diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index 5e71a2e..4c32fd8 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -8520,7 +8520,15 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l
      <row>
       <entry><structfield>superuser</structfield></entry>
       <entry><type>bool</type></entry>
-      <entry>True if only superusers are allowed to install this extension</entry>
+      <entry>True if only superusers are allowed to install this extension
+       (but see <structfield>trustable</structfield>)</entry>
+     </row>
+
+     <row>
+      <entry><structfield>trustable</structfield></entry>
+      <entry><type>bool</type></entry>
+      <entry>True if the extension can be installed by non-superusers when
+       configuration settings permit</entry>
      </row>
 
      <row>
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 89284dc..ff4520b 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -8447,6 +8447,78 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir'
       </listitem>
      </varlistentry>
 
+     <varlistentry id="guc-trusted-extensions-dba" xreflabel="trusted_extensions_dba">
+      <term><varname>trusted_extensions_dba</varname> (<type>string</type>)
+      <indexterm>
+       <primary><varname>trusted_extensions_dba</varname> configuration parameter</primary>
+      </indexterm>
+      </term>
+      <listitem>
+       <para>
+        This parameter is a regular expression that matches the names of
+        trustable extensions that database owners are allowed to install
+        into their databases
+        (that is, run <xref linkend="sql-createextension"/> on; the
+        extension's files must already be present in the installation).
+        See <xref linkend="extend-extensions"/> for more information.
+        Regular expressions are explained in
+        <xref linkend="posix-syntax-details"/>.
+       </para>
+
+       <para>
+        The default value for this parameter is
+        <literal>'^pl'</literal>, which matches any extension whose name
+        begins with <literal>pl</literal>.  This allows database owners to
+        install trusted procedural languages, which was the hard-wired
+        behavior in older <productname>PostgreSQL</productname> versions.
+       </para>
+
+       <para>
+        This parameter can be changed at run time by superusers, but a
+        setting done that way will only persist until the end of the
+        client connection, so this method should be reserved for
+        development purposes. The recommended way to set this parameter
+        is in the <filename>postgresql.conf</filename> configuration
+        file.
+       </para>
+      </listitem>
+     </varlistentry>
+
+     <varlistentry id="guc-trusted-extensions-anyone" xreflabel="trusted_extensions_anyone">
+      <term><varname>trusted_extensions_anyone</varname> (<type>string</type>)
+      <indexterm>
+       <primary><varname>trusted_extensions_anyone</varname> configuration parameter</primary>
+      </indexterm>
+      </term>
+      <listitem>
+       <para>
+        This parameter is a regular expression that matches the names of
+        trustable extensions that any SQL user is allowed to install
+        (that is, run <xref linkend="sql-createextension"/> on; the
+        extension's files must already be present in the installation).
+        See <xref linkend="extend-extensions"/> for more information.
+        Regular expressions are explained in
+        <xref linkend="posix-syntax-details"/>.
+       </para>
+
+       <para>
+        The default value for this parameter is
+        <literal>'^$'</literal>, which matches no extension names, thus
+        forbidding unprivileged users from installing any extensions that
+        require superuser privileges to install.
+       </para>
+
+       <para>
+        This parameter can be changed at run time by superusers, but a
+        setting done that way will only persist until the end of the
+        client connection, so this method should be reserved for
+        development purposes. The recommended way to set this parameter
+        is in the <filename>postgresql.conf</filename> configuration
+        file.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry id="guc-gin-fuzzy-search-limit" xreflabel="gin_fuzzy_search_limit">
       <term><varname>gin_fuzzy_search_limit</varname> (<type>integer</type>)
       <indexterm>
diff --git a/doc/src/sgml/extend.sgml b/doc/src/sgml/extend.sgml
index b5e59d5..8049934 100644
--- a/doc/src/sgml/extend.sgml
+++ b/doc/src/sgml/extend.sgml
@@ -576,6 +576,33 @@
         version.  If it is set to <literal>false</literal>, just the privileges
         required to execute the commands in the installation or update script
         are required.
+        This should normally be set to <literal>true</literal> if any of the
+        script commands require superuser privileges.  (Such commands would
+        fail anyway, but it's more user-friendly to give the error up front.)
+       </para>
+      </listitem>
+     </varlistentry>
+
+     <varlistentry>
+      <term><varname>trustable</varname> (<type>boolean</type>)</term>
+      <listitem>
+       <para>
+        This parameter, if set to <literal>true</literal> (which is not the
+        default), allows non-superusers to install an extension that
+        has <varname>superuser</varname> set to <literal>true</literal>.
+        The extension must <emphasis>also</emphasis> be considered
+        trustable by the installation's configuration parameters (see
+        <xref linkend="guc-trusted-extensions-dba"/> and
+        <xref linkend="guc-trusted-extensions-anyone"/>) before this is
+        allowed.  If both requirements hold and the user
+        executing <command>CREATE EXTENSION</command> is not a superuser,
+        then the installation or update script is run as the bootstrap
+        superuser, not as the calling user.
+        This parameter is irrelevant if <varname>superuser</varname> is
+        <literal>false</literal>.
+        Generally, this should not be set true for extensions that would
+        allow access to otherwise-superuser-only abilities, such as
+        untrusted procedural languages.
        </para>
       </listitem>
      </varlistentry>
@@ -642,6 +669,18 @@
     </para>
 
     <para>
+     If the extension script contains the
+     string <literal>@extowner@</literal>, that string is replaced with the
+     (suitably quoted) name of the user calling <command>CREATE
+     EXTENSION</command> or <command>ALTER EXTENSION</command>.  Typically
+     this feature is used by extensions that are marked trustable to assign
+     ownership of selected objects to the calling user rather than the
+     bootstrap superuser.  (One should be careful about doing so, however.
+     For example, assigning ownership of a C-language function to a
+     non-superuser would create a privilege escalation path for that user.)
+    </para>
+
+    <para>
      While the script files can contain any characters allowed by the specified
      encoding, control files should contain only plain ASCII, because there
      is no way for <productname>PostgreSQL</productname> to know what encoding a
diff --git a/doc/src/sgml/ref/create_extension.sgml b/doc/src/sgml/ref/create_extension.sgml
index 36837f9..ee59bfe 100644
--- a/doc/src/sgml/ref/create_extension.sgml
+++ b/doc/src/sgml/ref/create_extension.sgml
@@ -47,14 +47,28 @@ CREATE EXTENSION [ IF NOT EXISTS ] <replaceable class="parameter">extension_name
   </para>
 
   <para>
-   Loading an extension requires the same privileges that would be
-   required to create its component objects.  For most extensions this
-   means superuser or database owner privileges are needed.
+   Loading an extension ordinarily requires the same privileges that would be
+   required to create its component objects.  For many extensions this
+   means superuser privileges are needed.
    The user who runs <command>CREATE EXTENSION</command> becomes the
    owner of the extension for purposes of later privilege checks, as well
    as the owner of any objects created by the extension's script.
   </para>
 
+  <para>
+   However, if the extension is marked <firstterm>trustable</firstterm> in
+   its control file, and it is trusted by the local installation according
+   to the relevant configuration parameter
+   (<xref linkend="guc-trusted-extensions-dba"/> or
+   <xref linkend="guc-trusted-extensions-anyone"/>),
+   then it can be installed by a non-superuser.  In this case the extension
+   object itself will be owned by the calling user, but the contained
+   objects will be owned by the bootstrap superuser (unless the
+   extension's script explicitly assigns them to the calling user).
+   This configuration gives the calling user the right to drop the
+   extension, but not to modify individual objects within it.
+  </para>
+
  </refsect1>
 
  <refsect1>
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index ea4c85e..f3e4d43 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -317,7 +317,8 @@ CREATE VIEW pg_available_extensions AS
 
 CREATE VIEW pg_available_extension_versions AS
     SELECT E.name, E.version, (X.extname IS NOT NULL) AS installed,
-           E.superuser, E.relocatable, E.schema, E.requires, E.comment
+           E.superuser, E.trustable, E.relocatable,
+           E.schema, E.requires, E.comment
       FROM pg_available_extension_versions() AS E
            LEFT JOIN pg_extension AS X
              ON E.name = X.extname AND E.version = X.extversion;
diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
index f7202cc..257b4fc 100644
--- a/src/backend/commands/extension.c
+++ b/src/backend/commands/extension.c
@@ -40,6 +40,7 @@
 #include "catalog/indexing.h"
 #include "catalog/namespace.h"
 #include "catalog/objectaccess.h"
+#include "catalog/pg_authid.h"
 #include "catalog/pg_collation.h"
 #include "catalog/pg_depend.h"
 #include "catalog/pg_extension.h"
@@ -54,6 +55,7 @@
 #include "mb/pg_wchar.h"
 #include "miscadmin.h"
 #include "nodes/makefuncs.h"
+#include "regex/regex.h"
 #include "storage/fd.h"
 #include "tcop/utility.h"
 #include "utils/acl.h"
@@ -66,6 +68,10 @@
 #include "utils/varlena.h"
 
 
+/* GUC settings */
+char	   *trusted_extensions_dba;
+char	   *trusted_extensions_anyone;
+
 /* Globally visible state variables */
 bool		creating_extension = false;
 Oid			CurrentExtensionObject = InvalidOid;
@@ -84,6 +90,7 @@ typedef struct ExtensionControlFile
 	char	   *schema;			/* target schema (allowed if !relocatable) */
 	bool		relocatable;	/* is ALTER EXTENSION SET SCHEMA supported? */
 	bool		superuser;		/* must be superuser to install? */
+	bool		trustable;		/* allow becoming superuser on the fly? */
 	int			encoding;		/* encoding of the script file, or -1 */
 	List	   *requires;		/* names of prerequisite extensions */
 } ExtensionControlFile;
@@ -558,6 +565,14 @@ parse_extension_control_file(ExtensionControlFile *control,
 						 errmsg("parameter \"%s\" requires a Boolean value",
 								item->name)));
 		}
+		else if (strcmp(item->name, "trustable") == 0)
+		{
+			if (!parse_bool(item->value, &control->trustable))
+				ereport(ERROR,
+						(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+						 errmsg("parameter \"%s\" requires a Boolean value",
+								item->name)));
+		}
 		else if (strcmp(item->name, "encoding") == 0)
 		{
 			control->encoding = pg_valid_server_encoding(item->value);
@@ -614,6 +629,7 @@ read_extension_control_file(const char *extname)
 	control->name = pstrdup(extname);
 	control->relocatable = false;
 	control->superuser = true;
+	control->trustable = false;
 	control->encoding = -1;
 
 	/*
@@ -795,6 +811,76 @@ execute_sql_string(const char *sql)
 }
 
 /*
+ * Check if "str" matches the regular expression "pattern".
+ *
+ * XXX Perhaps we should put this somewhere else?
+ */
+static bool
+string_matches_regex(const char *str, const char *pattern)
+{
+	int			r;
+	pg_wchar   *wstr;
+	int			wlen;
+	regex_t		re;
+	char		errstr[100];
+
+	/* The regex library wants to deal in wchars not chars */
+	wstr = palloc((strlen(pattern) + 1) * sizeof(pg_wchar));
+	wlen = pg_mb2wchar_with_len(pattern, wstr, strlen(pattern));
+
+	r = pg_regcomp(&re, wstr, wlen, REG_ADVANCED, C_COLLATION_OID);
+	if (r)
+	{
+		/* This shouldn't really happen, since guc.c checked the value */
+		pg_regerror(r, &re, errstr, sizeof(errstr));
+		/* no need for pg_regfree here */
+		ereport(ERROR,
+				(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
+				 errmsg("invalid regular expression \"%s\": %s",
+						pattern, errstr)));
+	}
+	pfree(wstr);
+
+	wstr = palloc((strlen(str) + 1) * sizeof(pg_wchar));
+	wlen = pg_mb2wchar_with_len(str, wstr, strlen(str));
+
+	r = pg_regexec(&re, wstr, wlen, 0, NULL, 0, NULL, 0);
+	if (r != REG_OKAY && r != REG_NOMATCH)
+	{
+		pg_regerror(r, &re, errstr, sizeof(errstr));
+		pg_regfree(&re);
+		ereport(ERROR,
+				(errcode(ERRCODE_INVALID_REGULAR_EXPRESSION),
+				 errmsg("regular expression match for \"%s\" failed: %s",
+						pattern, errstr)));
+	}
+	pfree(wstr);
+
+	pg_regfree(&re);
+	return (r == REG_OKAY);
+}
+
+/*
+ * Policy function: is the given extension trusted for installation by a
+ * non-superuser?
+ */
+static bool
+extension_is_trusted(ExtensionControlFile *control)
+{
+	/* Never trust unless extension's control file says it's okay */
+	if (!control->trustable)
+		return false;
+	/* Database owner can install, if it matches appropriate GUC */
+	if (pg_database_ownercheck(MyDatabaseId, GetUserId()) &&
+		string_matches_regex(control->name, trusted_extensions_dba))
+		return true;
+	/* Anyone can install, if it matches that GUC */
+	if (string_matches_regex(control->name, trusted_extensions_anyone))
+		return true;
+	return false;
+}
+
+/*
  * Execute the appropriate script file for installing or updating the extension
  *
  * If from_version isn't NULL, it's an update
@@ -806,19 +892,24 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
 						 List *requiredSchemas,
 						 const char *schemaName, Oid schemaOid)
 {
+	bool		switch_to_superuser = false;
 	char	   *filename;
+	Oid			save_userid = 0;
+	int			save_sec_context = 0;
 	int			save_nestlevel;
 	StringInfoData pathbuf;
 	ListCell   *lc;
 
 	/*
-	 * Enforce superuser-ness if appropriate.  We postpone this check until
-	 * here so that the flag is correctly associated with the right script(s)
-	 * if it's set in secondary control files.
+	 * Enforce superuser-ness if appropriate.  We postpone these checks until
+	 * here so that the control flags are correctly associated with the right
+	 * script(s) if they happen to be set in secondary control files.
 	 */
 	if (control->superuser && !superuser())
 	{
-		if (from_version == NULL)
+		if (extension_is_trusted(control))
+			switch_to_superuser = true;
+		else if (from_version == NULL)
 			ereport(ERROR,
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 					 errmsg("permission denied to create extension \"%s\"",
@@ -835,6 +926,18 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
 	filename = get_extension_script_filename(control, from_version, version);
 
 	/*
+	 * If installing a trusted extension on behalf of a non-superuser, become
+	 * the bootstrap superuser.  (This switch will be cleaned up automatically
+	 * if the transaction aborts, as will the GUC changes below.)
+	 */
+	if (switch_to_superuser)
+	{
+		GetUserIdAndSecContext(&save_userid, &save_sec_context);
+		SetUserIdAndSecContext(BOOTSTRAP_SUPERUSERID,
+							   save_sec_context | SECURITY_LOCAL_USERID_CHANGE);
+	}
+
+	/*
 	 * Force client_min_messages and log_min_messages to be at least WARNING,
 	 * so that we won't spam the user with useless NOTICE messages from common
 	 * script actions like creating shell types.
@@ -907,6 +1010,22 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
 										CStringGetTextDatum("ng"));
 
 		/*
+		 * If the script uses @extowner@, substitute the calling username.
+		 */
+		if (strstr(c_sql, "@extowner@"))
+		{
+			Oid			uid = switch_to_superuser ? save_userid : GetUserId();
+			const char *userName = GetUserNameFromId(uid, false);
+			const char *qUserName = quote_identifier(userName);
+
+			t_sql = DirectFunctionCall3Coll(replace_text,
+											C_COLLATION_OID,
+											t_sql,
+											CStringGetTextDatum("@extowner@"),
+											CStringGetTextDatum(qUserName));
+		}
+
+		/*
 		 * If it's not relocatable, substitute the target schema name for
 		 * occurrences of @extschema@.
 		 *
@@ -957,6 +1076,12 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,
 	 * Restore the GUC variables we set above.
 	 */
 	AtEOXact_GUC(true, save_nestlevel);
+
+	/*
+	 * Restore authentication state if needed.
+	 */
+	if (switch_to_superuser)
+		SetUserIdAndSecContext(save_userid, save_sec_context);
 }
 
 /*
@@ -2117,8 +2242,8 @@ get_available_versions_for_extension(ExtensionControlFile *pcontrol,
 	{
 		ExtensionVersionInfo *evi = (ExtensionVersionInfo *) lfirst(lc);
 		ExtensionControlFile *control;
-		Datum		values[7];
-		bool		nulls[7];
+		Datum		values[8];
+		bool		nulls[8];
 		ListCell   *lc2;
 
 		if (!evi->installable)
@@ -2139,24 +2264,26 @@ get_available_versions_for_extension(ExtensionControlFile *pcontrol,
 		values[1] = CStringGetTextDatum(evi->name);
 		/* superuser */
 		values[2] = BoolGetDatum(control->superuser);
+		/* trustable */
+		values[3] = BoolGetDatum(control->trustable);
 		/* relocatable */
-		values[3] = BoolGetDatum(control->relocatable);
+		values[4] = BoolGetDatum(control->relocatable);
 		/* schema */
 		if (control->schema == NULL)
-			nulls[4] = true;
+			nulls[5] = true;
 		else
-			values[4] = DirectFunctionCall1(namein,
+			values[5] = DirectFunctionCall1(namein,
 											CStringGetDatum(control->schema));
 		/* requires */
 		if (control->requires == NIL)
-			nulls[5] = true;
+			nulls[6] = true;
 		else
-			values[5] = convert_requires_to_datum(control->requires);
+			values[6] = convert_requires_to_datum(control->requires);
 		/* comment */
 		if (control->comment == NULL)
-			nulls[6] = true;
+			nulls[7] = true;
 		else
-			values[6] = CStringGetTextDatum(control->comment);
+			values[7] = CStringGetTextDatum(control->comment);
 
 		tuplestore_putvalues(tupstore, tupdesc, values, nulls);
 
@@ -2184,16 +2311,18 @@ get_available_versions_for_extension(ExtensionControlFile *pcontrol,
 				values[1] = CStringGetTextDatum(evi2->name);
 				/* superuser */
 				values[2] = BoolGetDatum(control->superuser);
+				/* trustable */
+				values[3] = BoolGetDatum(control->trustable);
 				/* relocatable */
-				values[3] = BoolGetDatum(control->relocatable);
+				values[4] = BoolGetDatum(control->relocatable);
 				/* schema stays the same */
 				/* requires */
 				if (control->requires == NIL)
-					nulls[5] = true;
+					nulls[6] = true;
 				else
 				{
-					values[5] = convert_requires_to_datum(control->requires);
-					nulls[5] = false;
+					values[6] = convert_requires_to_datum(control->requires);
+					nulls[6] = false;
 				}
 				/* comment stays the same */
 
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 90ffd89..614d993 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -36,7 +36,9 @@
 #include "access/xlog_internal.h"
 #include "catalog/namespace.h"
 #include "catalog/pg_authid.h"
+#include "catalog/pg_collation.h"
 #include "commands/async.h"
+#include "commands/extension.h"
 #include "commands/prepare.h"
 #include "commands/user.h"
 #include "commands/vacuum.h"
@@ -65,6 +67,7 @@
 #include "postmaster/postmaster.h"
 #include "postmaster/syslogger.h"
 #include "postmaster/walwriter.h"
+#include "regex/regex.h"
 #include "replication/logicallauncher.h"
 #include "replication/slot.h"
 #include "replication/syncrep.h"
@@ -175,6 +178,7 @@ static bool check_ssl(bool *newval, void **extra, GucSource source);
 static bool check_stage_log_stats(bool *newval, void **extra, GucSource source);
 static bool check_log_stats(bool *newval, void **extra, GucSource source);
 static bool check_canonical_path(char **newval, void **extra, GucSource source);
+static bool check_regular_expression(char **newval, void **extra, GucSource source);
 static bool check_timezone_abbreviations(char **newval, void **extra, GucSource source);
 static void assign_timezone_abbreviations(const char *newval, void *extra);
 static void pg_timezone_abbrev_initialize(void);
@@ -4178,6 +4182,26 @@ static struct config_string ConfigureNamesString[] =
 	},
 
 	{
+		{"trusted_extensions_dba", PGC_SUSET, CLIENT_CONN_OTHER,
+			gettext_noop("Selects which trustable extensions may be installed by database owners."),
+			NULL
+		},
+		&trusted_extensions_dba,
+		"^pl",
+		check_regular_expression, NULL, NULL
+	},
+
+	{
+		{"trusted_extensions_anyone", PGC_SUSET, CLIENT_CONN_OTHER,
+			gettext_noop("Selects which trustable extensions may be installed by anyone."),
+			NULL
+		},
+		&trusted_extensions_anyone,
+		"^$",
+		check_regular_expression, NULL, NULL
+	},
+
+	{
 		{"wal_consistency_checking", PGC_SUSET, DEVELOPER_OPTIONS,
 			gettext_noop("Sets the WAL resource managers for which WAL consistency checks are done."),
 			gettext_noop("Full-page images will be logged for all data blocks and cross-checked against the results of WAL replay."),
@@ -11114,6 +11138,37 @@ check_canonical_path(char **newval, void **extra, GucSource source)
 	return true;
 }
 
+/* Check that the GUC's value is a valid regular expression. */
+static bool
+check_regular_expression(char **newval, void **extra, GucSource source)
+{
+	int			r;
+	pg_wchar   *wstr;
+	int			wlen;
+	regex_t		re;
+
+	if (!*newval)
+		return false;
+
+	/* The regex library wants to deal in wchars not chars */
+	wstr = palloc((strlen(*newval) + 1) * sizeof(pg_wchar));
+	wlen = pg_mb2wchar_with_len(*newval, wstr, strlen(*newval));
+
+	r = pg_regcomp(&re, wstr, wlen, REG_ADVANCED, C_COLLATION_OID);
+	if (r)
+	{
+		char		errstr[100];
+
+		pg_regerror(r, &re, errstr, sizeof(errstr));
+		GUC_check_errdetail("invalid regular expression: %s", errstr);
+		pfree(wstr);
+		return false;
+	}
+	pg_regfree(&re);
+	pfree(wstr);
+	return true;
+}
+
 static bool
 check_timezone_abbreviations(char **newval, void **extra, GucSource source)
 {
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index 39fc787..5caeb76 100644
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -682,6 +682,9 @@
 
 #dynamic_library_path = '$libdir'
 
+#trusted_extensions_dba = '^pl'		# exts installable by database owner
+#trusted_extensions_anyone = '^$'	# exts installable by anyone
+
 
 #------------------------------------------------------------------------------
 # LOCK MANAGEMENT
diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat
index b88e886..f2551e1 100644
--- a/src/include/catalog/pg_proc.dat
+++ b/src/include/catalog/pg_proc.dat
@@ -9431,9 +9431,9 @@
   proname => 'pg_available_extension_versions', procost => '10',
   prorows => '100', proretset => 't', provolatile => 's',
   prorettype => 'record', proargtypes => '',
-  proallargtypes => '{name,text,bool,bool,name,_name,text}',
-  proargmodes => '{o,o,o,o,o,o,o}',
-  proargnames => '{name,version,superuser,relocatable,schema,requires,comment}',
+  proallargtypes => '{name,text,bool,bool,bool,name,_name,text}',
+  proargmodes => '{o,o,o,o,o,o,o,o}',
+  proargnames => '{name,version,superuser,trustable,relocatable,schema,requires,comment}',
   prosrc => 'pg_available_extension_versions' },
 { oid => '3084', descr => 'list an extension\'s version update paths',
   proname => 'pg_extension_update_paths', procost => '10', prorows => '100',
diff --git a/src/include/commands/extension.h b/src/include/commands/extension.h
index 02fc17d..3a155eaf 100644
--- a/src/include/commands/extension.h
+++ b/src/include/commands/extension.h
@@ -18,6 +18,10 @@
 #include "nodes/parsenodes.h"
 
 
+/* GUC settings */
+extern char *trusted_extensions_dba;
+extern char *trusted_extensions_anyone;
+
 /*
  * creating_extension is only true while running a CREATE EXTENSION or ALTER
  * EXTENSION UPDATE command.  It instructs recordDependencyOnCurrentExtension()
diff --git a/src/test/regress/expected/rules.out b/src/test/regress/expected/rules.out
index 210e9cd..56b20f6 100644
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@@ -1311,11 +1311,12 @@ pg_available_extension_versions| SELECT e.name,
     e.version,
     (x.extname IS NOT NULL) AS installed,
     e.superuser,
+    e.trustable,
     e.relocatable,
     e.schema,
     e.requires,
     e.comment
-   FROM (pg_available_extension_versions() e(name, version, superuser, relocatable, schema, requires, comment)
+   FROM (pg_available_extension_versions() e(name, version, superuser, trustable, relocatable, schema, requires, comment)
      LEFT JOIN pg_extension x ON (((e.name = x.extname) AND (e.version = x.extversion))));
 pg_available_extensions| SELECT e.name,
     e.default_version,
