Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-committers-owner+archive@lists.postgresql.org>)
	id 1wNXnd-000tNR-18
	for pgsql-committers@arkaria.postgresql.org;
	Thu, 14 May 2026 15:16:33 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-committers-owner+archive@lists.postgresql.org>)
	id 1wNX44-00D4jH-08
	for pgsql-committers@arkaria.postgresql.org;
	Thu, 14 May 2026 14:29:28 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <noah@leadboat.com>)
	id 1wMPcK-000mRI-0O
	for pgsql-committers@lists.postgresql.org;
	Mon, 11 May 2026 12:20:12 +0000
Received: from mahout.postgresql.org ([72.32.157.227])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <noah@leadboat.com>)
	id 1wMPbv-000000002LF-3ePX
	for pgsql-committers@lists.postgresql.org;
	Mon, 11 May 2026 12:20:11 +0000
Received: from gemulon.postgresql.org ([72.32.157.198])
	by mahout.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <noah@leadboat.com>)
	id 1wMPbn-0005aq-36
	for pgsql-committers@lists.postgresql.org;
	Mon, 11 May 2026 12:19:40 +0000
Received: from localhost ([127.0.0.1] helo=gemulon.postgresql.org)
	by gemulon.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <noah@leadboat.com>)
	id 1wMPbn-0002br-2F
	for pgsql-committers@lists.postgresql.org;
	Mon, 11 May 2026 12:19:39 +0000
Content-Type: multipart/mixed; boundary="===============0405246559528966371=="
MIME-Version: 1.0
From: Noah Misch <noah@leadboat.com>
To: pgsql-committers@lists.postgresql.org
Subject: pgsql: Prevent path traversal in pg_basebackup and pg_rewind
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
Message-Id: <E1wMPbn-0002br-2F@gemulon.postgresql.org>
Date: Mon, 11 May 2026 12:19:39 +0000
List-Id: <pgsql-committers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-committers@lists.postgresql.org>
List-Owner: <mailto:pgsql-committers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-committers>
Archived-At: 
 <https://www.postgresql.org/message-id/E1wMPbn-0002br-2F%40gemulon.postgresql.org>
Precedence: bulk

--===============0405246559528966371==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64

UHJldmVudCBwYXRoIHRyYXZlcnNhbCBpbiBwZ19iYXNlYmFja3VwIGFuZCBwZ19yZXdpbmQKCnBn
X3Jld2luZCBhbmQgcGdfYmFzZWJhY2t1cCBjb3VsZCBiZSBmZWQgcGF0aHMgZnJvbSByb2d1ZSBl
bmRwb2ludHMgdGhhdApjb3VsZCBvdmVyd3JpdGUgdGhlIGNvbnRlbnRzIG9mIHRoZSBjbGllbnQg
d2hlbiByZWNlaXZlZCwgYWNoaWV2aW5nIHBhdGgKdHJhdmVyc2FsLgoKVGhlcmUgd2VyZSB0d28g
YXJlYXMgaW4gdGhlIHRyZWUgdGhhdCB3ZXJlIHNlbnNpdGl2ZSB0byB0aGlzIHByb2JsZW06Ci0g
cGdfYmFzZWJhY2t1cCwgdGhyb3VnaCB0aGUgYXN0cmVhbWVyIGNvZGUsIHdoZXJlIG5vIHZhbGlk
YXRpb24gd2FzCnBlcmZvcm1lZCBiZWZvcmUgYnVpbGRpbmcgYW4gb3V0cHV0IHBhdGggd2hlbiBz
dHJlYW1pbmcgdGFyIGRhdGEuICBUaGlzCmlzIGFuIGlzc3VlIGluIHYxNSBhbmQgbmV3ZXIgdmVy
c2lvbnMuCi0gcGdfcmV3aW5kIGZpbGUgb3BlcmF0aW9ucyBmb3IgcGF0aHMgcmVjZWl2ZWQgdGhy
b3VnaCBsaWJwcSwgZm9yIGFsbAp0aGUgc3RhYmxlIGJyYW5jaGVzIHN1cHBvcnRlZC4KCkluIG9y
ZGVyIHRvIGFkZHJlc3MgdGhpcyBwcm9ibGVtLCB0aGlzIGNvbW1pdCBhZGRzIGEgaGVscGVyIGZ1
bmN0aW9uIGluCnBhdGguYywgdGhhdCByZXVzZXMgcGF0aF9pc19yZWxhdGl2ZV9hbmRfYmVsb3df
Y3dkKCkgYWZ0ZXIgYXBwbHlpbmcKY2Fub25pY2FsaXplX3BhdGgoKS4gIFRoaXMgY2FuIGJlIHVz
ZWQgdG8gdmFsaWRhdGUgdGhlIHBhdGhzIHJlY2VpdmVkCmZyb20gYSBjb25uZWN0aW9uIHBvaW50
LiAgQSBwYXRoIGlzIGNvbnNpZGVyZWQgaW52YWxpZCBpZiBhbnkgb2YgdGhlIHR3bwpmb2xsb3dp
bmcgY29uZGl0aW9ucyBpcyBzYXRpc2ZpZWQ6Ci0gVGhlIHBhdGggaXMgYWJzb2x1dGUuCi0gVGhl
IHBhdGggaW5jbHVkZXMgYSBkaXJlY3QgcGFyZW50LWRpcmVjdG9yeSByZWZlcmVuY2UuCgpSZXBv
cnRlZC1ieTogWGxhYkFJIFRlYW0gb2YgVGVuY2VudCBYdWFud3UgTGFiClJlcG9ydGVkLWJ5OiBW
YWxlcnkgR3ViYW5vdiA8dmFsZXJ5Z3ViYW5vdjk1QGdtYWlsLmNvbT4KQXV0aG9yOiBNaWNoYWVs
IFBhcXVpZXIgPG1pY2hhZWxAcGFxdWllci54eXo+ClJldmlld2VkLWJ5OiBBbWl0IEthcGlsYSA8
YW1pdC5rYXBpbGExNkBnbWFpbC5jb20+CkJhY2twYXRjaC10aHJvdWdoOiAxNApTZWN1cml0eTog
Q1ZFLTIwMjYtNjQ3NQoKQnJhbmNoCi0tLS0tLQpSRUxfMTZfU1RBQkxFCgpEZXRhaWxzCi0tLS0t
LS0KaHR0cHM6Ly9naXQucG9zdGdyZXNxbC5vcmcvcGcvY29tbWl0ZGlmZi82Nzc4YWYxM2UyODNj
NTkzZmUwYzE2YWViNmVkOTUzYTA4MGU1ODJiCkF1dGhvcjogTWljaGFlbCBQYXF1aWVyIDxtaWNo
YWVsQHBhcXVpZXIueHl6PgoKTW9kaWZpZWQgRmlsZXMKLS0tLS0tLS0tLS0tLS0Kc3JjL2Jpbi9w
Z19iYXNlYmFja3VwL2Jic3RyZWFtZXJfZmlsZS5jIHwgMTIgKysrKysrKysrKysrCnNyYy9iaW4v
cGdfYmFzZWJhY2t1cC9iYnN0cmVhbWVyX3Rhci5jICB8ICAzICsrKwpzcmMvYmluL3BnX3Jld2lu
ZC9maWxlX29wcy5jICAgICAgICAgICAgfCAyMyArKysrKysrKysrKysrKysrKysrKysrKwpzcmMv
aW5jbHVkZS9wb3J0LmggICAgICAgICAgICAgICAgICAgICAgfCAgMSArCnNyYy9wb3J0L3BhdGgu
YyAgICAgICAgICAgICAgICAgICAgICAgICB8IDE3ICsrKysrKysrKysrKysrKysrCjUgZmlsZXMg
Y2hhbmdlZCwgNTYgaW5zZXJ0aW9ucygrKQoK

--===============0405246559528966371==--