[postgis-tickets] [SCM] PostGIS branch master updated. 3.3.0rc2-289-g1f3fc078f

git at osgeo.org git at osgeo.org
Thu Oct 27 10:06:20 PDT 2022 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, master has been updated
       via  1f3fc078faa66ed6596a5715883fe77764ae071f (commit)
      from  030dfee6d13c43d00781d60bdba6d294517b9634 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1f3fc078faa66ed6596a5715883fe77764ae071f
Author: Sandro Santilli <strk at kbt.io>
Date:   Fri Jul 29 11:13:33 2022 +0200

    Drop security definers and add check to verify it

diff --git a/postgis/postgis.sql.in b/postgis/postgis.sql.in
index dc5e93fd9..31e7202ae 100644
--- a/postgis/postgis.sql.in
+++ b/postgis/postgis.sql.in
@@ -1134,23 +1134,26 @@ CREATE OR REPLACE FUNCTION ST_MakeBox2d(geom1 geometry, geom2 geometry)
 -----------------------------------------------------------------------
 
 -- Availability: 2.3.0
+-- Changed: 3.4.0 drop security definer
 CREATE OR REPLACE FUNCTION ST_EstimatedExtent(text,text,text,boolean) RETURNS box2d AS
 	'MODULE_PATHNAME', 'gserialized_estimated_extent'
-	LANGUAGE 'c' STABLE STRICT SECURITY DEFINER;
+	LANGUAGE 'c' STABLE STRICT;
 
 -- Availability: 2.1.0
+-- Changed: 3.4.0 drop security definer
 CREATE OR REPLACE FUNCTION ST_EstimatedExtent(text,text,text) RETURNS box2d AS
 	'MODULE_PATHNAME', 'gserialized_estimated_extent'
-	LANGUAGE 'c' STABLE STRICT SECURITY DEFINER;
+	LANGUAGE 'c' STABLE STRICT;
 
 -----------------------------------------------------------------------
 -- ST_ESTIMATED_EXTENT( <table name>, <column name> )
 -----------------------------------------------------------------------
 
 -- Availability: 2.1.0
+-- Changed: 3.4.0 drop security definer
 CREATE OR REPLACE FUNCTION ST_EstimatedExtent(text,text) RETURNS box2d AS
 	'MODULE_PATHNAME', 'gserialized_estimated_extent'
-	LANGUAGE 'c' STABLE STRICT SECURITY DEFINER;
+	LANGUAGE 'c' STABLE STRICT;
 
 -----------------------------------------------------------------------
 -- FIND_EXTENT( <schema name>, <table name>, <column name> )
diff --git a/regress/core/regress.sql b/regress/core/regress.sql
index 17982981e..62de3563d 100644
--- a/regress/core/regress.sql
+++ b/regress/core/regress.sql
@@ -341,7 +341,7 @@ ORDER BY 2;
 
 -- Make sure all postgis functions are owned by the
 -- same role as postgis_lib_version
-SELECT DISTINCT 'unexpected ownership', proname || ':' || proowner::regrole
+SELECT DISTINCT 'unexpected ownership', oid::regprocedure,  proowner::regrole
 FROM pg_proc
 WHERE (
 	probin like '%postgis%'
@@ -359,6 +359,19 @@ AND proowner !=
 )
 ORDER BY 2;
 
+-- Make sure all postgis functions are SECURITY INVOKER
+SELECT DISTINCT 'unexpected security definer', oid::regprocedure, prosecdef
+FROM pg_proc
+WHERE (
+	probin like '%postgis%'
+  OR (
+		probin is null and
+		oid::regprocedure::text like 'st\_%' or
+		oid::regprocedure::text like 'postgis_%'
+	)
+)
+AND prosecdef
+ORDER BY oid;
 
 SELECT 'UNEXPECTED', postgis_full_version()
 	WHERE postgis_full_version() LIKE '%UNPACKAGED%'

-----------------------------------------------------------------------

Summary of changes:
 postgis/postgis.sql.in   |  9 ++++++---
 regress/core/regress.sql | 15 ++++++++++++++-
 2 files changed, 20 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
PostGIS

More information about the postgis-tickets mailing list