From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 5 Feb 2018 19:43:40 +0000 (-0500)
Subject: Last-minute updates for release notes.
X-Git-Tag: REL_11_BETA1~820
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1eb5d43beed9d8cdc61377867f0a53eb2cfba0c4;p=thirdparty%2Fpostgresql.git

Last-minute updates for release notes.

Security: CVE-2018-1052, CVE-2018-1053
---

diff --git a/doc/src/sgml/release-10.sgml b/doc/src/sgml/release-10.sgml
index 3159f7a21fc..7b0fde2b93d 100644
--- a/doc/src/sgml/release-10.sgml
+++ b/doc/src/sgml/release-10.sgml
@@ -41,6 +41,55 @@
 
     <listitem>
 <!--
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [3492a0af0] 2018-02-05 10:37:30 -0500
+Branch: REL_10_STABLE [fe921a360] 2018-02-05 10:37:30 -0500
+-->
+     <para>
+      Fix processing of partition keys containing multiple expressions
+      (&Aacute;lvaro Herrera, David Rowley)
+     </para>
+
+     <para>
+      This error led to crashes or, with carefully crafted input, disclosure
+      of arbitrary backend memory.
+      (CVE-2018-1052)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [a926eb84e] 2018-02-05 10:58:27 -0500
+Branch: REL_10_STABLE [6ba52aeb2] 2018-02-05 10:58:27 -0500
+Branch: REL9_6_STABLE [1341e017d] 2018-02-05 10:58:27 -0500
+Branch: REL9_5_STABLE [17aa02368] 2018-02-05 10:58:27 -0500
+Branch: REL9_4_STABLE [c3456208d] 2018-02-05 10:58:27 -0500
+Branch: REL9_3_STABLE [9c59e48a2] 2018-02-05 10:58:27 -0500
+-->
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Andres Freund <andres@anarazel.de>
 Branch: master [9c2f0a6c3] 2017-12-14 18:20:47 -0800
 Branch: REL_10_STABLE [1224383e8] 2017-12-14 18:20:48 -0800
diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml
index 4f50bdf5e64..31972e5a6fc 100644
--- a/doc/src/sgml/release-9.3.sgml
+++ b/doc/src/sgml/release-9.3.sgml
@@ -33,6 +33,28 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix vacuuming of tuples that were updated while key-share locked
diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml
index 329e5ec0e68..c524271e902 100644
--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@@ -33,6 +33,28 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix vacuuming of tuples that were updated while key-share locked
diff --git a/doc/src/sgml/release-9.5.sgml b/doc/src/sgml/release-9.5.sgml
index 9d18de4be98..ab92fb01346 100644
--- a/doc/src/sgml/release-9.5.sgml
+++ b/doc/src/sgml/release-9.5.sgml
@@ -33,6 +33,28 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix vacuuming of tuples that were updated while key-share locked
diff --git a/doc/src/sgml/release-9.6.sgml b/doc/src/sgml/release-9.6.sgml
index 26025712bed..6d7a5009330 100644
--- a/doc/src/sgml/release-9.6.sgml
+++ b/doc/src/sgml/release-9.6.sgml
@@ -39,6 +39,28 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix vacuuming of tuples that were updated while key-share locked