From f80e1eeb88c4c5efd17e96386c19420a9cb7e347 Mon Sep 17 00:00:00 2001
From: Alex Chi Z <iskyzh@gmail.com>
Date: Mon, 12 Feb 2024 15:33:53 -0500
Subject: [PATCH 1/4] fix superuser permission check for extensions (#359)

Signed-off-by: Alex Chi Z <chi@neon.tech>
---
 src/backend/commands/extension.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
index 74cc7379e77..33d29db81c8 100644
--- a/src/backend/commands/extension.c
+++ b/src/backend/commands/extension.c
@@ -874,7 +874,7 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
 	 * here so that the control flags are correctly associated with the right
 	 * script(s) if they happen to be set in secondary control files.
 	 */
-	if (control->superuser && !superuser())
+	if (control->superuser && !superuser() && !is_neon_superuser())
 	{
 		if (extension_is_trusted(control))
 			switch_to_superuser = true;

From cd320f026356571e091fb994cd336ee61a0f192f Mon Sep 17 00:00:00 2001
From: Alex Chi Z <iskyzh@gmail.com>
Date: Wed, 14 Feb 2024 09:19:30 -0500
Subject: [PATCH 2/4] fix superuser permission check for func create (#367)

* fix superuser permission check for func create

Signed-off-by: Alex Chi Z <chi@neon.tech>

* only allow native function when creating trusted extensions

Signed-off-by: Alex Chi Z <chi@neon.tech>

---------

Signed-off-by: Alex Chi Z <chi@neon.tech>
---
 src/backend/commands/functioncmds.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c
index 00a6d282cfd..2b2429bc18d 100644
--- a/src/backend/commands/functioncmds.c
+++ b/src/backend/commands/functioncmds.c
@@ -1125,7 +1125,7 @@ CreateFunction(ParseState *pstate, CreateFunctionStmt *stmt)
 	else
 	{
 		/* if untrusted language, must be superuser */
-		if (!superuser())
+		if (!(superuser() || (is_neon_superuser() && creating_extension)))
 			aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_LANGUAGE,
 						   NameStr(languageStruct->lanname));
 	}
@@ -2129,7 +2129,7 @@ ExecuteDoStmt(ParseState *pstate, DoStmt *stmt, bool atomic)
 	else
 	{
 		/* if untrusted language, must be superuser */
-		if (!superuser())
+		if (!(superuser() || (is_neon_superuser() && creating_extension)))
 			aclcheck_error(ACLCHECK_NO_PRIV, OBJECT_LANGUAGE,
 						   NameStr(languageStruct->lanname));
 	}

From 9eef016e18bf61753e3cbaa755f705db6a4f7b1d Mon Sep 17 00:00:00 2001
From: Heikki Linnakangas <heikki.linnakangas@iki.fi>
Date: Tue, 13 Feb 2024 21:23:41 +0200
Subject: [PATCH 3/4] Fix 'mmap' DSM implementation with allocations larger
 than 4 GB

Fixes bug #18341. Backpatch to all supported versions.

Discussion: https://www.postgresql.org/message-id/18341-ce16599e7fd6228c@postgresql.org
---
 src/backend/storage/ipc/dsm_impl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/storage/ipc/dsm_impl.c b/src/backend/storage/ipc/dsm_impl.c
index 340048a0d1e..77a195b4836 100644
--- a/src/backend/storage/ipc/dsm_impl.c
+++ b/src/backend/storage/ipc/dsm_impl.c
@@ -880,7 +880,7 @@ dsm_impl_mmap(dsm_op op, dsm_handle handle, Size request_size,
 		 * transferring data to the kernel.
 		 */
 		char	   *zbuffer = (char *) palloc0(ZBUFFER_SIZE);
-		uint32		remaining = request_size;
+		Size		remaining = request_size;
 		bool		success = true;
 
 		/*

From 8a2a439bbeaeea950532d4acf66dac73d0da0920 Mon Sep 17 00:00:00 2001
From: Konstantin Knizhnik <knizhnik@neon.tech>
Date: Mon, 19 Feb 2024 21:25:22 +0200
Subject: [PATCH 4/4] Flush logical messages with snapshots and replication
 origin

---
 src/backend/replication/logical/origin.c    | 2 +-
 src/backend/replication/logical/snapbuild.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/backend/replication/logical/origin.c b/src/backend/replication/logical/origin.c
index c9a077ba8be..6ce6252951d 100644
--- a/src/backend/replication/logical/origin.c
+++ b/src/backend/replication/logical/origin.c
@@ -676,7 +676,7 @@ CheckPointReplicationOrigin(void)
 		chkp_size += sizeof(crc);
 
 		/* NEON specific: persist snapshot in storage using logical message */
-		LogLogicalMessage("neon-file:pg_logical/replorigin_checkpoint", buf, chkp_size, false);
+		XLogFlush(LogLogicalMessage("neon-file:pg_logical/replorigin_checkpoint", buf, chkp_size, false));
 	}
 	pfree(buf);
 
diff --git a/src/backend/replication/logical/snapbuild.c b/src/backend/replication/logical/snapbuild.c
index 53b72310139..be7624ec203 100644
--- a/src/backend/replication/logical/snapbuild.c
+++ b/src/backend/replication/logical/snapbuild.c
@@ -1737,7 +1737,7 @@ SnapBuildSerialize(SnapBuild *builder, XLogRecPtr lsn)
 
 	/* NEON specific: persist snapshot in storage using logical message */
 	snprintf(prefix, sizeof(prefix), "neon-file:%s", path);
-	LogLogicalMessage(prefix, (char*)ondisk, needed_length, false);
+	XLogFlush(LogLogicalMessage(prefix, (char*)ondisk, needed_length, false));
 
 	errno = 0;
 	pgstat_report_wait_start(WAIT_EVENT_SNAPBUILD_WRITE);
@@ -2106,7 +2106,7 @@ CheckPointSnapBuild(void)
 
 			/* NEON specific: delete file from storage using logical message */
 			snprintf(prefix, sizeof(prefix), "neon-file:%s", path);
-			LogLogicalMessage(prefix, NULL, 0, false);
+			XLogFlush(LogLogicalMessage(prefix, NULL, 0, false));
 
 			/*
 			 * It's not particularly harmful, though strange, if we can't