From 2a08ab38d33021d92d8ee31d9e386da63c39424d Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 5 Feb 2018 14:43:40 -0500
Subject: [PATCH] Last-minute updates for release notes.
Security: CVE-2018-1052, CVE-2018-1053
---
doc/src/sgml/release-9.3.sgml | 22 ++++++++++++++++++++++
doc/src/sgml/release-9.4.sgml | 22 ++++++++++++++++++++++
doc/src/sgml/release-9.5.sgml | 22 ++++++++++++++++++++++
3 files changed, 66 insertions(+)
diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml
index 8be44e33f61..6d339db8d33 100644
--- a/doc/src/sgml/release-9.3.sgml
+++ b/doc/src/sgml/release-9.3.sgml
@@ -33,6 +33,28 @@
<itemizedlist>
+ <listitem>
+ <para>
+ Ensure that all temporary files made
+ by <application>pg_upgrade</application> are non-world-readable
+ (Tom Lane, Noah Misch)
+ </para>
+
+ <para>
+ <application>pg_upgrade</application> normally restricts its
+ temporary files to be readable and writable only by the calling user.
+ But the temporary file containing <literal>pg_dumpall -g</literal>
+ output would be group- or world-readable, or even writable, if the
+ user's <literal>umask</literal> setting allows. In typical usage on
+ multi-user machines, the <literal>umask</literal> and/or the working
+ directory's permissions would be tight enough to prevent problems;
+ but there may be people using <application>pg_upgrade</application>
+ in scenarios where this oversight would permit disclosure of database
+ passwords to unfriendly eyes.
+ (CVE-2018-1053)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix vacuuming of tuples that were updated while key-share locked
diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml
index 8817fea473d..da6cf38f70a 100644
--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@@ -33,6 +33,28 @@
<itemizedlist>
+ <listitem>
+ <para>
+ Ensure that all temporary files made
+ by <application>pg_upgrade</application> are non-world-readable
+ (Tom Lane, Noah Misch)
+ </para>
+
+ <para>
+ <application>pg_upgrade</application> normally restricts its
+ temporary files to be readable and writable only by the calling user.
+ But the temporary file containing <literal>pg_dumpall -g</literal>
+ output would be group- or world-readable, or even writable, if the
+ user's <literal>umask</literal> setting allows. In typical usage on
+ multi-user machines, the <literal>umask</literal> and/or the working
+ directory's permissions would be tight enough to prevent problems;
+ but there may be people using <application>pg_upgrade</application>
+ in scenarios where this oversight would permit disclosure of database
+ passwords to unfriendly eyes.
+ (CVE-2018-1053)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix vacuuming of tuples that were updated while key-share locked
diff --git a/doc/src/sgml/release-9.5.sgml b/doc/src/sgml/release-9.5.sgml
index aa5fa2c5c94..eb99e4b67e8 100644
--- a/doc/src/sgml/release-9.5.sgml
+++ b/doc/src/sgml/release-9.5.sgml
@@ -33,6 +33,28 @@
<itemizedlist>
+ <listitem>
+ <para>
+ Ensure that all temporary files made
+ by <application>pg_upgrade</application> are non-world-readable
+ (Tom Lane, Noah Misch)
+ </para>
+
+ <para>
+ <application>pg_upgrade</application> normally restricts its
+ temporary files to be readable and writable only by the calling user.
+ But the temporary file containing <literal>pg_dumpall -g</literal>
+ output would be group- or world-readable, or even writable, if the
+ user's <literal>umask</literal> setting allows. In typical usage on
+ multi-user machines, the <literal>umask</literal> and/or the working
+ directory's permissions would be tight enough to prevent problems;
+ but there may be people using <application>pg_upgrade</application>
+ in scenarios where this oversight would permit disclosure of database
+ passwords to unfriendly eyes.
+ (CVE-2018-1053)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix vacuuming of tuples that were updated while key-share locked
--
GitLab