Schema qualify pg_catalog functions and tables

[robe]

To better protect against ​https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path

during PostGIS install and upgrade.

The focus is on CREATE EXTENSION / select postgis_extensions_upgrade() / ALTER EXTENSION

I think the tables to change are not necessary, although in theory we should be since someone could define such tables in the schema they install postgis (like a view that calls a function). I will be replacing these as well to prevent a rogue actor forcing some change by replacing key tables/views in pg_catalog.

Sadly I think this changes quite a few files.

[robe]

pull requests ready to go for

2.4 - ​https://git.osgeo.org/gitea/postgis/postgis/pulls/82 2.5 - ​https://git.osgeo.org/gitea/postgis/postgis/pulls/80 3.0 - ​https://git.osgeo.org/gitea/postgis/postgis/pulls/79 3.1 - ​https://git.osgeo.org/gitea/postgis/postgis/pulls/77 (this is showing error at moment, will fix in a bit)

[robe]

3.2 - ​https://git.osgeo.org/gitea/postgis/postgis/pulls/83

[Regina Obe <lr@…>]

In e3921ac/git:

search_path vulnerability during install. References #5069 for PostGIS 3.1.5

[Regina Obe <lr@…>]

In 2d3e08b9/git:

More missed spots. References #5069 for PostGIS 3.1.5

[Regina Obe <lr@…>]

In 7e88a07/git:

Search path vulnerability during install/upgrade. References #5069 for PostGIS 3.0.5

[Regina Obe <lr@…>]

In 539761b6/git:

Search_path vulnerability during install. References #5069 for PostGIS 2.5.6

[Regina Obe <lr@…>]

In 4834a9f/git:

search_path vulnerability during install/upgrade.
References #5069 for PostGIS 3.2.1

[Regina Obe <lr@…>]

In 0b67924/git:

search_path vulnerability during install. References #5069

[pramsey]

Close?