extern bool check_session_authorization(char **newval, void **extra, GucSource source);
+diff --git a/src/test/regress/expected/create_view.out b/src/test/regress/expected/create_view.out
+index 61825ef7d4..f3f8c7b5a2 100644
+--- a/src/test/regress/expected/create_view.out
++++ b/src/test/regress/expected/create_view.out
+@@ -2202,6 +2202,21 @@ select pg_get_viewdef('tt26v', true);
+ FROM ( VALUES (1,2,3)) v(x, y, z);
+ (1 row)
+
++-- test restriction on non-system view expansion.
++create table tt27v_tbl (a int);
++create view tt27v as select a from tt27v_tbl;
++set restrict_nonsystem_relation_kind to 'view';
++select a from tt27v where a > 0; -- Error
++ERROR: access to non-system view "tt27v" is restricted
++insert into tt27v values (1); -- Error
++ERROR: access to non-system view "tt27v" is restricted
++select viewname from pg_views where viewname = 'tt27v'; -- Ok to access a system view.
++ viewname
++----------
++ tt27v
++(1 row)
++
++reset restrict_nonsystem_relation_kind;
+ -- clean up all the random objects we made above
+ DROP SCHEMA temp_view_test CASCADE;
+ NOTICE: drop cascades to 27 other objects
+@@ -2233,7 +2248,7 @@ drop cascades to view aliased_view_2
+ drop cascades to view aliased_view_3
+ drop cascades to view aliased_view_4
+ DROP SCHEMA testviewschm2 CASCADE;
+-NOTICE: drop cascades to 77 other objects
++NOTICE: drop cascades to 79 other objects
+ DETAIL: drop cascades to table t1
+ drop cascades to view temporal1
+ drop cascades to view temporal2
+@@ -2311,3 +2326,5 @@ drop cascades to view tt23v
+ drop cascades to view tt24v
+ drop cascades to view tt25v
+ drop cascades to view tt26v
++drop cascades to table tt27v_tbl
++drop cascades to view tt27v
+diff --git a/src/test/regress/sql/create_view.sql b/src/test/regress/sql/create_view.sql
+index 8838a40f7a..3a78be1b0c 100644
+--- a/src/test/regress/sql/create_view.sql
++++ b/src/test/regress/sql/create_view.sql
+@@ -813,6 +813,15 @@ select x + y + z as c1,
+ from (values(1,2,3)) v(x,y,z);
+ select pg_get_viewdef('tt26v', true);
+
++-- test restriction on non-system view expansion.
++create table tt27v_tbl (a int);
++create view tt27v as select a from tt27v_tbl;
++set restrict_nonsystem_relation_kind to 'view';
++select a from tt27v where a > 0; -- Error
++insert into tt27v values (1); -- Error
++select viewname from pg_views where viewname = 'tt27v'; -- Ok to access a system view.
++reset restrict_nonsystem_relation_kind;
++
+ -- clean up all the random objects we made above
+ DROP SCHEMA temp_view_test CASCADE;
+ DROP SCHEMA testviewschm2 CASCADE;
+--
+2.30.2
+
@@ -9,6 +9,7 @@ SRC_URI += "\
file://0003-configure.ac-bypass-autoconf-2.69-version-check.patch \
file://0004-config_info.c-not-expose-build-info.patch \
file://0005-postgresql-fix-ptest-failure-of-sysviews.patch \
+ file://CVE-2024-7348.patch \
"
SRC_URI[sha256sum] = "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585"
Upstream-Status: Backport []https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=79c7a7e29695a32fef2e65682be224b8d61ec972 Signed-off-by: Ashish Sharma <asharma@mvista.com> --- .../postgresql/files/CVE-2024-7348.patch | 583 ++++++++++++++++++ .../recipes-dbs/postgresql/postgresql_16.3.bb | 1 + 2 files changed, 584 insertions(+) create mode 100644 meta-oe/recipes-dbs/postgresql/files/CVE-2024-7348.patch