Updated to 10.2

Author: vbwagner

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for PostgreSQL 10.1.
+# Generated by GNU Autoconf 2.69 for PostgreSQL 10.2.
 #
 # Report bugs to <bugs@postgrespro.ru>.
 #
@@ -11,8 +11,8 @@
 # This configure script is free software; the Free Software Foundation
 # gives unlimited permission to copy, distribute and modify it.
 #
-# Copyright (c) 1996-2017, PostgreSQL Global Development Group
-# Copyright (c) 2015-2017, Postgres Professional
+# Copyright (c) 1996-2018, PostgreSQL Global Development Group
+# Copyright (c) 2015-2018, Postgres Professional
 ## -------------------- ##
 ## M4sh Initialization. ##
 ## -------------------- ##
@@ -583,8 +583,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='PostgreSQL'
 PACKAGE_TARNAME='postgrespro'
-PACKAGE_VERSION='10.1'
-PACKAGE_STRING='PostgreSQL 10.1'
+PACKAGE_VERSION='10.2'
+PACKAGE_STRING='PostgreSQL 10.2'
 PACKAGE_BUGREPORT='bugs@postgrespro.ru'
 PACKAGE_URL=''
 
@@ -1429,7 +1429,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures PostgreSQL 10.1 to adapt to many kinds of systems.
+\`configure' configures PostgreSQL 10.2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1495,7 +1495,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of PostgreSQL 10.1:";;
+     short | recursive ) echo "Configuration of PostgreSQL 10.2:";;
    esac
   cat <<\_ACEOF
 
@@ -1656,15 +1656,15 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-PostgreSQL configure 10.1
+PostgreSQL configure 10.2
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
 
-Copyright (c) 1996-2017, PostgreSQL Global Development Group
-Copyright (c) 2015-2017, Postgres Professional
+Copyright (c) 1996-2018, PostgreSQL Global Development Group
+Copyright (c) 2015-2018, Postgres Professional
 _ACEOF
   exit
 fi
@@ -2368,7 +2368,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by PostgreSQL $as_me 10.1, which was
+It was created by PostgreSQL $as_me 10.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -17714,7 +17714,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by PostgreSQL $as_me 10.1, which was
+This file was extended by PostgreSQL $as_me 10.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -17784,7 +17784,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-PostgreSQL config.status 10.1
+PostgreSQL config.status 10.2
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.in

@@ -17,15 +17,15 @@ dnl Read the Autoconf manual for details.
 dnl
 m4_pattern_forbid(^PGAC_)dnl to catch undefined macros
 
-AC_INIT([PostgreSQL], [10.1], [bugs@postgrespro.ru], [postgrespro])
+AC_INIT([PostgreSQL], [10.2], [bugs@postgrespro.ru], [postgrespro])
 PACKAGE_TARNAME=postgrespro-enterprise
 
 m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required.
 Untested combinations of 'autoconf' and PostgreSQL versions are not
 recommended.  You can remove the check from 'configure.in' but it is then
 your responsibility whether the result works or not.])])
-AC_COPYRIGHT([Copyright (c) 1996-2017, PostgreSQL Global Development Group
-Copyright (c) 2015-2017, Postgres Professional])
+AC_COPYRIGHT([Copyright (c) 1996-2018, PostgreSQL Global Development Group
+Copyright (c) 2015-2018, Postgres Professional])
 AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c])
 AC_CONFIG_AUX_DIR(config)
 AC_PREFIX_DEFAULT(/usr/local/pgsql)

doc/bug.template

@@ -27,7 +27,7 @@ System Configuration:
 
   Operating System (example: Linux 2.4.18)	:
 
-  PostgreSQL version (example: PostgreSQL 10.1):  PostgreSQL 10.1
+  PostgreSQL version (example: PostgreSQL 10.2):  PostgreSQL 10.2
 
   Compiler used (example: gcc 3.3.5)		:
 

doc/src/sgml/release-10.sgml

@@ -41,6 +41,55 @@
 
     <listitem>
 <!--
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [3492a0af0] 2018-02-05 10:37:30 -0500
+Branch: REL_10_STABLE [fe921a360] 2018-02-05 10:37:30 -0500
+-->
+     <para>
+      Fix processing of partition keys containing multiple expressions
+      (&Aacute;lvaro Herrera, David Rowley)
+     </para>
+
+     <para>
+      This error led to crashes or, with carefully crafted input, disclosure
+      of arbitrary backend memory.
+      (CVE-2018-1052)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [a926eb84e] 2018-02-05 10:58:27 -0500
+Branch: REL_10_STABLE [6ba52aeb2] 2018-02-05 10:58:27 -0500
+Branch: REL9_6_STABLE [1341e017d] 2018-02-05 10:58:27 -0500
+Branch: REL9_5_STABLE [17aa02368] 2018-02-05 10:58:27 -0500
+Branch: REL9_4_STABLE [c3456208d] 2018-02-05 10:58:27 -0500
+Branch: REL9_3_STABLE [9c59e48a2] 2018-02-05 10:58:27 -0500
+-->
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Andres Freund <andres@anarazel.de>
 Branch: master [9c2f0a6c3] 2017-12-14 18:20:47 -0800
 Branch: REL_10_STABLE [1224383e8] 2017-12-14 18:20:48 -0800

doc/src/sgml/release-9.3.sgml

@@ -33,6 +33,28 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix vacuuming of tuples that were updated while key-share locked

doc/src/sgml/release-9.4.sgml

@@ -33,6 +33,28 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix vacuuming of tuples that were updated while key-share locked

doc/src/sgml/release-9.5.sgml

@@ -33,6 +33,28 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix vacuuming of tuples that were updated while key-share locked

doc/src/sgml/release-9.6.sgml

@@ -39,6 +39,28 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure that all temporary files made
+      by <application>pg_upgrade</application> are non-world-readable
+      (Tom Lane, Noah Misch)
+     </para>
+
+     <para>
+      <application>pg_upgrade</application> normally restricts its
+      temporary files to be readable and writable only by the calling user.
+      But the temporary file containing <literal>pg_dumpall -g</literal>
+      output would be group- or world-readable, or even writable, if the
+      user's <literal>umask</literal> setting allows.  In typical usage on
+      multi-user machines, the <literal>umask</literal> and/or the working
+      directory's permissions would be tight enough to prevent problems;
+      but there may be people using <application>pg_upgrade</application>
+      in scenarios where this oversight would permit disclosure of database
+      passwords to unfriendly eyes.
+      (CVE-2018-1053)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix vacuuming of tuples that were updated while key-share locked

src/backend/nls.mk

@@ -1,6 +1,6 @@
 # src/backend/nls.mk
 CATALOG_NAME     = postgres
-AVAIL_LANGUAGES  = de es fr it ko pl ru zh_CN
+AVAIL_LANGUAGES  = de es fr it ko pl ru sv tr zh_CN
 GETTEXT_FILES    = + gettext-files
 GETTEXT_TRIGGERS = $(BACKEND_COMMON_GETTEXT_TRIGGERS) \
     GUC_check_errmsg GUC_check_errdetail GUC_check_errhint \