Use "create" without "or replace" in extension sql scripts.

Fixes security issue spotted by Sven Klemm, thanks! https://www.postgresql.org/docs/current/extend-extensions.html#EXTEND-EXTENSIONS-SECURITY Cc: @svenklemm
df7cb · May 16, 2022 · 9c4e3f2 · 9c4e3f2
1 parent 34d21af
commit 9c4e3f2
Show file tree

Hide file tree

Showing 9 changed files with 17 additions and 10 deletions.
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,10 @@
+postgresql-unit (7.5-1) UNRELEASED; urgency=medium
+
+  * Use "create" without "or replace" in extension sql scripts.
+    Fixes security issue spotted by Sven Klemm, thanks!
+
+ -- Christoph Berg <[email protected]>  Mon, 16 May 2022 15:40:32 +0200
+
 postgresql-unit (7.4-2) unstable; urgency=medium
 
   * B-D on postgresql-server-dev-all only instead of postgresql-all since we

diff --git a/expected/units.out b/expected/units.out
@@ -2720,7 +2720,7 @@ SELECT name, unit, unit::text::unit, definition FROM unit_units WHERE unit::text
 
 -- prefix-unit combinations that are ambiguous
 /*
-CREATE OR REPLACE FUNCTION valid_unit(u text)
+CREATE FUNCTION valid_unit(u text)
 RETURNS boolean LANGUAGE plpgsql
 AS $$
 BEGIN

diff --git a/sql/units.sql b/sql/units.sql
@@ -16,7 +16,7 @@ SELECT name, unit, unit::text::unit, definition FROM unit_units WHERE unit::text
 
 -- prefix-unit combinations that are ambiguous
 /*
-CREATE OR REPLACE FUNCTION valid_unit(u text)
+CREATE FUNCTION valid_unit(u text)
 RETURNS boolean LANGUAGE plpgsql
 AS $$
 BEGIN

diff --git a/unit--1--2.sql b/unit--1--2.sql
@@ -1,7 +1,7 @@
 ALTER TYPE unit_accum_t
 	ADD ATTRIBUTE squares double precision;
 
-CREATE OR REPLACE FUNCTION unit_accum(a unit_accum_t, u unit)
+CREATE FUNCTION unit_accum(a unit_accum_t, u unit)
 	RETURNS unit_accum_t
 	AS $$SELECT (CASE WHEN a.s = '0'::unit THEN u ELSE a.s + u END, a.squares + value(u)^2, a.n + 1)::unit_accum_t$$
 	LANGUAGE SQL IMMUTABLE STRICT;

diff --git a/unit--1.sql b/unit--1.sql
@@ -16,12 +16,12 @@ GNU General Public License for more details.
 
 CREATE TYPE unit;
 
-CREATE OR REPLACE FUNCTION unit_in(cstring)
+CREATE FUNCTION unit_in(cstring)
   RETURNS unit
   AS '$libdir/unit'
   LANGUAGE C IMMUTABLE STRICT;
 
-CREATE OR REPLACE FUNCTION unit_out(unit)
+CREATE FUNCTION unit_out(unit)
   RETURNS cstring
   AS '$libdir/unit'
   LANGUAGE C IMMUTABLE STRICT;

diff --git a/unit--2.sql b/unit--2.sql
@@ -16,12 +16,12 @@ GNU General Public License for more details.
 
 CREATE TYPE unit;
 
-CREATE OR REPLACE FUNCTION unit_in(cstring)
+CREATE FUNCTION unit_in(cstring)
   RETURNS unit
   AS '$libdir/unit'
   LANGUAGE C IMMUTABLE STRICT;
 
-CREATE OR REPLACE FUNCTION unit_out(unit)
+CREATE FUNCTION unit_out(unit)
   RETURNS cstring
   AS '$libdir/unit'
   LANGUAGE C IMMUTABLE STRICT;

diff --git a/unit--5--6.sql.in b/unit--5--6.sql.in
@@ -1,6 +1,6 @@
 GRANT SELECT ON unit_prefixes, unit_units TO PUBLIC;
 
-CREATE OR REPLACE FUNCTION unit_load()
+CREATE FUNCTION unit_load()
 	RETURNS VOID
 	LANGUAGE plpgsql
 	AS $$BEGIN

diff --git a/unit--6.sql.in b/unit--6.sql.in
@@ -57,7 +57,7 @@ SELECT pg_catalog.pg_extension_config_dump('unit_units', 'WHERE dump');
 
 GRANT SELECT ON unit_prefixes, unit_units TO PUBLIC;
 
-CREATE OR REPLACE FUNCTION unit_load()
+CREATE FUNCTION unit_load()
 	RETURNS VOID
 	LANGUAGE plpgsql
 	AS $$BEGIN

diff --git a/unit--7.sql.in b/unit--7.sql.in
@@ -69,7 +69,7 @@ SELECT pg_catalog.pg_extension_config_dump('unit_units', 'WHERE dump');
 
 GRANT SELECT ON unit_prefixes, unit_units TO PUBLIC;
 
-CREATE OR REPLACE FUNCTION unit_load()
+CREATE FUNCTION unit_load()
 	RETURNS VOID
 	LANGUAGE plpgsql
 	AS $$BEGIN