Fixes the following security issues (9.6.4):
CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs
For more info, see https://www.postgresql.org/about/news/1772/
[Peter: extend commit message with security fixes info]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 95e284bd27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
0e3334e25b