postgresql.git - This is the main PostgreSQL git repository.

Age	Commit message (Collapse)	Author
2022-01-08	Update copyright for 2022	Bruce Momjian
	Backpatch-through: 10
2021-01-02	Update copyright for 2021	Bruce Momjian
	Backpatch-through: 9.5
2020-01-01	Update copyrights for 2020	Bruce Momjian
	Backpatch-through: update all files in master, backpatch legal files through 9.4
2019-07-04	Introduce safer encoding and decoding routines for base64.c	Michael Paquier
	This is a follow-up refactoring after 09ec55b and b674211, which has proved that the encoding and decoding routines used by SCRAM have a poor interface when it comes to check after buffer overflows. This adds an extra argument in the shape of the length of the result buffer for each routine, which is used for overflow checks when encoding or decoding an input string. The original idea comes from Tom Lane. As a result of that, the encoding routine can now fail, so all its callers are adjusted to generate proper error messages in case of problems. On failure, the result buffer gets zeroed. Author: Michael Paquier Reviewed-by: Daniel Gustafsson Discussion: https://postgr.es/m/[email protected]
2019-01-02	Update copyright for 2019	Bruce Momjian
	Backpatch-through: certain files through 9.4
2018-01-03	Update copyright for 2018	Bruce Momjian
	Backpatch-through: certain files through 9.3
2017-03-07	Fix comments in SCRAM-SHA-256 patch.	Heikki Linnakangas
	Amit Kapila.
2017-03-07	Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).	Heikki Linnakangas
	This introduces a new generic SASL authentication method, similar to the GSS and SSPI methods. The server first tells the client which SASL authentication mechanism to use, and then the mechanism-specific SASL messages are exchanged in AuthenticationSASLcontinue and PasswordMessage messages. Only SCRAM-SHA-256 is supported at the moment, but this allows adding more SASL mechanisms in the future, without changing the overall protocol. Support for channel binding, aka SCRAM-SHA-256-PLUS is left for later. The SASLPrep algorithm, for pre-processing the password, is not yet implemented. That could cause trouble, if you use a password with non-ASCII characters, and a client library that does implement SASLprep. That will hopefully be added later. Authorization identities, as specified in the SCRAM-SHA-256 specification, are ignored. SET SESSION AUTHORIZATION provides more or less the same functionality, anyway. If a user doesn't exist, perform a "mock" authentication, by constructing an authentic-looking challenge on the fly. The challenge is derived from a new system-wide random value, "mock authentication nonce", which is created at initdb, and stored in the control file. We go through these motions, in order to not give away the information on whether the user exists, to unauthenticated users. Bumps PG_CONTROL_VERSION, because of the new field in control file. Patch by Michael Paquier and Heikki Linnakangas, reviewed at different stages by Robert Haas, Stephen Frost, David Steele, Aleksander Alekseev, and many others. Discussion: https://www.postgresql.org/message-id/CAB7nPqRbR3GmFYdedCAhzukfKrgBLTLtMvENOmPrVWREsZkF8g%40mail.gmail.com Discussion: https://www.postgresql.org/message-id/CAB7nPqSMXU35g%3DW9X74HVeQp0uvgJxvYOuA4A-A3M%2B0wfEBv-w%40mail.gmail.com Discussion: https://www.postgresql.org/message-id/[email protected]