[SCM] PostGIS branch master updated. 3.6.0rc2-372-g88ad88be1

Fri Mar 6 13:15:11 PST 2026

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, master has been updated
       via  88ad88be10d113781a2a8f4e67820a3cdb40638b (commit)
      from  15349103ef89627d9be54a67bd81eabed3ca1072 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 88ad88be10d113781a2a8f4e67820a3cdb40638b
Author: Paul Ramsey <pramsey at cleverelephant.ca>
Date:   Fri Mar 6 11:28:09 2026 -0800

    Remove rare extension priv escalation case, where account
    with extension create privs can escalate to superuser
    by piggy backing on an extension creation event.
    From Sven Klemm (Tiger Data) and Allistair Ishmael Hakim (allistair.sh)

diff --git a/libpgcommon/sql/AddToSearchPath.sql.inc b/libpgcommon/sql/AddToSearchPath.sql.inc
index a5e02279e..ff313406c 100644
--- a/libpgcommon/sql/AddToSearchPath.sql.inc
+++ b/libpgcommon/sql/AddToSearchPath.sql.inc
@@ -16,10 +16,10 @@ DECLARE
 BEGIN
 	WITH settings AS (
 		SELECT unnest(setconfig) config
-		FROM pg_db_role_setting
+		FROM pg_catalog.pg_db_role_setting
 		WHERE setdatabase = (
 			SELECT oid
-			FROM pg_database
+			FROM pg_catalog.pg_database
 			WHERE datname = current_database()
 		) and setrole = 0
 	)
@@ -30,10 +30,10 @@ BEGIN
 	RAISE NOTICE 'cur_search_path from pg_db_role_setting is %', var_cur_search_path;
 
 	-- only run this test if person creating the extension is a super user
-	IF var_cur_search_path IS NULL AND (SELECT rolsuper FROM pg_roles where rolname = CURRENT_USER) THEN
+	IF var_cur_search_path IS NULL AND (SELECT rolsuper FROM pg_catalog.pg_roles where rolname = CURRENT_USER) THEN
 		SELECT setting
 		INTO var_cur_search_path
-		FROM pg_file_settings
+		FROM pg_catalog.pg_file_settings
 		WHERE name = 'search_path' AND applied;
 
 		RAISE NOTICE 'cur_search_path from pg_file_settings is %', var_cur_search_path;
@@ -42,7 +42,7 @@ BEGIN
 	IF var_cur_search_path IS NULL THEN
 		SELECT boot_val
 		INTO var_cur_search_path
-		FROM pg_settings
+		FROM pg_catalog.pg_settings
 		WHERE name = 'search_path';
 
 		RAISE NOTICE 'cur_search_path from pg_settings is %', var_cur_search_path;
@@ -63,7 +63,8 @@ BEGIN
   RETURN var_result;
 END
 $BODY$
-SET search_path = pg_catalog -- make safe
+-- explicitly move pg_temp after pg_catalog in search path
+SET search_path = pg_catalog, pg_temp
 LANGUAGE 'plpgsql' VOLATILE STRICT
 ;
 

-----------------------------------------------------------------------

Summary of changes:
 libpgcommon/sql/AddToSearchPath.sql.inc | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
PostGIS
