From e748064669f40a2dc9cf29b8518902620e47e2db Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 10 Feb 2025 18:16:25 -0500
Subject: [PATCH] Last-minute updates for release notes.

Security: CVE-2025-1094
---
 doc/src/sgml/release-14.sgml | 96 ++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)

diff --git a/doc/src/sgml/release-14.sgml b/doc/src/sgml/release-14.sgml
index 34f4b610a83..c4a44b59bc2 100644
--- a/doc/src/sgml/release-14.sgml
+++ b/doc/src/sgml/release-14.sgml
@@ -35,6 +35,102 @@
 
     <listitem>
 <!--
+Author: Andres Freund <andres@anarazel.de>
+Branch: master [5dc1e42b4] 2025-02-10 10:03:37 -0500
+Branch: REL_17_STABLE [43a77239d] 2025-02-10 10:03:38 -0500
+Branch: REL_16_STABLE [92e4170f4] 2025-02-10 10:03:39 -0500
+Branch: REL_15_STABLE [370c94d4c] 2025-02-10 10:03:39 -0500
+Branch: REL_14_STABLE [e0ef3d776] 2025-02-10 10:03:40 -0500
+Branch: REL_13_STABLE [c906bfe1b] 2025-02-10 10:03:40 -0500
+Branch: master [4dc289635] 2025-02-10 10:03:37 -0500
+Branch: REL_17_STABLE [7d43ca6fe] 2025-02-10 10:03:38 -0500
+Branch: REL_16_STABLE [6e05b195d] 2025-02-10 10:03:39 -0500
+Branch: REL_15_STABLE [703b3fd5d] 2025-02-10 10:03:39 -0500
+Branch: REL_14_STABLE [5bc33cbea] 2025-02-10 10:03:40 -0500
+Branch: REL_13_STABLE [db3eb0e82] 2025-02-10 10:03:40 -0500
+Branch: master [3e98c8ce5] 2025-02-10 10:03:37 -0500
+Branch: REL_17_STABLE [61ad93cdd] 2025-02-10 10:03:38 -0500
+Branch: REL_16_STABLE [56aa2dcdd] 2025-02-10 10:03:39 -0500
+Branch: REL_15_STABLE [b1756da75] 2025-02-10 10:03:39 -0500
+Branch: REL_14_STABLE [2ae54ae17] 2025-02-10 10:03:40 -0500
+Branch: REL_13_STABLE [5df4e1632] 2025-02-10 10:03:40 -0500
+Branch: master [ac00ff1c9] 2025-02-10 10:03:37 -0500
+Branch: REL_17_STABLE [02d4d87ac] 2025-02-10 10:03:38 -0500
+Branch: REL_16_STABLE [01784793f] 2025-02-10 10:03:39 -0500
+Branch: REL_15_STABLE [de4b92f33] 2025-02-10 10:03:39 -0500
+Branch: REL_14_STABLE [46ddf98df] 2025-02-10 10:03:40 -0500
+Branch: REL_13_STABLE [4ea3f5ef3] 2025-02-10 10:03:40 -0500
+Branch: master [979205e47] 2025-02-10 12:12:14 -0500
+Branch: REL_17_STABLE [05abb0f83] 2025-02-10 12:12:53 -0500
+Branch: REL_16_STABLE [41343f840] 2025-02-10 12:12:56 -0500
+Branch: REL_15_STABLE [a085fa731] 2025-02-10 12:12:58 -0500
+Branch: REL_14_STABLE [4a6825c76] 2025-02-10 12:12:59 -0500
+Branch: REL_13_STABLE [7beb2af5e] 2025-02-10 12:13:02 -0500
+Branch: REL_13_STABLE [00f1a1f66] 2025-02-10 10:03:40 -0500
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [5bf12323b] 2025-02-10 16:30:03 -0500
+Branch: REL_17_STABLE [85c1fcc65] 2025-02-10 16:30:31 -0500
+Branch: REL_16_STABLE [0075a5c6c] 2025-02-10 16:30:37 -0500
+Branch: REL_15_STABLE [9862de917] 2025-02-10 16:30:54 -0500
+Branch: REL_14_STABLE [e1f1b030d] 2025-02-10 16:31:01 -0500
+Branch: REL_13_STABLE [f9fceef6e] 2025-02-10 16:31:09 -0500
+-->
+     <para>
+      Harden <function>PQescapeString</function> and allied functions
+      against invalidly-encoded input strings (Andres Freund, Noah Misch)
+      <ulink url="&commit_baseurl;e0ef3d776">&sect;</ulink>
+      <ulink url="&commit_baseurl;5bc33cbea">&sect;</ulink>
+      <ulink url="&commit_baseurl;2ae54ae17">&sect;</ulink>
+      <ulink url="&commit_baseurl;46ddf98df">&sect;</ulink>
+      <ulink url="&commit_baseurl;4a6825c76">&sect;</ulink>
+      <ulink url="&commit_baseurl;e1f1b030d">&sect;</ulink>
+     </para>
+
+     <para>
+      Data-quoting functions supplied by <application>libpq</application>
+      now fully check the encoding validity of their input.  If invalid
+      characters are detected, they report an error if possible.  For the
+      ones that lack an error return convention, the output string is
+      adjusted to ensure that the server will report invalid encoding and
+      no intervening processing will be fooled by bytes that might happen
+      to match single quote, backslash, etc.
+     </para>
+
+     <para>
+      The purpose of this change is to guard against SQL-injection attacks
+      that are possible if one of these functions is used to quote crafted
+      input.  There is no hazard when the resulting string is sent
+      directly to a <productname>PostgreSQL</productname> server (which
+      would check its encoding anyway), but there is a risk when it is
+      passed through <application>psql</application> or other client-side
+      code.  Historically such code has not carefully vetted encoding, and
+      in many cases it's not clear what it should do if it did detect such
+      a problem.
+     </para>
+
+     <para>
+      This fix is effective only if the data-quoting function, the server,
+      and any intermediate processing agree on the character encoding
+      that's being used.  Applications that insert untrusted input into
+      SQL commands should take special care to ensure that that's true.
+     </para>
+
+     <para>
+      Applications and drivers that quote untrusted input without using
+      these <application>libpq</application> functions may be at risk of
+      similar problems.  They should first confirm the data is valid in
+      the encoding expected by the server.
+     </para>
+
+     <para>
+      The <productname>PostgreSQL</productname> Project thanks
+      Stephen Fewer for reporting this problem.
+      (CVE-2025-1094)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Tom Lane <tgl@sss.pgh.pa.us>
 Branch: master [34486b609] 2024-12-28 16:08:50 -0500
 Branch: REL_17_STABLE [15b4c46c3] 2024-12-28 16:08:50 -0500
-- 
2.39.5