@@ -13,12 +13,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
1 file changed, 4 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 401ce30..27f382d 100644
+index 65715a4..4ad6340 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros
- AC_INIT([PostgreSQL], [16.3], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
+ AC_INIT([PostgreSQL], [16.4], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/])
-m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
-Untested combinations of 'autoconf' and PostgreSQL versions are not
@@ -28,5 +28,5 @@ index 401ce30..27f382d 100644
AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c])
AC_CONFIG_AUX_DIR(config)
--
-2.25.1
+2.34.1
deleted file mode 100644
@@ -1,583 +0,0 @@
-From 6aba85a4b0a0e60126cc7c598b3e010e272516ec Mon Sep 17 00:00:00 2001
-From: Masahiko Sawada <msawada@postgresql.org>
-Date: Mon, 5 Aug 2024 06:05:28 -0700
-Subject: [PATCH] Restrict accesses to non-system views and foreign tables
- during pg_dump.
-
-When pg_dump retrieves the list of database objects and performs the
-data dump, there was possibility that objects are replaced with others
-of the same name, such as views, and access them. This vulnerability
-could result in code execution with superuser privileges during the
-pg_dump process.
-
-This issue can arise when dumping data of sequences, foreign
-tables (only 13 or later), or tables registered with a WHERE clause in
-the extension configuration table.
-
-To address this, pg_dump now utilizes the newly introduced
-restrict_nonsystem_relation_kind GUC parameter to restrict the
-accesses to non-system views and foreign tables during the dump
-process. This new GUC parameter is added to back branches too, but
-these changes do not require cluster recreation.
-
-Back-patch to all supported branches.
-
-Reviewed-by: Noah Misch
-Security: CVE-2024-7348
-Backpatch-through: 12
-
-Upstream-Status: Backport from [https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=79c7a7e29695a32fef2e65682be224b8d61ec972]
-CVE: CVE-2024-7348
-Signed-off-by: Ashish Sharma <asharma@mvista.com>
-
- .../postgres_fdw/expected/postgres_fdw.out | 11 ++++
- contrib/postgres_fdw/sql/postgres_fdw.sql | 8 +++
- doc/src/sgml/config.sgml | 17 +++++
- doc/src/sgml/ref/pg_dump.sgml | 8 +++
- src/backend/foreign/foreign.c | 10 +++
- src/backend/optimizer/plan/createplan.c | 13 ++++
- src/backend/optimizer/util/plancat.c | 12 ++++
- src/backend/rewrite/rewriteHandler.c | 17 +++++
- src/backend/tcop/postgres.c | 64 +++++++++++++++++++
- src/backend/utils/misc/guc_tables.c | 12 ++++
- src/bin/pg_dump/pg_dump.c | 47 ++++++++++++++
- src/include/tcop/tcopprot.h | 6 ++
- src/include/utils/guc_hooks.h | 3 +
- src/test/regress/expected/create_view.out | 19 +++++-
- src/test/regress/sql/create_view.sql | 9 +++
- 15 files changed, 255 insertions(+), 1 deletion(-)
-
-diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out
-index a6fd3f6ff0..9b7a7eed05 100644
---- a/contrib/postgres_fdw/expected/postgres_fdw.out
-+++ b/contrib/postgres_fdw/expected/postgres_fdw.out
-@@ -637,6 +637,17 @@ EXPLAIN (VERBOSE, COSTS OFF) SELECT * FROM ft_empty ORDER BY c1;
- Remote SQL: SELECT c1, c2 FROM public.loct_empty ORDER BY c1 ASC NULLS LAST
- (3 rows)
-
-+-- test restriction on non-system foreign tables.
-+SET restrict_nonsystem_relation_kind TO 'foreign-table';
-+SELECT * from ft1 where c1 < 1; -- ERROR
-+ERROR: access to non-system foreign table is restricted
-+INSERT INTO ft1 (c1) VALUES (1); -- ERROR
-+ERROR: access to non-system foreign table is restricted
-+DELETE FROM ft1 WHERE c1 = 1; -- ERROR
-+ERROR: access to non-system foreign table is restricted
-+TRUNCATE ft1; -- ERROR
-+ERROR: access to non-system foreign table is restricted
-+RESET restrict_nonsystem_relation_kind;
- -- ===================================================================
- -- WHERE with remotely-executable conditions
- -- ===================================================================
-diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql
-index 1c1dedd991..80cc3f9d8e 100644
---- a/contrib/postgres_fdw/sql/postgres_fdw.sql
-+++ b/contrib/postgres_fdw/sql/postgres_fdw.sql
-@@ -327,6 +327,14 @@ DELETE FROM loct_empty;
- ANALYZE ft_empty;
- EXPLAIN (VERBOSE, COSTS OFF) SELECT * FROM ft_empty ORDER BY c1;
-
-+-- test restriction on non-system foreign tables.
-+SET restrict_nonsystem_relation_kind TO 'foreign-table';
-+SELECT * from ft1 where c1 < 1; -- ERROR
-+INSERT INTO ft1 (c1) VALUES (1); -- ERROR
-+DELETE FROM ft1 WHERE c1 = 1; -- ERROR
-+TRUNCATE ft1; -- ERROR
-+RESET restrict_nonsystem_relation_kind;
-+
- -- ===================================================================
- -- WHERE with remotely-executable conditions
- -- ===================================================================
-diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
-index e8c5d2a3b7..69c4bc614f 100644
---- a/doc/src/sgml/config.sgml
-+++ b/doc/src/sgml/config.sgml
-@@ -9564,6 +9564,23 @@ SET XML OPTION { DOCUMENT | CONTENT };
- </listitem>
- </varlistentry>
-
-+ <varlistentry id="guc-restrict-nonsystem-relation-kind" xreflabel="restrict_nonsystem_relation_kind">
-+ <term><varname>restrict_nonsystem_relation_kind</varname> (<type>string</type>)
-+ <indexterm>
-+ <primary><varname>restrict_nonsystem_relation_kind</varname></primary>
-+ <secondary>configuration parameter</secondary>
-+ </indexterm>
-+ </term>
-+ <listitem>
-+ <para>
-+ This variable specifies relation kind to which access is restricted.
-+ It contains a comma-separated list of relation kind. Currently, the
-+ supported relation kinds are <literal>view</literal> and
-+ <literal>foreign-table</literal>.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- </variablelist>
- </sect2>
- <sect2 id="runtime-config-client-format">
-diff --git a/doc/src/sgml/ref/pg_dump.sgml b/doc/src/sgml/ref/pg_dump.sgml
-index 7ff5d04c73..b879c30c18 100644
---- a/doc/src/sgml/ref/pg_dump.sgml
-+++ b/doc/src/sgml/ref/pg_dump.sgml
-@@ -868,6 +868,14 @@ PostgreSQL documentation
- The only exception is that an empty pattern is disallowed.
- </para>
-
-+ <note>
-+ <para>
-+ Using wildcards in <option>--include-foreign-data</option> may result
-+ in access to unexpected foreign servers. Also, to use this option securely,
-+ make sure that the named server must have a trusted owner.
-+ </para>
-+ </note>
-+
- <note>
- <para>
- When <option>--include-foreign-data</option> is specified,
-diff --git a/src/backend/foreign/foreign.c b/src/backend/foreign/foreign.c
-index ca3ad55b62..7335838af3 100644
---- a/src/backend/foreign/foreign.c
-+++ b/src/backend/foreign/foreign.c
-@@ -23,6 +23,7 @@
- #include "funcapi.h"
- #include "lib/stringinfo.h"
- #include "miscadmin.h"
-+#include "tcop/tcopprot.h"
- #include "utils/builtins.h"
- #include "utils/memutils.h"
- #include "utils/rel.h"
-@@ -323,6 +324,15 @@ GetFdwRoutine(Oid fdwhandler)
- Datum datum;
- FdwRoutine *routine;
-
-+ /* Check if the access to foreign tables is restricted */
-+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
-+ {
-+ /* there must not be built-in FDW handler */
-+ ereport(ERROR,
-+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
-+ errmsg("access to non-system foreign table is restricted")));
-+ }
-+
- datum = OidFunctionCall0(fdwhandler);
- routine = (FdwRoutine *) DatumGetPointer(datum);
-
-diff --git a/src/backend/optimizer/plan/createplan.c b/src/backend/optimizer/plan/createplan.c
-index 4bb38160b3..974c50b29f 100644
---- a/src/backend/optimizer/plan/createplan.c
-+++ b/src/backend/optimizer/plan/createplan.c
-@@ -40,6 +40,7 @@
- #include "parser/parse_clause.h"
- #include "parser/parsetree.h"
- #include "partitioning/partprune.h"
-+#include "tcop/tcopprot.h"
- #include "utils/lsyscache.h"
-
-
-@@ -7090,7 +7091,19 @@ make_modifytable(PlannerInfo *root, Plan *subplan,
-
- if (rte->rtekind == RTE_RELATION &&
- rte->relkind == RELKIND_FOREIGN_TABLE)
-+ {
-+ /* Check if the access to foreign tables is restricted */
-+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
-+ {
-+ /* there must not be built-in foreign tables */
-+ Assert(rte->relid >= FirstNormalObjectId);
-+ ereport(ERROR,
-+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
-+ errmsg("access to non-system foreign table is restricted")));
-+ }
-+
- fdwroutine = GetFdwRoutineByRelId(rte->relid);
-+ }
- else
- fdwroutine = NULL;
- }
-diff --git a/src/backend/optimizer/util/plancat.c b/src/backend/optimizer/util/plancat.c
-index 07c4ba384a..1a3045479f 100644
---- a/src/backend/optimizer/util/plancat.c
-+++ b/src/backend/optimizer/util/plancat.c
-@@ -47,6 +47,7 @@
- #include "rewrite/rewriteManip.h"
- #include "statistics/statistics.h"
- #include "storage/bufmgr.h"
-+#include "tcop/tcopprot.h"
- #include "utils/builtins.h"
- #include "utils/lsyscache.h"
- #include "utils/partcache.h"
-@@ -500,6 +501,17 @@ get_relation_info(PlannerInfo *root, Oid relationObjectId, bool inhparent,
- /* Grab foreign-table info using the relcache, while we have it */
- if (relation->rd_rel->relkind == RELKIND_FOREIGN_TABLE)
- {
-+ /* Check if the access to foreign tables is restricted */
-+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_FOREIGN_TABLE) != 0))
-+ {
-+ /* there must not be built-in foreign tables */
-+ Assert(RelationGetRelid(relation) >= FirstNormalObjectId);
-+
-+ ereport(ERROR,
-+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
-+ errmsg("access to non-system foreign table is restricted")));
-+ }
-+
- rel->serverid = GetForeignServerIdByRelId(RelationGetRelid(relation));
- rel->fdwroutine = GetFdwRoutineForRelation(relation, true);
- }
-diff --git a/src/backend/rewrite/rewriteHandler.c b/src/backend/rewrite/rewriteHandler.c
-index 6cef936f82..9cd96fd17e 100644
---- a/src/backend/rewrite/rewriteHandler.c
-+++ b/src/backend/rewrite/rewriteHandler.c
-@@ -41,6 +41,7 @@
- #include "rewrite/rewriteManip.h"
- #include "rewrite/rewriteSearchCycle.h"
- #include "rewrite/rowsecurity.h"
-+#include "tcop/tcopprot.h"
- #include "utils/builtins.h"
- #include "utils/lsyscache.h"
- #include "utils/rel.h"
-@@ -1740,6 +1741,14 @@ ApplyRetrieveRule(Query *parsetree,
- if (rule->qual != NULL)
- elog(ERROR, "cannot handle qualified ON SELECT rule");
-
-+ /* Check if the expansion of non-system views are restricted */
-+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_VIEW) != 0 &&
-+ RelationGetRelid(relation) >= FirstNormalObjectId))
-+ ereport(ERROR,
-+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
-+ errmsg("access to non-system view \"%s\" is restricted",
-+ RelationGetRelationName(relation))));
-+
- if (rt_index == parsetree->resultRelation)
- {
- /*
-@@ -3104,6 +3113,14 @@
- }
- }
-
-+ /* Check if the expansion of non-system views are restricted */
-+ if (unlikely((restrict_nonsystem_relation_kind & RESTRICT_RELKIND_VIEW) != 0 &&
-+ RelationGetRelid(view) >= FirstNormalObjectId))
-+ ereport(ERROR,
-+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
-+ errmsg("access to non-system view \"%s\" is restricted",
-+ RelationGetRelationName(view))));
-+
- /*
- * For INSERT/UPDATE the modified columns must all be updatable. Note that
- * we get the modified columns from the query's targetlist, not from the
-diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
-index 36cc99ec9c..e7d486ca2f 100644
---- a/src/backend/tcop/postgres.c
-+++ b/src/backend/tcop/postgres.c
-@@ -77,6 +77,7 @@
- #include "utils/snapmgr.h"
- #include "utils/timeout.h"
- #include "utils/timestamp.h"
-+#include "utils/varlena.h"
-
- /* ----------------
- * global variables
-@@ -101,6 +102,9 @@ int PostAuthDelay = 0;
- /* Time between checks that the client is still connected. */
- int client_connection_check_interval = 0;
-
-+/* flags for non-system relation kinds to restrict use */
-+int restrict_nonsystem_relation_kind;
-+
- /* ----------------
- * private typedefs etc
- * ----------------
-@@ -3628,6 +3632,66 @@ check_log_stats(bool *newval, void **extra, GucSource source)
- return true;
- }
-
-+/*
-+ * GUC check_hook for restrict_nonsystem_relation_kind
-+ */
-+bool
-+check_restrict_nonsystem_relation_kind(char **newval, void **extra, GucSource source)
-+{
-+ char *rawstring;
-+ List *elemlist;
-+ ListCell *l;
-+ int flags = 0;
-+
-+ /* Need a modifiable copy of string */
-+ rawstring = pstrdup(*newval);
-+
-+ if (!SplitIdentifierString(rawstring, ',', &elemlist))
-+ {
-+ /* syntax error in list */
-+ GUC_check_errdetail("List syntax is invalid.");
-+ pfree(rawstring);
-+ list_free(elemlist);
-+ return false;
-+ }
-+
-+ foreach(l, elemlist)
-+ {
-+ char *tok = (char *) lfirst(l);
-+
-+ if (pg_strcasecmp(tok, "view") == 0)
-+ flags |= RESTRICT_RELKIND_VIEW;
-+ else if (pg_strcasecmp(tok, "foreign-table") == 0)
-+ flags |= RESTRICT_RELKIND_FOREIGN_TABLE;
-+ else
-+ {
-+ GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
-+ pfree(rawstring);
-+ list_free(elemlist);
-+ return false;
-+ }
-+ }
-+
-+ pfree(rawstring);
-+ list_free(elemlist);
-+
-+ /* Save the flags in *extra, for use by the assign function */
-+ *extra = guc_malloc(ERROR, sizeof(int));
-+ *((int *) *extra) = flags;
-+
-+ return true;
-+}
-+
-+/*
-+ * GUC assign_hook for restrict_nonsystem_relation_kind
-+ */
-+void
-+assign_restrict_nonsystem_relation_kind(const char *newval, void *extra)
-+{
-+ int *flags = (int *) extra;
-+
-+ restrict_nonsystem_relation_kind = *flags;
-+}
-
- /*
- * set_debug_options --- apply "-d N" command line option
-diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
-index b078b934a7..a515ecde97 100644
---- a/src/backend/utils/misc/guc_tables.c
-+++ b/src/backend/utils/misc/guc_tables.c
-@@ -564,6 +564,7 @@ static char *server_encoding_string;
- static char *server_version_string;
- static int server_version_num;
- static char *debug_io_direct_string;
-+static char *restrict_nonsystem_relation_kind_string;
-
- #ifdef HAVE_SYSLOG
- #define DEFAULT_SYSLOG_FACILITY LOG_LOCAL0
-@@ -4549,6 +4550,17 @@ struct config_string ConfigureNamesString[] =
- check_debug_io_direct, assign_debug_io_direct, NULL
- },
-
-+ {
-+ {"restrict_nonsystem_relation_kind", PGC_USERSET, CLIENT_CONN_STATEMENT,
-+ gettext_noop("Sets relation kinds of non-system relation to restrict use"),
-+ NULL,
-+ GUC_LIST_INPUT | GUC_NOT_IN_SAMPLE
-+ },
-+ &restrict_nonsystem_relation_kind_string,
-+ "",
-+ check_restrict_nonsystem_relation_kind, assign_restrict_nonsystem_relation_kind, NULL
-+ },
-+
- /* End-of-list marker */
- {
- {NULL, 0, 0, NULL, NULL}, NULL, NULL, NULL, NULL, NULL
-diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
-index 300fe071fc..1694ff55f8 100644
---- a/src/bin/pg_dump/pg_dump.c
-+++ b/src/bin/pg_dump/pg_dump.c
-@@ -324,6 +324,7 @@ static bool nonemptyReloptions(const char *reloptions);
- static void appendReloptionsArrayAH(PQExpBuffer buffer, const char *reloptions,
- const char *prefix, Archive *fout);
- static char *get_synchronized_snapshot(Archive *fout);
-+static void set_restrict_relation_kind(Archive *AH, const char *value);
- static void setupDumpWorker(Archive *AH);
- static TableInfo *getRootTableInfo(const TableInfo *tbinfo);
- static bool forcePartitionRootLoad(const TableInfo *tbinfo);
-@@ -1252,6 +1253,13 @@ setup_connection(Archive *AH, const char *dumpencoding,
- ExecuteSqlStatement(AH, "SET row_security = off");
- }
-
-+ /*
-+ * For security reasons, we restrict the expansion of non-system views and
-+ * access to foreign tables during the pg_dump process. This restriction
-+ * is adjusted when dumping foreign table data.
-+ */
-+ set_restrict_relation_kind(AH, "view, foreign-table");
-+
- /*
- * Initialize prepared-query state to "nothing prepared". We do this here
- * so that a parallel dump worker will have its own state.
-@@ -2114,6 +2122,10 @@ dumpTableData_copy(Archive *fout, const void *dcontext)
- */
- if (tdinfo->filtercond || tbinfo->relkind == RELKIND_FOREIGN_TABLE)
- {
-+ /* Temporary allows to access to foreign tables to dump data */
-+ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
-+ set_restrict_relation_kind(fout, "view");
-+
- appendPQExpBufferStr(q, "COPY (SELECT ");
- /* klugery to get rid of parens in column list */
- if (strlen(column_list) > 2)
-@@ -2225,6 +2237,11 @@ dumpTableData_copy(Archive *fout, const void *dcontext)
- classname);
-
- destroyPQExpBuffer(q);
-+
-+ /* Revert back the setting */
-+ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
-+ set_restrict_relation_kind(fout, "view, foreign-table");
-+
- return 1;
- }
-
-@@ -2251,6 +2268,10 @@ dumpTableData_insert(Archive *fout, const void *dcontext)
- int rows_per_statement = dopt->dump_inserts;
- int rows_this_statement = 0;
-
-+ /* Temporary allows to access to foreign tables to dump data */
-+ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
-+ set_restrict_relation_kind(fout, "view");
-+
- /*
- * If we're going to emit INSERTs with column names, the most efficient
- * way to deal with generated columns is to exclude them entirely. For
-@@ -2490,6 +2511,10 @@ dumpTableData_insert(Archive *fout, const void *dcontext)
- destroyPQExpBuffer(insertStmt);
- free(attgenerated);
-
-+ /* Revert back the setting */
-+ if (tbinfo->relkind == RELKIND_FOREIGN_TABLE)
-+ set_restrict_relation_kind(fout, "view, foreign-table");
-+
- return 1;
- }
-
-@@ -4590,6 +4615,28 @@ is_superuser(Archive *fout)
- return false;
- }
-
-+/*
-+ * Set the given value to restrict_nonsystem_relation_kind value. Since
-+ * restrict_nonsystem_relation_kind is introduced in minor version releases,
-+ * the setting query is effective only where available.
-+ */
-+static void
-+set_restrict_relation_kind(Archive *AH, const char *value)
-+{
-+ PQExpBuffer query = createPQExpBuffer();
-+ PGresult *res;
-+
-+ appendPQExpBuffer(query,
-+ "SELECT set_config(name, '%s', false) "
-+ "FROM pg_settings "
-+ "WHERE name = 'restrict_nonsystem_relation_kind'",
-+ value);
-+ res = ExecuteSqlQuery(AH, query->data, PGRES_TUPLES_OK);
-+
-+ PQclear(res);
-+ destroyPQExpBuffer(query);
-+}
-+
- /*
- * getSubscriptions
- * get information about subscriptions
-diff --git a/src/include/tcop/tcopprot.h b/src/include/tcop/tcopprot.h
-index abd7b4fff3..e529e9f06c 100644
---- a/src/include/tcop/tcopprot.h
-+++ b/src/include/tcop/tcopprot.h
-@@ -43,6 +43,12 @@ typedef enum
-
- extern PGDLLIMPORT int log_statement;
-
-+/* Flags for restrict_nonsystem_relation_kind value */
-+#define RESTRICT_RELKIND_VIEW 0x01
-+#define RESTRICT_RELKIND_FOREIGN_TABLE 0x02
-+
-+extern PGDLLIMPORT int restrict_nonsystem_relation_kind;
-+
- extern List *pg_parse_query(const char *query_string);
- extern List *pg_rewrite_query(Query *query);
- extern List *pg_analyze_and_rewrite_fixedparams(RawStmt *parsetree,
-diff --git a/src/include/utils/guc_hooks.h b/src/include/utils/guc_hooks.h
-index 952293a1c3..0ea33fede9 100644
---- a/src/include/utils/guc_hooks.h
-+++ b/src/include/utils/guc_hooks.h
-@@ -118,6 +118,9 @@ extern void assign_recovery_target_xid(const char *newval, void *extra);
- extern bool check_role(char **newval, void **extra, GucSource source);
- extern void assign_role(const char *newval, void *extra);
- extern const char *show_role(void);
-+extern bool check_restrict_nonsystem_relation_kind(char **newval, void **extra,
-+ GucSource source);
-+extern void assign_restrict_nonsystem_relation_kind(const char *newval, void *extra);
- extern bool check_search_path(char **newval, void **extra, GucSource source);
- extern void assign_search_path(const char *newval, void *extra);
- extern bool check_session_authorization(char **newval, void **extra, GucSource source);
-diff --git a/src/test/regress/expected/create_view.out b/src/test/regress/expected/create_view.out
-index 61825ef7d4..f3f8c7b5a2 100644
---- a/src/test/regress/expected/create_view.out
-+++ b/src/test/regress/expected/create_view.out
-@@ -2202,6 +2202,21 @@ select pg_get_viewdef('tt26v', true);
- FROM ( VALUES (1,2,3)) v(x, y, z);
- (1 row)
-
-+-- test restriction on non-system view expansion.
-+create table tt27v_tbl (a int);
-+create view tt27v as select a from tt27v_tbl;
-+set restrict_nonsystem_relation_kind to 'view';
-+select a from tt27v where a > 0; -- Error
-+ERROR: access to non-system view "tt27v" is restricted
-+insert into tt27v values (1); -- Error
-+ERROR: access to non-system view "tt27v" is restricted
-+select viewname from pg_views where viewname = 'tt27v'; -- Ok to access a system view.
-+ viewname
-+----------
-+ tt27v
-+(1 row)
-+
-+reset restrict_nonsystem_relation_kind;
- -- clean up all the random objects we made above
- DROP SCHEMA temp_view_test CASCADE;
- NOTICE: drop cascades to 27 other objects
-@@ -2233,7 +2248,7 @@ drop cascades to view aliased_view_2
- drop cascades to view aliased_view_3
- drop cascades to view aliased_view_4
- DROP SCHEMA testviewschm2 CASCADE;
--NOTICE: drop cascades to 77 other objects
-+NOTICE: drop cascades to 79 other objects
- DETAIL: drop cascades to table t1
- drop cascades to view temporal1
- drop cascades to view temporal2
-@@ -2311,3 +2326,5 @@ drop cascades to view tt23v
- drop cascades to view tt24v
- drop cascades to view tt25v
- drop cascades to view tt26v
-+drop cascades to table tt27v_tbl
-+drop cascades to view tt27v
-diff --git a/src/test/regress/sql/create_view.sql b/src/test/regress/sql/create_view.sql
-index 8838a40f7a..3a78be1b0c 100644
---- a/src/test/regress/sql/create_view.sql
-+++ b/src/test/regress/sql/create_view.sql
-@@ -813,6 +813,15 @@ select x + y + z as c1,
- from (values(1,2,3)) v(x,y,z);
- select pg_get_viewdef('tt26v', true);
-
-+-- test restriction on non-system view expansion.
-+create table tt27v_tbl (a int);
-+create view tt27v as select a from tt27v_tbl;
-+set restrict_nonsystem_relation_kind to 'view';
-+select a from tt27v where a > 0; -- Error
-+insert into tt27v values (1); -- Error
-+select viewname from pg_views where viewname = 'tt27v'; -- Ok to access a system view.
-+reset restrict_nonsystem_relation_kind;
-+
- -- clean up all the random objects we made above
- DROP SCHEMA temp_view_test CASCADE;
- DROP SCHEMA testviewschm2 CASCADE;
-2.30.2
-
similarity index 82%
rename from meta-oe/recipes-dbs/postgresql/postgresql_16.3.bb
rename to meta-oe/recipes-dbs/postgresql/postgresql_16.4.bb
@@ -9,9 +9,8 @@ SRC_URI += "\
file://0003-configure.ac-bypass-autoconf-2.69-version-check.patch \
file://0004-config_info.c-not-expose-build-info.patch \
file://0005-postgresql-fix-ptest-failure-of-sysviews.patch \
- file://CVE-2024-7348.patch \
"
-SRC_URI[sha256sum] = "331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585"
+SRC_URI[sha256sum] = "971766d645aa73e93b9ef4e3be44201b4f45b5477095b049125403f9f3386d6f"
CVE_STATUS[CVE-2017-8806] = "not-applicable-config: Ddoesn't apply to out configuration of postgresql so we can safely ignore it."