Home > mailing lists

pgsql: Back-patch "Only quote libpq connection string values that need - Mailing list pgsql-committers

From	Noah Misch
Subject	pgsql: Back-patch "Only quote libpq connection string values that need
Date	August 11, 2016 20:05:39
Msg-id	E1bWlGS-0006pa-MW@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Back-patch "Only quote libpq connection string values that need quoting."

Back-patch commit 2953cd6d17210935098c803c52c6df5b12a725b9 and certain
runPgDump() bits of 3dee636e0404885d07885d41c0d70e50c784f324 to 9.2 and
9.1.  This synchronizes their doConnStrQuoting() implementations with
later releases.  Subsequent security patches will modify that function.

Security: CVE-2016-5424

Branch
------
REL9_2_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/a19edcd2407d7dc8677513d1770e41b11a851163

Modified Files
--------------
src/bin/pg_dump/pg_dumpall.c | 48 +++++++++++++++++++++++++++++++++-----------
1 file changed, 36 insertions(+), 12 deletions(-)

pgsql-committers by date:

From: Noah Misch
Date: 11 August 2016, 20:05:38
Subject: pgsql: Reject, in pg_dumpall, names containing CR or LF.

From: Noah Misch
Date: 11 August 2016, 20:05:51
Subject: pgsql: Sort out paired double quotes in \connect, \password and \crosst

pgsql: Back-patch "Only quote libpq connection string values that need - Mailing list pgsql-committers

Previous

Next