+
+
Release 9.3.20
+
+
+
Release date:
+
+
+ This release contains a variety of fixes from 9.3.19.
+ For information about new features in the 9.3 major release, see
+ .
+
+
+
+
Migration to Version 9.3.20
+
+ A dump/restore is not required for those running 9.3.X.
+
+
+ However, if you are upgrading from a version earlier than 9.3.18,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+ Properly reject attempts to convert infinite float values to
+ type numeric (Tom Lane, KaiGai Kohei)
+
+
+ Previously the behavior was platform-dependent.
+
+
+
+
+ Fix corner-case crashes when columns have been added to the end of a
+ view (Tom Lane)
+
+
+
+
+ Record proper dependencies when a view or rule
+ contains FieldSelect
+ or FieldStore expression nodes (Tom Lane)
+
+
+ Lack of these dependencies could allow a column or data
+ type DROP to go through when it ought to fail,
+ thereby causing later uses of the view or rule to get errors.
+ This patch does not do anything to protect existing views/rules,
+ only ones created in the future.
+
+
+
+
+ Correctly detect hashability of range data types (Tom Lane)
+
+
+ The planner mistakenly assumed that any range type could be hashed
+ for use in hash joins or hash aggregation, but actually it must check
+ whether the range's subtype has hash support. This does not affect any
+ of the built-in range types, since they're all hashable anyway.
+
+
+
+
+ Fix low-probability loss of NOTIFY messages due to
+ XID wraparound (Marko Tiikkaja, Tom Lane)
+
+
+ If a session executed no queries, but merely listened for
+ notifications, for more than 2 billion transactions, it started to miss
+ some notifications from concurrently-committing transactions.
+
+
+
+
+ Prevent low-probability crash in processing of nested trigger firings
+ (Tom Lane)
+
+
+
+
+ Correctly restore the umask setting when file creation fails
+ in COPY or lo_export()
+ (Peter Eisentraut)
+
+
+
+
+ Give a better error message for duplicate column names
+ in ANALYZE (Nathan Bossart)
+
+
+
+
+ Fix mis-parsing of the last line in a
+ non-newline-terminated pg_hba.conf file
+ (Tom Lane)
+
+
+
+
+ Fix
libpq to not require user's home
+ directory to exist (Tom Lane)
+
+
+ In v10, failure to find the home directory while trying to
+ read ~/.pgpass was treated as a hard error,
+ but it should just cause that file to not be found. Both v10 and
+ previous release branches made the same mistake when
+ reading ~/.pg_service.conf , though this was less
+ obvious since that file is not sought unless a service name is
+ specified.
+
+
+
+
+ Fix
libpq to guard against integer
+ overflow in the row count of a PGresult
+ (Michael Paquier)
+
+
+
+
+ Fix
ecpg 's handling of out-of-scope cursor
+ declarations with pointer or array variables (Michael Meskes)
+
+
+
+
+ Make ecpglib's Informix-compatibility mode ignore fractional digits in
+ integer input strings, as expected (Gao Zengqi, Michael Meskes)
+
+
+
+
+ Sync our copy of the timezone library with IANA release tzcode2017c
+ (Tom Lane)
+
+
+ This fixes various issues; the only one likely to be user-visible
+ is that the default DST rules for a POSIX-style zone name, if
+ no posixrules file exists in the timezone data
+ directory, now match current US law rather than what it was a dozen
+ years ago.
+
+
+
+
+ Update time zone data files to
tzdata + release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus,
+ Sudan, Tonga, and Turks & Caicos Islands, plus historical
+ corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland,
+ Namibia, and Pago Pago.
+
+
+
+
+
+
+
+
Release 9.3.19
Show foreign tables
- in information_schema>.table_privileges>
+ in information_schemastructname>.table_privileges>
view (Peter Eisentraut)
- All other relevant information_schema views include
+ All other relevant information_schemastructname> views include
foreign tables, but this one ignored them.
- Since this view definition is installed by
initdb, + Since this view definition is installed by
initdbapplication>, merely upgrading will not fix the problem. If you need to fix this
in an existing installation, you can, as a superuser, do this
SET search_path TO information_schema;
CREATE OR REPLACE VIEW table_privileges AS
OR grantee.rolname = 'PUBLIC');
This must be repeated in each database to be fixed,
- including template0.
+ including template0literal>.
Clean up handling of a fatal exit (e.g., due to receipt
- of SIGTERM) that occurs while trying to execute
- a ROLLBACK of a failed transaction (Tom Lane)
+ of SIGTERMsystemitem>) that occurs while trying to execute
+ a ROLLBACKcommand> of a failed transaction (Tom Lane)
This situation could result in an assertion failure. In production
builds, the exit would still occur, but it would log an unexpected
- message about cannot drop active portal.
+ message about cannot drop active portalquote>.
- Certain ALTER commands that change the definition of a
+ Certain ALTERcommand> commands that change the definition of a
composite type or domain type are supposed to fail if there are any
stored values of that type in the database, because they lack the
infrastructure needed to update or check such values. Previously,
- Fix crash in
pg_restore when using parallel mode and + Fix crash in
pg_restoreapplication> when using parallel mode and using a list file to select a subset of items to restore
(Fabrízio de Royes Mello)
- Change
ecpg>'s parser to allow RETURNING> + Change
ecpgapplication>'s parser to allow RETURNING> clauses without attached C variables (Michael Meskes)
- This allows
ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE)
+ This allows
ecpgapplication> programs to contain SQL constructs + that use RETURNINGliteral> internally (for example, inside a CTE)
rather than using it to define values to be returned to the client.
This fix avoids possible crashes of PL/Perl due to inconsistent
- assumptions about the width of time_t values.
+ assumptions about the width of time_ttype> values.
A side-effect that may be visible to extension developers is
- that _USE_32BIT_TIME_T is no longer defined globally
- in
PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used
- in any
PostgreSQL API definitions. + that _USE_32BIT_TIME_Tliteral> is no longer defined globally
+ in
PostgreSQLproductname> Windows builds. This is not expected + to cause problems, because type time_ttype> is not used
+ in any
PostgreSQLproductname> API definitions.
Further restrict visibility
- of pg_user_mappings>.umoptions>, to
+ of pg_user_mappingsstructname>.umoptions>, to
protect passwords stored as user mapping options
(Noah Misch)
The fix for CVE-2017-7486 was incorrect: it allowed a user
to see the options in her own user mapping, even if she did not
- have USAGE permission on the associated foreign server.
+ have USAGEliteral> permission on the associated foreign server.
Such options might include a password that had been provided by the
server owner rather than the user herself.
- Since information_schema.user_mapping_options does not
- show the options in such cases, pg_user_mappings
+ Since information_schema.user_mapping_optionsstructname> does not
+ show the options in such cases, pg_user_mappingsstructname>
should not either.
(CVE-2017-7547)
Restart the postmaster after adding allow_system_table_mods
- = true> to postgresql.conf>. (In versions
- supporting ALTER SYSTEM, you can use that to make the
+ = trueliteral> to postgresql.conf>. (In versions
+ supporting ALTER SYSTEMcommand>, you can use that to make the
configuration change, but you'll still need a restart.)
- In each database of the cluster,
+ In eachemphasis> database of the cluster,
run the following commands as superuser:
SET search_path = pg_catalog;
- Do not forget to include the template0
- and template1 databases, or the vulnerability will still
- exist in databases you create later. To fix template0,
+ Do not forget to include the template0literal>
+ and template1literal> databases, or the vulnerability will still
+ exist in databases you create later. To fix template0literal>,
you'll need to temporarily make it accept connections.
- In
PostgreSQL 9.5 and later, you can use + In
PostgreSQLproductname> 9.5 and later, you can use ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
- and then after fixing template0, undo that with
+ and then after fixing template0literal>, undo that with
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
- Finally, remove the allow_system_table_mods configuration
+ Finally, remove the allow_system_table_modsliteral> configuration
setting, and again restart the postmaster.
-
libpq ignores empty password specifications, and does +
libpqapplication> ignores empty password specifications, and does not transmit them to the server. So, if a user's password has been
set to the empty string, it's impossible to log in with that password
- via
psql> or other libpq>-based + via
psqlapplication> or other libpq>-based clients. An administrator might therefore believe that setting the
password to empty is equivalent to disabling password login.
- However, with a modified or non-
libpq-based client, + However, with a modified or non-
libpqapplication>-based client, logging in could be possible, depending on which authentication
method is configured. In particular the most common
- method, md5, accepted empty passwords.
+ method, md5literal>, accepted empty passwords.
Change the server to reject empty passwords in all cases.
(CVE-2017-7546)
Fix possible creation of an invalid WAL segment when a standby is
- promoted just after it processes an XLOG_SWITCH WAL
+ promoted just after it processes an XLOG_SWITCHliteral> WAL
record (Andres Freund)
- Fix SIGHUP> and SIGUSR1> handling in
+ Fix SIGHUPsystemitem> and SIGUSR1> handling in
walsender processes (Petr Jelinek, Andres Freund)
- Fix unnecessarily slow restarts of
walreceiver + Fix unnecessarily slow restarts of
walreceiverapplication> processes due to race condition in postmaster (Tom Lane)
- Fix cases where an INSERT> or UPDATE> assigns
+ Fix cases where an INSERTcommand> or UPDATE> assigns
to more than one element of a column that is of domain-over-array
type (Tom Lane)
- Allow window functions to be used in sub-SELECTs that
+ Allow window functions to be used in sub-SELECTliteral>s that
are within the arguments of an aggregate function (Tom Lane)
Move autogenerated array types out of the way during
- ALTER ... RENAME (Vik Fearing)
+ ALTER ... RENAMEcommand> (Vik Fearing)
Previously, we would rename a conflicting autogenerated array type
- out of the way during CREATE; this fix extends that
+ out of the way during CREATEcommand>; this fix extends that
behavior to renaming operations.
- Ensure that ALTER USER ... SET accepts all the syntax
- variants that ALTER ROLE ... SET does (Peter Eisentraut)
+ Ensure that ALTER USER ... SETcommand> accepts all the syntax
+ variants that ALTER ROLE ... SETcommand> does (Peter Eisentraut)
Properly update dependency info when changing a datatype I/O
- function's argument or return type from opaque to the
+ function's argument or return type from opaquetype> to the
correct type (Heikki Linnakangas)
- CREATE TYPE updates I/O functions declared in this
+ CREATE TYPEcommand> updates I/O functions declared in this
long-obsolete style, but it forgot to record a dependency on the
- type, allowing a subsequent DROP TYPE to leave broken
+ type, allowing a subsequent DROP TYPEcommand> to leave broken
function definitions behind.
- Reduce memory usage when ANALYZE processes
- a tsvector column (Heikki Linnakangas)
+ Reduce memory usage when ANALYZEcommand> processes
+ a tsvectortype> column (Heikki Linnakangas)
Fix unnecessary precision loss and sloppy rounding when multiplying
- or dividing money values by integers or floats (Tom Lane)
+ or dividing moneytype> values by integers or floats (Tom Lane)
Tighten checks for whitespace in functions that parse identifiers,
- such as regprocedurein() (Tom Lane)
+ such as regprocedurein()function> (Tom Lane)
- Use relevant #define symbols from Perl while
- compiling
PL/Perl (Ashutosh Sharma, Tom Lane) + Use relevant #defineliteral> symbols from Perl while
+ compiling
PL/Perlapplication> (Ashutosh Sharma, Tom Lane)
This avoids portability problems, typically manifesting as
- a handshake mismatch during library load, when working with
+ a handshakequote> mismatch during library load, when working with
recent Perl versions.
- In
libpq, reset GSS/SASL and SSPI authentication + In
libpqapplication>, reset GSS/SASL and SSPI authentication state properly after a failed connection attempt (Michael Paquier)
- In
psql>, fix failure when COPY FROM STDIN> + In
psqlapplication>, fix failure when COPY FROM STDIN> is ended with a keyboard EOF signal and then another COPY
- FROM STDIN is attempted (Thomas Munro)
+ FROM STDINcommand> is attempted (Thomas Munro)
- Fix
pg_dump> and pg_restore> to - emit REFRESH MATERIALIZED VIEW commands last (Tom Lane)
+ Fix
pg_dumpapplication> and pg_restore> to + emit REFRESH MATERIALIZED VIEWcommand> commands last (Tom Lane)
- Fix
pg_dump> with the --clean> option to + Fix
pg_dumpapplication> with the --clean> option to drop event triggers as expected (Tom Lane)
- Fix
pg_dump to not emit invalid SQL for an empty + Fix
pg_dumpapplication> to not emit invalid SQL for an empty operator class (Daniel Gustafsson)
- Fix
pg_dump output to stdout on Windows (Kuntal Ghosh) + Fix
pg_dumpapplication> output to stdout on Windows (Kuntal Ghosh)
- Fix pg_get_ruledef() to print correct output for
- the ON SELECT rule of a view whose columns have been
+ Fix pg_get_ruledef()function> to print correct output for
+ the ON SELECTliteral> rule of a view whose columns have been
renamed (Tom Lane)
- In some corner cases,
pg_dump relies - on pg_get_ruledef() to dump views, so that this error
+ In some corner cases,
pg_dumpapplication> relies + on pg_get_ruledef()function> to dump views, so that this error
could result in dump/reload failures.
Fix dumping of outer joins with empty constraints, such as the result
- of a NATURAL LEFT JOIN with no common columns (Tom Lane)
+ of a NATURAL LEFT JOINliteral> with no common columns (Tom Lane)
- Fix dumping of function expressions in the FROM clause in
+ Fix dumping of function expressions in the FROMliteral> clause in
cases where the expression does not deparse into something that looks
like a function call (Tom Lane)
- Fix
pg_basebackup output to stdout on Windows + Fix
pg_basebackupapplication> output to stdout on Windows (Haribabu Kommi)
- Fix
pg_upgrade to ensure that the ending WAL record - does not have = minimum
+ Fix
pg_upgradeapplication> to ensure that the ending WAL record + does not have = minimumliteral>
(Bruce Momjian)
- In postgres_fdw, re-establish connections to remote
- servers after ALTER SERVER or ALTER USER
- MAPPING commands (Kyotaro Horiguchi)
+ In postgres_fdwfilename>, re-establish connections to remote
+ servers after ALTER SERVERcommand> or ALTER USER
+ MAPPINGcommand> commands (Kyotaro Horiguchi)
- In postgres_fdw, allow cancellation of remote
+ In postgres_fdwfilename>, allow cancellation of remote
transaction control commands (Robert Haas, Rafia Sabih)
- Always use -fPIC>, not -fpic>, when building
+ Always use -fPICoption>, not -fpic>, when building
shared libraries with gcc (Tom Lane)
- In MSVC builds, handle the case where the
openssl - library is not within a VC subdirectory (Andrew Dunstan)
+ In MSVC builds, handle the case where the
opensslapplication> + library is not within a VCfilename> subdirectory (Andrew Dunstan)
- In MSVC builds, add proper include path for
libxml2 + In MSVC builds, add proper include path for
libxml2application> header files (Andrew Dunstan)
This fixes a former need to move things around in standard Windows
- installations of
libxml2. + installations of
libxml2application>.
In MSVC builds, recognize a Tcl library that is
- named tcl86.lib (Noah Misch)
+ named tcl86.libfilename> (Noah Misch)
Restrict visibility
- of pg_user_mappings>.umoptions>, to
+ of pg_user_mappingsstructname>.umoptions>, to
protect passwords stored as user mapping options
(Michael Paquier, Feike Steenbergen)
The previous coding allowed the owner of a foreign server object,
- or anyone he has granted server USAGE permission to,
+ or anyone he has granted server USAGEliteral> permission to,
to see the options for all user mappings associated with that server.
This might well include passwords for other users.
Adjust the view definition to match the behavior of
- information_schema.user_mapping_options, namely that
+ information_schema.user_mapping_optionsstructname>, namely that
these options are visible to the user being mapped, or if the mapping
is for PUBLIC and the current user is the server
owner, or if the current user is a superuser.
Some selectivity estimation functions in the planner will apply
user-defined operators to values obtained
- from pg_statistic, such as most common values and
+ from pg_statisticstructname>, such as most common values and
histogram entries. This occurs before table permissions are checked,
so a nefarious user could exploit the behavior to obtain these values
for table columns he does not have permission to read. To fix,
- Restore
libpq's recognition of - the PGREQUIRESSL environment variable (Daniel Gustafsson)
+ Restore
libpqapplication>'s recognition of + the PGREQUIRESSLenvar> environment variable (Daniel Gustafsson)
Processing of this environment variable was unintentionally dropped
- in
PostgreSQL 9.3, but its documentation remained. + in
PostgreSQLproductname> 9.3, but its documentation remained. This creates a security hazard, since users might be relying on the
environment variable to force SSL-encrypted connections, but that
would no longer be guaranteed. Restore handling of the variable,
- but give it lower priority than PGSSLMODE, to avoid
+ but give it lower priority than PGSSLMODEenvar>, to avoid
breaking configurations that work correctly with post-9.3 code.
(CVE-2017-7485)
- Fix possible corruption of init forks of unlogged indexes
+ Fix possible corruption of init forksquote> of unlogged indexes
(Robert Haas, Michael Paquier)
- Fix incorrect reconstruction of pg_subtrans entries
+ Fix incorrect reconstruction of pg_subtransstructname> entries
when a standby server replays a prepared but uncommitted two-phase
transaction (Tom Lane)
In most cases this turned out to have no visible ill effects, but in
corner cases it could result in circular references
- in pg_subtrans, potentially causing infinite loops
+ in pg_subtransstructname>, potentially causing infinite loops
in queries that examine rows modified by the two-phase transaction.
Due to lack of a cache flush step between commands in an extension
script file, non-utility queries might not see the effects of an
immediately preceding catalog change, such as ALTER TABLE
- ... RENAME.
+ ... RENAMEcommand>.
Skip tablespace privilege checks when ALTER TABLE ... ALTER
- COLUMN TYPE rebuilds an existing index (Noah Misch)
+ COLUMN TYPEcommand> rebuilds an existing index (Noah Misch)
The command failed if the calling user did not currently have
- CREATE privilege for the tablespace containing the index.
+ CREATEliteral> privilege for the tablespace containing the index.
That behavior seems unhelpful, so skip the check, allowing the
index to be rebuilt where it is.
- Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse
- to child tables when the constraint is marked NO INHERIT
+ Fix ALTER TABLE ... VALIDATE CONSTRAINTcommand> to not recurse
+ to child tables when the constraint is marked NO INHERITliteral>
(Amit Langote)
- This fix prevents unwanted constraint does not exist failures
+ This fix prevents unwanted constraint does not existquote> failures
when no matching constraint is present in the child tables.
- Fix VACUUM to account properly for pages that could not
+ Fix VACUUMcommand> to account properly for pages that could not
be scanned due to conflicting page pins (Andrew Gierth)
This tended to lead to underestimation of the number of tuples in
the table. In the worst case of a small heavily-contended
- table, VACUUM could incorrectly report that the table
+ table, VACUUMcommand> could incorrectly report that the table
contained no tuples, leading to very bad planning choices.
- Fix cursor_to_xml() to produce valid output
- with tableforest = false
+ Fix cursor_to_xml()function> to produce valid output
+ with tableforestreplaceable> = false
(Thomas Munro, Peter Eisentraut)
- Previously it failed to produce a wrapping <table>
+ Previously it failed to produce a wrapping <table>literal>
element.
- Improve performance of pg_timezone_names view
+ Improve performance of pg_timezone_namesstructname> view
(Tom Lane, David Rowley)
- Fix sloppy handling of corner-case errors from lseek()
- and close() (Tom Lane)
+ Fix sloppy handling of corner-case errors from lseek()function>
+ and close()function> (Tom Lane)
Neither of these system calls are likely to fail in typical situations,
- but if they did, fd.c could get quite confused.
+ but if they did, fd.cfilename> could get quite confused.
- Fix
ecpg> to support COMMIT PREPARED> - and ROLLBACK PREPARED (Masahiko Sawada)
+ Fix
ecpgapplication> to support COMMIT PREPARED> + and ROLLBACK PREPAREDcommand> (Masahiko Sawada)
Fix a double-free error when processing dollar-quoted string literals
- in
ecpg (Michael Meskes) + in
ecpgapplication> (Michael Meskes)
- In
pg_dump, fix incorrect schema and owner marking for + In
pg_dumpapplication>, fix incorrect schema and owner marking for comments and security labels of some types of database objects
(Giuseppe Broccolo, Tom Lane)
- Avoid emitting an invalid list file in pg_restore -l
+ Avoid emitting an invalid list file in pg_restore -lliteral>
when SQL object names contain newlines (Tom Lane)
Replace newlines by spaces, which is sufficient to make the output
- valid for pg_restore -L's purposes.
+ valid for pg_restore -Lliteral>'s purposes.
- Fix
pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost)
+ Fix
pg_upgradeapplication> to transfer comments and security labels + attached to large objectsquote> (blobs) (Stephen Frost)
Improve error handling
- in contrib/adminpack>'s pg_file_write()>
+ in contrib/adminpackfilename>'s pg_file_write()>
function (Noah Misch)
Notably, it failed to detect errors reported
- by fclose().
+ by fclose()function>.
- In contrib/dblink, avoid leaking the previous unnamed
+ In contrib/dblinkfilename>, avoid leaking the previous unnamed
connection when establishing a new unnamed connection (Joe Conway)
- Fix contrib/pg_trgm's extraction of trigrams from regular
+ Fix contrib/pg_trgmfilename>'s extraction of trigrams from regular
expressions (Tom Lane)
- In contrib/postgres_fdw,
+ In contrib/postgres_fdwfilename>,
transmit query cancellation requests to the remote server
(Michael Paquier, Etsuro Fujita)
- Update time zone data files to
tzdata release 2017b + Update time zone data files to
tzdataapplication> release 2017b for DST law changes in Chile, Haiti, and Mongolia, plus historical
corrections for Ecuador, Kazakhstan, Liberia, and Spain.
Switch to numeric abbreviations for numerous time zones in South
or no currency among the local population. They are in process of
reversing that policy in favor of using numeric UTC offsets in zones
where there is no evidence of real-world use of an English
- abbreviation. At least for the time being,
PostgreSQL + abbreviation. At least for the time being,
PostgreSQLproductname> will continue to accept such removed abbreviations for timestamp input.
- But they will not be shown in the pg_timezone_names
+ But they will not be shown in the pg_timezone_namesstructname>
view nor used for output.
The Microsoft MSVC build scripts neglected to install
- the posixrules file in the timezone directory tree.
+ the posixrulesfilename> file in the timezone directory tree.
This resulted in the timezone code falling back to its built-in
rule about what DST behavior to assume for a POSIX-style time zone
name. For historical reasons that still corresponds to the DST rules
the USA was using before 2007 (i.e., change on first Sunday in April
and last Sunday in October). With this fix, a POSIX-style zone name
will use the current and historical DST transition dates of
- the US/Eastern zone. If you don't want that, remove
- the posixrules file, or replace it with a copy of some
+ the US/Easternliteral> zone. If you don't want that, remove
+ the posixrulesfilename> file, or replace it with a copy of some
other zone file (see ). Note that
due to caching, you may need to restart the server to get such changes
to take effect.
Fix a race condition that could cause indexes built
- with CREATE INDEX CONCURRENTLY to be corrupt
+ with CREATE INDEX CONCURRENTLYcommand> to be corrupt
(Pavan Deolasee, Tom Lane)
- If CREATE INDEX CONCURRENTLY was used to build an index
+ If CREATE INDEX CONCURRENTLYcommand> was used to build an index
that depends on a column not previously indexed, then rows
updated by transactions that ran concurrently with
- the CREATE INDEX command could have received incorrect
+ the CREATE INDEXcommand> command could have received incorrect
index entries. If you suspect this may have happened, the most
reliable solution is to rebuild affected indexes after installing
this update.
- Unconditionally WAL-log creation of the init fork for an
+ Unconditionally WAL-log creation of the init forkquote> for an
unlogged table (Michael Paquier)
Previously, this was skipped when
- = minimal, but actually it's necessary even in that case
+ = minimalliteral>, but actually it's necessary even in that case
to ensure that the unlogged table is properly reset to empty after a
crash.
- Make sure ALTER TABLE preserves index tablespace
+ Make sure ALTER TABLEcommand> preserves index tablespace
assignments when rebuilding indexes (Tom Lane, Michael Paquier)
- This avoids could not find trigger NNN
- or relation NNN has no triggers
errors.
+ This avoids could not find trigger NNNreplaceable>
+ or relation NNNreplaceable> has no triggers
errors.
Fix processing of OID column when a table with OIDs is associated to
- a parent with OIDs via ALTER TABLE ... INHERIT (Amit
+ a parent with OIDs via ALTER TABLE ... INHERITcommand> (Amit
Langote)
Report correct object identity during ALTER TEXT SEARCH
- CONFIGURATION (Artur Zakirov)
+ CONFIGURATIONcommand> (Artur Zakirov)
- Prevent multicolumn expansion of foo>.*> in
- an UPDATE source expression (Tom Lane)
+ Prevent multicolumn expansion of fooreplaceable>.*> in
+ an UPDATEcommand> source expression (Tom Lane)
This led to UPDATE target count mismatch --- internal
- error. Now the syntax is understood as a whole-row variable,
+ errorquote>. Now the syntax is understood as a whole-row variable,
as it would be in other contexts.
Ensure that column typmods are determined accurately for
- multi-row VALUES constructs (Tom Lane)
+ multi-row VALUESliteral> constructs (Tom Lane)
This fixes problems occurring when the first value in a column has a
- determinable typmod (e.g., length for a varchar value) but
+ determinable typmod (e.g., length for a varchartype> value) but
later values don't share the same limit.
Normally, a Unicode surrogate leading character must be followed by a
Unicode surrogate trailing character, but the check for this was
missed if the leading character was the last character in a Unicode
- string literal (U&'...') or Unicode identifier
- (U&"...").
+ string literal (U&'...'literal>) or Unicode identifier
+ (U&"..."literal>).
Ensure that a purely negative text search query, such
- as !foo>, matches empty tsvector>s (Tom Dunstan)
+ as !fooliteral>, matches empty tsvector>s (Tom Dunstan)
- Prevent crash when ts_rewrite() replaces a non-top-level
+ Prevent crash when ts_rewrite()function> replaces a non-top-level
subtree with an empty query (Artur Zakirov)
- Fix performance problems in ts_rewrite() (Tom Lane)
+ Fix performance problems in ts_rewrite()function> (Tom Lane)
- Fix ts_rewrite()'s handling of nested NOT operators
+ Fix ts_rewrite()function>'s handling of nested NOT operators
(Tom Lane)
- Fix array_fill() to handle empty arrays properly (Tom Lane)
+ Fix array_fill()function> to handle empty arrays properly (Tom Lane)
- Fix one-byte buffer overrun in quote_literal_cstr()
+ Fix one-byte buffer overrun in quote_literal_cstr()function>
(Heikki Linnakangas)
- Prevent multiple calls of pg_start_backup()
- and pg_stop_backup() from running concurrently (Michael
+ Prevent multiple calls of pg_start_backup()function>
+ and pg_stop_backup()function> from running concurrently (Michael
Paquier)
- Avoid discarding interval>-to-interval> casts
+ Avoid discarding intervaltype>-to-interval> casts
that aren't really no-ops (Tom Lane)
In some cases, a cast that should result in zeroing out
- low-order interval fields was mistakenly deemed to be a
+ low-order intervaltype> fields was mistakenly deemed to be a
no-op and discarded. An example is that casting from INTERVAL
- MONTH> to INTERVAL YEAR> failed to clear the months field.
+ MONTHtype> to INTERVAL YEAR> failed to clear the months field.
- Fix
pg_dump to dump user-defined casts and transforms + Fix
pg_dumpapplication> to dump user-defined casts and transforms that use built-in functions (Stephen Frost)
- Fix possible
pg_basebackup failure on standby + Fix possible
pg_basebackupapplication> failure on standby server when including WAL files (Amit Kapila, Robert Haas)
- Fix PL/Tcl to support triggers on tables that have .tupno
+ Fix PL/Tcl to support triggers on tables that have .tupnoliteral>
as a column name (Tom Lane)
This matches the (previously undocumented) behavior of
- PL/Tcl's spi_exec> and spi_execp> commands,
- namely that a magic .tupno column is inserted only if
+ PL/Tcl's spi_execcommand> and spi_execp> commands,
+ namely that a magic .tupnoliteral> column is inserted only if
there isn't a real column named that.
- Allow DOS-style line endings in ~/.pgpass files,
+ Allow DOS-style line endings in ~/.pgpassfilename> files,
even on Unix (Vik Fearing)
- Fix one-byte buffer overrun if
ecpg is given a file + Fix one-byte buffer overrun if
ecpgapplication> is given a file name that ends with a dot (Takayuki Tsunakawa)
- Fix
psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost)
+ Fix
psqlapplication>'s tab completion for ALTER DEFAULT + PRIVILEGEScommand> (Gilles Darold, Stephen Frost)
- In
psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no
- pager (Tom Lane)
+ In
psqlapplication>, treat an empty or all-blank setting of + the PAGERenvar> environment variable as meaning no
+ pagerquote> (Tom Lane)
- Improve contrib/dblink's reporting of
- low-level
libpq errors, such as out-of-memory + Improve contrib/dblinkfilename>'s reporting of
+ low-level
libpqapplication> errors, such as out-of-memory (Joe Conway)
- Teach contrib/dblink to ignore irrelevant server options
- when it uses a contrib/postgres_fdw foreign server as
+ Teach contrib/dblinkfilename> to ignore irrelevant server options
+ when it uses a contrib/postgres_fdwfilename> foreign server as
the source of connection options (Corey Huinker)
Previously, if the foreign server object had options that were not
- also
libpq connection options, an error occurred. + also
libpqapplication> connection options, an error occurred.
- Update time zone data files to
tzdata release 2016j + Update time zone data files to
tzdataapplication> release 2016j for DST law changes in northern Cyprus (adding a new zone
Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga,
and Antarctica/Casey.
crash recovery, or to be written incorrectly on a standby server.
Bogus entries in a free space map could lead to attempts to access
pages that have been truncated away from the relation itself, typically
- producing errors like could not read block XXX:
+ producing errors like could not read block XXXreplaceable>:
read only 0 of 8192 bytes. Checksum failures in the
visibility map are also possible, if checksumming is enabled.
Procedures for determining whether there is a problem and repairing it
if so are discussed at
- Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that
+ Fix SELECT FOR UPDATE/SHAREcommand> to correctly lock tuples that
have been updated by a subsequently-aborted transaction
(Álvaro Herrera)
- In 9.5 and later, the SELECT would sometimes fail to
+ In 9.5 and later, the SELECTcommand> would sometimes fail to
return such tuples at all. A failure has not been proven to occur in
earlier releases, but might be possible with concurrent updates.
- Fix EXPLAIN to emit valid XML when
+ Fix EXPLAINcommand> to emit valid XML when
is on (Markus Winand)
Previously the XML output-format option produced syntactically invalid
- tags such as <I/O-Read-Time>. That is now
- rendered as <I-O-Read-Time>.
+ tags such as <I/O-Read-Time>literal>. That is now
+ rendered as <I-O-Read-Time>literal>.
Suppress printing of zeroes for unmeasured times
- in EXPLAIN (Maksim Milyutin)
+ in EXPLAINcommand> (Maksim Milyutin)
Certain option combinations resulted in printing zero values for times
that actually aren't ever measured in that combination. Our general
- policy in EXPLAIN is not to print such fields at all, so
+ policy in EXPLAINcommand> is not to print such fields at all, so
do that consistently in all cases.
- Fix timeout length when VACUUM is waiting for exclusive
+ Fix timeout length when VACUUMcommand> is waiting for exclusive
table lock so that it can truncate the table (Simon Riggs)
The timeout was meant to be 50 milliseconds, but it was actually only
- 50 microseconds, causing VACUUM to give up on truncation
+ 50 microseconds, causing VACUUMcommand> to give up on truncation
much more easily than intended. Set it to the intended value.
- Fix bugs in merging inherited CHECK constraints while
+ Fix bugs in merging inherited CHECKliteral> constraints while
creating or altering a table (Tom Lane, Amit Langote)
- Allow identical CHECK constraints to be added to a parent
+ Allow identical CHECKliteral> constraints to be added to a parent
and child table in either order. Prevent merging of a valid
- constraint from the parent table with a NOT VALID
+ constraint from the parent table with a NOT VALIDliteral>
constraint on the child. Likewise, prevent merging of a NO
- INHERIT child constraint with an inherited constraint.
+ INHERITliteral> child constraint with an inherited constraint.
Remove artificial restrictions on the values accepted
- by numeric_in()> and numeric_recv()>
+ by numeric_in()function> and numeric_recv()>
(Tom Lane)
We allow numeric values up to the limit of the storage format (more
- than 1e100000), so it seems fairly pointless
- that numeric_in() rejected scientific-notation exponents
- above 1000. Likewise, it was silly for numeric_recv() to
+ than 1e100000literal>), so it seems fairly pointless
+ that numeric_in()function> rejected scientific-notation exponents
+ above 1000. Likewise, it was silly for numeric_recv()function> to
reject more than 1000 digits in an input value.
- Disallow starting a standalone backend with standby_mode
+ Disallow starting a standalone backend with standby_modeliteral>
turned on (Michael Paquier)
Don't try to share SSL contexts across multiple connections
- in
libpq (Heikki Linnakangas) + in
libpqapplication> (Heikki Linnakangas)
- Avoid corner-case memory leak in
libpq (Tom Lane) + Avoid corner-case memory leak in
libpqapplication> (Tom Lane)
The reported problem involved leaking an error report
- during PQreset(), but there might be related cases.
+ during PQreset()function>, but there might be related cases.
- Make
ecpg>'s --help and --version> + Make
ecpgapplication>'s --help and --version> options work consistently with our other executables (Haribabu Kommi)
- In
pg_dump, never dump range constructor functions + In
pg_dumpapplication>, never dump range constructor functions (Tom Lane)
- This oversight led to
pg_upgrade failures with + This oversight led to
pg_upgradeapplication> failures with extensions containing range types, due to duplicate creation of the
constructor functions.
- In
pg_xlogdump, retry opening new WAL segments when - using --follow option (Magnus Hagander)
+ In
pg_xlogdumpapplication>, retry opening new WAL segments when + using --followoption> option (Magnus Hagander)
- Fix
pg_xlogdump to cope with a WAL file that begins + Fix
pg_xlogdumpapplication> to cope with a WAL file that begins with a continuation record spanning more than one page (Pavan
Deolasee)
- Fix contrib/intarray/bench/bench.pl to print the results
- of the EXPLAIN> it does when given the -e> option
+ Fix contrib/intarray/bench/bench.plfilename> to print the results
+ of the EXPLAINcommand> it does when given the -e> option
(Daniel Gustafsson)
If a dynamic time zone abbreviation does not match any entry in the
referenced time zone, treat it as equivalent to the time zone name.
This avoids unexpected failures when IANA removes abbreviations from
- their time zone database, as they did in
tzdata + their time zone database, as they did in
tzdataapplication> release 2016f and seem likely to do again in the future. The
consequences were not limited to not recognizing the individual
abbreviation; any mismatch caused
- the pg_timezone_abbrevs view to fail altogether.
+ the pg_timezone_abbrevsstructname> view to fail altogether.
- Update time zone data files to
tzdata release 2016h + Update time zone data files to
tzdataapplication> release 2016h for DST law changes in Palestine and Turkey, plus historical
corrections for Turkey and some regions of Russia.
Switch to numeric abbreviations for some time zones in Antarctica,
or no currency among the local population. They are in process of
reversing that policy in favor of using numeric UTC offsets in zones
where there is no evidence of real-world use of an English
- abbreviation. At least for the time being,
PostgreSQL + abbreviation. At least for the time being,
PostgreSQLproductname> will continue to accept such removed abbreviations for timestamp input.
- But they will not be shown in the pg_timezone_names
+ But they will not be shown in the pg_timezone_namesstructname>
view nor used for output.
- In this update, AMT is no longer shown as being in use to
- mean Armenia Time. Therefore, we have changed the Default
+ In this update, AMTliteral> is no longer shown as being in use to
+ mean Armenia Time. Therefore, we have changed the Defaultliteral>
abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4.
Fix possible mis-evaluation of
- nested CASE>-WHEN> expressions (Heikki
+ nested CASEliteral>-WHEN> expressions (Heikki
Linnakangas, Michael Paquier, Tom Lane)
- A CASE expression appearing within the test value
- subexpression of another CASE could become confused about
+ A CASEliteral> expression appearing within the test value
+ subexpression of another CASEliteral> could become confused about
whether its own test value was null or not. Also, inlining of a SQL
function implementing the equality operator used by
- a CASE expression could result in passing the wrong test
- value to functions called within a CASE expression in the
+ a CASEliteral> expression could result in passing the wrong test
+ value to functions called within a CASEliteral> expression in the
SQL function's body. If the test values were of different data
types, a crash might result; moreover such situations could be abused
to allow disclosure of portions of server memory. (CVE-2016-5423)
- Numerous places in
vacuumdb and other client programs + Numerous places in
vacuumdbapplication> and other client programs could become confused by database and role names containing double
quotes or backslashes. Tighten up quoting rules to make that safe.
Also, ensure that when a conninfo string is used as a database name
Fix handling of paired double quotes
- and \password commands to match the documentation.
+ in
psqlapplication>'s \connect> + and \passwordcommand> commands to match the documentation.
- Introduce a new -reuse-previous option
- in
psql>'s \connect> command to allow + Introduce a new -reuse-previousoption> option
+ in
psqlapplication>'s \connect> command to allow explicit control of whether to re-use connection parameters from a
previous connection. (Without this, the choice is based on whether
the database name looks like a conninfo string, as before.) This
allows secure handling of database names containing special
- characters in
pg_dumpall scripts. + characters in
pg_dumpallapplication> scripts.
-
pg_dumpall now refuses to deal with database and role +
pg_dumpallapplication> now refuses to deal with database and role names containing carriage returns or newlines, as it seems impractical
to quote those characters safely on Windows. In future we may reject
such names on the server side, but that step has not been taken yet.
These are considered security fixes because crafted object names
containing special characters could have been used to execute
commands with superuser privileges the next time a superuser
- executes
pg_dumpall or other routine maintenance + executes
pg_dumpallapplication> or other routine maintenance operations. (CVE-2016-5424)
- Fix corner-case misbehaviors for IS NULL/IS NOT
- NULL applied to nested composite values (Andrew Gierth, Tom Lane)
+ Fix corner-case misbehaviors for IS NULLliteral>/IS NOT
+ NULLliteral> applied to nested composite values (Andrew Gierth, Tom Lane)
- The SQL standard specifies that IS NULL should return
+ The SQL standard specifies that IS NULLliteral> should return
TRUE for a row of all null values (thus ROW(NULL,NULL) IS
- NULL yields TRUE), but this is not meant to apply recursively
- (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE).
+ NULLliteral> yields TRUE), but this is not meant to apply recursively
+ (thus ROW(NULL, ROW(NULL,NULL)) IS NULLliteral> yields FALSE).
The core executor got this right, but certain planner optimizations
treated the test as recursive (thus producing TRUE in both cases),
- and contrib/postgres_fdw could produce remote queries
+ and contrib/postgres_fdwfilename> could produce remote queries
that misbehaved similarly.
- Make the inet> and cidr> data types properly reject
+ Make the inettype> and cidr> data types properly reject
IPv6 addresses with too many colon-separated fields (Tom Lane)
- Prevent crash in close_ps()
- (the point> ## lseg> operator)
+ Prevent crash in close_ps()function>
+ (the pointtype> ## lseg> operator)
for NaN input coordinates (Tom Lane)
- Avoid possible crash in pg_get_expr() when inconsistent
+ Avoid possible crash in pg_get_expr()function> when inconsistent
values are passed to it (Michael Paquier, Thomas Munro)
- Fix several one-byte buffer over-reads in to_number()
+ Fix several one-byte buffer over-reads in to_number()function>
(Peter Eisentraut)
- In several cases the to_number() function would read one
+ In several cases the to_number()function> function would read one
more character than it should from the input string. There is a
small chance of a crash, if the input happens to be adjacent to the
end of memory.
Do not run the planner on the query contained in CREATE
- MATERIALIZED VIEW> or CREATE TABLE AS>
- when WITH NO DATA is specified (Michael Paquier,
+ MATERIALIZED VIEWliteral> or CREATE TABLE AS>
+ when WITH NO DATAliteral> is specified (Michael Paquier,
Tom Lane)
Avoid unsafe intermediate state during expensive paths
- through heap_update() (Masahiko Sawada, Andres Freund)
+ through heap_update()function> (Masahiko Sawada, Andres Freund)
- Avoid unnecessary could not serialize access errors when
- acquiring FOR KEY SHARE row locks in serializable mode
+ Avoid unnecessary could not serialize accessquote> errors when
+ acquiring FOR KEY SHAREliteral> row locks in serializable mode
(Álvaro Herrera)
- Avoid crash in postgres -C when the specified variable
+ Avoid crash in postgres -Cliteral> when the specified variable
has a null string value (Michael Paquier)
- Avoid consuming a transaction ID during VACUUM
+ Avoid consuming a transaction ID during VACUUMcommand>
(Alexander Korotkov)
- Some cases in VACUUM unnecessarily caused an XID to be
+ Some cases in VACUUMcommand> unnecessarily caused an XID to be
assigned to the current transaction. Normally this is negligible,
but if one is up against the XID wraparound limit, consuming more
XIDs during anti-wraparound vacuums is a very bad thing.
- Avoid canceling hot-standby queries during VACUUM FREEZE
+ Avoid canceling hot-standby queries during VACUUM FREEZEcommand>
(Simon Riggs, Álvaro Herrera)
- VACUUM FREEZE on an otherwise-idle master server could
+ VACUUM FREEZEcommand> on an otherwise-idle master server could
result in unnecessary cancellations of queries on its standby
servers.
The usual symptom of this bug is errors
- like MultiXactId NNN has not been created
+ like MultiXactId NNNreplaceable> has not been created
yet -- apparent wraparound.
- When a manual ANALYZE specifies a column list, don't
- reset the table's changes_since_analyze counter
+ When a manual ANALYZEcommand> specifies a column list, don't
+ reset the table's changes_since_analyzeliteral> counter
(Tom Lane)
- Fix ANALYZE>'s overestimation of n_distinct>
+ Fix ANALYZEcommand>'s overestimation of n_distinct>
for a unique or nearly-unique column with many null entries (Tom
Lane)
- Fix contrib/btree_gin to handle the smallest
- possible bigint value correctly (Peter Eisentraut)
+ Fix contrib/btree_ginfilename> to handle the smallest
+ possible biginttype> value correctly (Peter Eisentraut)
It's planned to switch to two-part instead of three-part server
version numbers for releases after 9.6. Make sure
- that PQserverVersion() returns the correct value for
+ that PQserverVersion()function> returns the correct value for
such cases.
- Fix
ecpg>'s code for unsigned long long> + Fix
ecpgapplication>'s code for unsigned long long> array elements (Michael Meskes)
- In
pg_dump> with both -c and -C> - options, avoid emitting an unwanted CREATE SCHEMA public
+ In
pg_dumpapplication> with both -c and -C> + options, avoid emitting an unwanted CREATE SCHEMA publicliteral>
command (David Johnston, Tom Lane)
- Improve handling of SIGTERM/control-C in
- parallel
pg_dump> and pg_restore> (Tom + Improve handling of SIGTERMsystemitem>/control-C in
+ parallel
pg_dumpapplication> and pg_restore> (Tom Lane)
Make sure that the worker processes will exit promptly, and also arrange
to send query-cancel requests to the connected backends, in case they
- are doing something long-running such as a CREATE INDEX.
+ are doing something long-running such as a CREATE INDEXcommand>.
- Fix error reporting in parallel
pg_dump - and
pg_restore (Tom Lane) + Fix error reporting in parallel
pg_dumpapplication> + and
pg_restoreapplication> (Tom Lane)
- Previously, errors reported by
pg_dump - or
pg_restore worker processes might never make it to + Previously, errors reported by
pg_dumpapplication> + or
pg_restoreapplication> worker processes might never make it to the user's console, because the messages went through the master
process, and there were various deadlock scenarios that would prevent
the master process from passing on the messages. Instead, just print
- everything to stderr. In some cases this will result in
+ everything to stderrliteral>. In some cases this will result in
duplicate messages (for instance, if all the workers report a server
shutdown), but that seems better than no message.
- Ensure that parallel
pg_dump - or
pg_restore on Windows will shut down properly + Ensure that parallel
pg_dumpapplication> + or
pg_restoreapplication> on Windows will shut down properly after an error (Kyotaro Horiguchi)
- Make
pg_dump behave better when built without zlib + Make
pg_dumpapplication> behave better when built without zlib support (Kyotaro Horiguchi)
- Make
pg_basebackup> accept -Z 0> as + Make
pg_basebackupapplication> accept -Z 0> as specifying no compression (Fujii Masao)
- Be more predictable about reporting statement timeout
- versus lock timeout (Tom Lane)
+ Be more predictable about reporting statement timeoutquote>
+ versus lock timeoutquote> (Tom Lane)
On heavily loaded machines, the regression tests sometimes failed due
- to reporting lock timeout even though the statement timeout
+ to reporting lock timeoutquote> even though the statement timeout
should have occurred first.
Update our copy of the timezone code to match
- IANA's
tzcode release 2016c (Tom Lane) + IANA's
tzcodeapplication> release 2016c (Tom Lane)
- Update time zone data files to
tzdata release 2016f + Update time zone data files to
tzdataapplication> release 2016f for DST law changes in Kemerovo and Novosibirsk, plus historical
corrections for Azerbaijan, Belarus, and Morocco.
using OpenSSL within a single process and not all the code involved
follows the same rules for when to clear the error queue.
Failures have been reported specifically when a client application
- uses SSL connections in
libpq concurrently with + uses SSL connections in
libpqapplication> concurrently with SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL.
It's possible for similar problems to arise within the server as well,
if an extension module establishes an outgoing SSL connection.
- Fix failed to build any N-way joins
+ Fix failed to build any Nreplaceable>-way joins
planner error with a full join enclosed in the right-hand side of a
left join (Tom Lane)
Given a three-or-more-way equivalence class of variables, such
- as X.X = Y.Y = Z.Z, it was possible for the planner to omit
+ as X.X = Y.Y = Z.Zliteral>, it was possible for the planner to omit
some of the tests needed to enforce that all the variables are actually
equal, leading to join rows being output that didn't satisfy
- the WHERE clauses. For various reasons, erroneous plans
+ the WHEREliteral> clauses. For various reasons, erroneous plans
were seldom selected in practice, so that this bug has gone undetected
for a long time.
- Fix possible misbehavior of TH>, th>,
- and Y,YYY> format codes in to_timestamp()>
+ Fix possible misbehavior of THliteral>, th>,
+ and Y,YYYliteral> format codes in to_timestamp()>
(Tom Lane)
- Fix dumping of rules and views in which the array
- argument of a value> operator>
- ANY (array) construct is a sub-SELECT
+ Fix dumping of rules and views in which the arrayreplaceable>
+ argument of a valuereplaceable> operator>
+ ANY (arrayreplaceable>) construct is a sub-SELECT
(Tom Lane)
- Make
pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane)
+ Make
pg_regressapplication> use a startup timeout from the + PGCTLTIMEOUTenvar> environment variable, if that's set (Tom Lane)
This is for consistency with a behavior recently added
- to
pg_ctl; it eases automated testing on slow machines. + to
pg_ctlapplication>; it eases automated testing on slow machines.
- Fix
pg_upgrade to correctly restore extension + Fix
pg_upgradeapplication> to correctly restore extension membership for operator families containing only one operator class
(Tom Lane)
In such a case, the operator family was restored into the new database,
but it was no longer marked as part of the extension. This had no
- immediate ill effects, but would cause later
pg_dump + immediate ill effects, but would cause later
pg_dumpapplication> runs to emit output that would cause (harmless) errors on restore.
- Fix
pg_upgrade to not fail when new-cluster TOAST rules + Fix
pg_upgradeapplication> to not fail when new-cluster TOAST rules differ from old (Tom Lane)
-
pg_upgrade had special-case code to handle the - situation where the new
PostgreSQL version thinks that +
pg_upgradeapplication> had special-case code to handle the + situation where the new
PostgreSQLproductname> version thinks that a table should have a TOAST table while the old version did not. That
code was broken, so remove it, and instead do nothing in such cases;
there seems no reason to believe that we can't get along fine without
Reduce the number of SysV semaphores used by a build configured with
- --disable-spinlocks (Tom Lane)
+ --disable-spinlocksoption> (Tom Lane)
- Rename internal function strtoi()
- to strtoint() to avoid conflict with a NetBSD library
+ Rename internal function strtoi()function>
+ to strtoint()function> to avoid conflict with a NetBSD library
function (Thomas Munro)
- Fix reporting of errors from bind()
- and listen() system calls on Windows (Tom Lane)
+ Fix reporting of errors from bind()function>
+ and listen()function> system calls on Windows (Tom Lane)
- Fix putenv() to work properly with Visual Studio 2013
+ Fix putenv()function> to work properly with Visual Studio 2013
(Michael Paquier)
- Avoid possibly-unsafe use of Windows' FormatMessage()
+ Avoid possibly-unsafe use of Windows' FormatMessage()function>
function (Christian Ullrich)
- Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where
+ Use the FORMAT_MESSAGE_IGNORE_INSERTSliteral> flag where
appropriate. No live bug is known to exist here, but it seems like a
good idea to be careful.
- Update time zone data files to
tzdata release 2016d + Update time zone data files to
tzdataapplication> release 2016d for DST law changes in Russia and Venezuela. There are new zone
- names Europe/Kirov> and Asia/Tomsk> to reflect
+ names Europe/Kirovliteral> and Asia/Tomsk> to reflect
the fact that these regions now have different time zone histories from
adjacent regions.
Fix incorrect handling of NULL index entries in
- indexed ROW() comparisons (Tom Lane)
+ indexed ROW()literal> comparisons (Tom Lane)
An index search using a row comparison such as ROW(a, b) >
- ROW('x', 'y') would stop upon reaching a NULL entry in
- the b column, ignoring the fact that there might be
- non-NULL b values associated with later values
- of a.
+ ROW('x', 'y')literal> would stop upon reaching a NULL entry in
+ the bstructfield> column, ignoring the fact that there might be
+ non-NULL bstructfield> values associated with later values
+ of astructfield>.
Avoid unlikely data-loss scenarios due to renaming files without
- adequate fsync() calls before and after (Michael Paquier,
+ adequate fsync()function> calls before and after (Michael Paquier,
Tomas Vondra, Andres Freund)
- Correctly handle cases where pg_subtrans is close to XID
+ Correctly handle cases where pg_subtransliteral> is close to XID
wraparound during server startup (Jeff Janes)
- Fix corner-case crash due to trying to free localeconv()
+ Fix corner-case crash due to trying to free localeconv()function>
output strings more than once (Tom Lane)
- Fix parsing of affix files for ispell dictionaries
+ Fix parsing of affix files for ispellliteral> dictionaries
(Tom Lane)
The code could go wrong if the affix file contained any characters
whose byte length changes during case-folding, for
- example I in Turkish UTF8 locales.
+ example Iliteral> in Turkish UTF8 locales.
- Avoid use of sscanf()> to parse ispell>
+ Avoid use of sscanf()function> to parse ispell>
dictionary files (Artur Zakirov)
- Fix
psql's tab completion logic to handle multibyte + Fix
psqlapplication>'s tab completion logic to handle multibyte characters properly (Kyotaro Horiguchi, Robert Haas)
- Fix
psql's tab completion for - SECURITY LABEL (Tom Lane)
+ Fix
psqlapplication>'s tab completion for + SECURITY LABELliteral> (Tom Lane)
- Pressing TAB after SECURITY LABEL might cause a crash
+ Pressing TAB after SECURITY LABELliteral> might cause a crash
or offering of inappropriate keywords.
- Make
pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on
+ Make
pg_ctlapplication> accept a wait timeout from the + PGCTLTIMEOUTenvar> environment variable, if none is specified on
the command line (Noah Misch)
Fix incorrect test for Windows service status
- in
pg_ctl (Manuel Mathar) + in
pg_ctlapplication> (Manuel Mathar)
The previous set of minor releases attempted to
- fix
pg_ctl to properly determine whether to send log + fix
pg_ctlapplication> to properly determine whether to send log messages to Window's Event Log, but got the test backwards.
- Fix
pgbench to correctly handle the combination - of -C> and -M prepared> options (Tom Lane)
+ Fix
pgbenchapplication> to correctly handle the combination + of -Cliteral> and -M prepared> options (Tom Lane)
- In
pg_upgrade, skip creating a deletion script when + In
pg_upgradeapplication>, skip creating a deletion script when the new data directory is inside the old data directory (Bruce
Momjian)
Fix multiple mistakes in the statistics returned
- by contrib/pgstattuple>'s pgstatindex()>
+ by contrib/pgstattuplefilename>'s pgstatindex()>
function (Tom Lane)
- Remove dependency on psed in MSVC builds, since it's no
+ Remove dependency on psedliteral> in MSVC builds, since it's no
longer provided by core Perl (Michael Paquier, Andrew Dunstan)
- Update time zone data files to
tzdata release 2016c + Update time zone data files to
tzdataapplication> release 2016c for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia
(Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus
historical corrections for Lithuania, Moldova, and Russia
- Perform an immediate shutdown if the postmaster.pid file
+ Perform an immediate shutdown if the postmaster.pidfilename> file
is removed (Tom Lane)
The postmaster now checks every minute or so
- that postmaster.pid is still there and still contains its
+ that postmaster.pidfilename> is still there and still contains its
own PID. If not, it performs an immediate shutdown, as though it had
- received SIGQUIT. The main motivation for this change
+ received SIGQUITsystemitem>. The main motivation for this change
is to ensure that failed buildfarm runs will get cleaned up without
manual intervention; but it also serves to limit the bad effects if a
- DBA forcibly removes postmaster.pid and then starts a new
+ DBA forcibly removes postmaster.pidfilename> and then starts a new
postmaster.
- In SERIALIZABLE transaction isolation mode, serialization
+ In SERIALIZABLEliteral> transaction isolation mode, serialization
anomalies could be missed due to race conditions during insertions
(Kevin Grittner, Thomas Munro)
Fix failure to emit appropriate WAL records when doing ALTER
- TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier,
+ TABLE ... SET TABLESPACEliteral> for unlogged relations (Michael Paquier,
Andres Freund)
- Fix ALTER COLUMN TYPE to reconstruct inherited check
+ Fix ALTER COLUMN TYPEcommand> to reconstruct inherited check
constraints properly (Tom Lane)
- Fix REASSIGN OWNED to change ownership of composite types
+ Fix REASSIGN OWNEDcommand> to change ownership of composite types
properly (Álvaro Herrera)
- Fix REASSIGN OWNED> and ALTER OWNER> to correctly
+ Fix REASSIGN OWNEDcommand> and ALTER OWNER> to correctly
update granted-permissions lists when changing owners of data types,
foreign data wrappers, or foreign servers (Bruce Momjian,
Álvaro Herrera)
- Fix REASSIGN OWNED to ignore foreign user mappings,
+ Fix REASSIGN OWNEDcommand> to ignore foreign user mappings,
rather than fail (Álvaro Herrera)
- Fix planner's handling of LATERAL references (Tom
+ Fix planner's handling of LATERALliteral> references (Tom
Lane)
This fixes some corner cases that led to failed to build any
- N-way joins> or could not devise a query plan> planner
+ N-way joinsquote> or could not devise a query plan> planner
failures.
- Speed up generation of unique table aliases in EXPLAIN and
+ Speed up generation of unique table aliases in EXPLAINcommand> and
rule dumping, and ensure that generated aliases do not
- exceed NAMEDATALEN (Tom Lane)
+ exceed NAMEDATALENliteral> (Tom Lane)
- Fix dumping of whole-row Vars in ROW()
- and VALUES() lists (Tom Lane)
+ Fix dumping of whole-row Vars in ROW()literal>
+ and VALUES()literal> lists (Tom Lane)
- Fix possible internal overflow in numeric division
+ Fix possible internal overflow in numerictype> division
(Dean Rasheed)
This causes the code to emit regular expression is too
- complex errors in some cases that previously used unreasonable
+ complexquote> errors in some cases that previously used unreasonable
amounts of time and memory.
- Make %h> and %r> escapes
- in log_line_prefix work for messages emitted due
- to log_connections (Tom Lane)
+ Make %hliteral> and %r> escapes
+ in log_line_prefixvarname> work for messages emitted due
+ to log_connectionsvarname> (Tom Lane)
- Previously, %h>/%r> started to work just after a
- new session had emitted the connection received log message;
+ Previously, %hliteral>/%r> started to work just after a
+ new session had emitted the connection receivedquote> log message;
now they work for that message too.
This oversight resulted in failure to recover from crashes
- whenever logging_collector is turned on.
+ whenever logging_collectorvarname> is turned on.
- In
psql>, ensure that libreadline>'s idea + In
psqlapplication>, ensure that libreadline>'s idea of the screen size is updated when the terminal window size changes
(Merlin Moncure)
- Previously,
libreadline did not notice if the window + Previously,
libreadlineapplication> did not notice if the window was resized during query output, leading to strange behavior during
later input of multiline queries.
- Fix
psql>'s \det> command to interpret its - pattern argument the same way as other \d commands with
+ Fix
psqlapplication>'s \det> command to interpret its + pattern argument the same way as other \dliteral> commands with
potentially schema-qualified patterns do (Reece Hart)
- Avoid possible crash in
psql>'s \c> command + Avoid possible crash in
psqlapplication>'s \c> command when previous connection was via Unix socket and command specifies a
new hostname and same username (Tom Lane)
- In pg_ctl start -w, test child process status directly
+ In pg_ctl start -wliteral>, test child process status directly
rather than relying on heuristics (Tom Lane, Michael Paquier)
- Previously,
pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five
+ Previously,
pg_ctlapplication> relied on an assumption that the new + postmaster would always create postmaster.pidfilename> within five
seconds. But that can fail on heavily-loaded systems,
- causing
pg_ctl to report incorrectly that the + causing
pg_ctlapplication> to report incorrectly that the postmaster failed to start.
Except on Windows, this change also means that a pg_ctl start
- -w done immediately after another such command will now reliably
+ -wliteral> done immediately after another such command will now reliably
fail, whereas previously it would report success if done within two
seconds of the first command.
- In pg_ctl start -w, don't attempt to use a wildcard listen
+ In pg_ctl start -wliteral>, don't attempt to use a wildcard listen
address to connect to the postmaster (Kondo Yuta)
- On Windows,
pg_ctl would fail to detect postmaster - startup if listen_addresses> is set to 0.0.0.0>
- or ::, because it would try to use that value verbatim as
+ On Windows,
pg_ctlapplication> would fail to detect postmaster + startup if listen_addressesvarname> is set to 0.0.0.0>
+ or ::literal>, because it would try to use that value verbatim as
the address to connect to, which doesn't work. Instead assume
- that 127.0.0.1> or ::1>, respectively, is the
+ that 127.0.0.1literal> or ::1>, respectively, is the
right thing to use.
- In
pg_ctl on Windows, check service status to decide + In
pg_ctlapplication> on Windows, check service status to decide where to send output, rather than checking if standard output is a
terminal (Michael Paquier)
- In
pg_dump> and pg_basebackup>, adopt + In
pg_dumpapplication> and pg_basebackup>, adopt the GNU convention for handling tar-archive members exceeding 8GB
(Tom Lane)
- The POSIX standard for tar file format does not allow
+ The POSIX standard for tarliteral> file format does not allow
archive member files to exceed 8GB, but most modern implementations
- of
tar support an extension that fixes that. Adopt - this extension so that
pg_dump> with -Ft> no + of
tarapplication> support an extension that fixes that. Adopt + this extension so that
pg_dumpapplication> with -Ft> no longer fails on tables with more than 8GB of data, and so
- that
pg_basebackup can handle files larger than 8GB. + that
pg_basebackupapplication> can handle files larger than 8GB. In addition, fix some portability issues that could cause failures for
members between 4GB and 8GB on some platforms. Potentially these
problems could cause unrecoverable data loss due to unreadable backup
- Fix assorted corner-case bugs in
pg_dump's processing + Fix assorted corner-case bugs in
pg_dumpapplication>'s processing of extension member objects (Tom Lane)
- Make
pg_dump mark a view's triggers as needing to be + Make
pg_dumpapplication> mark a view's triggers as needing to be processed after its rule, to prevent possible failure during
- parallel
pg_restore (Tom Lane) + parallel
pg_restoreapplication> (Tom Lane)
Ensure that relation option values are properly quoted
- in
pg_dump (Kouhei Sutou, Tom Lane) + in
pg_dumpapplication> (Kouhei Sutou, Tom Lane)
A reloption value that isn't a simple identifier or number could lead
to dump/reload failures due to syntax errors in CREATE statements
- issued by
pg_dump. This is not an issue with any - reloption currently supported by core
PostgreSQL, but + issued by
pg_dumpapplication>. This is not an issue with any + reloption currently supported by core
PostgreSQLproductname>, but extensions could allow reloptions that cause the problem.
- Avoid repeated password prompts during parallel
pg_dump + Avoid repeated password prompts during parallel
pg_dumpapplication> (Zeus Kronion)
- Fix
pg_upgrade's file-copying code to handle errors + Fix
pg_upgradeapplication>'s file-copying code to handle errors properly on Windows (Bruce Momjian)
- Install guards in
pgbench against corner-case overflow + Install guards in
pgbenchapplication> against corner-case overflow conditions during evaluation of script-specified division or modulo
operators (Fabien Coelho, Michael Paquier)
Fix failure to localize messages emitted
- by
pg_receivexlog> and pg_recvlogical> + by
pg_receivexlogapplication> and pg_recvlogical> (Ioseph Kim)
- Avoid dump/reload problems when using both
plpython2 - and
plpython3 (Tom Lane) + Avoid dump/reload problems when using both
plpython2application> + and
plpython3application> (Tom Lane)
- In principle, both versions of
PL/Python can be used in + In principle, both versions of
PL/Pythonapplication> can be used in the same database, though not in the same session (because the two
- versions of
libpython cannot safely be used concurrently). - However,
pg_restore> and pg_upgrade> both + versions of
libpythonapplication> cannot safely be used concurrently). + However,
pg_restoreapplication> and pg_upgrade> both do things that can fall foul of the same-session restriction. Work
around that by changing the timing of the check.
- Fix
PL/Python regression tests to pass with Python 3.5 + Fix
PL/Pythonapplication> regression tests to pass with Python 3.5 (Peter Eisentraut)
- Fix premature clearing of
libpq's input buffer when + Fix premature clearing of
libpqapplication>'s input buffer when socket EOF is seen (Tom Lane)
- This mistake caused
libpq to sometimes not report the + This mistake caused
libpqapplication> to sometimes not report the backend's final error message before reporting server closed the
- connection unexpectedly.
+ connection unexpectedlyquote>.
- Prevent certain
PL/Java parameters from being set by + Prevent certain
PL/Javaapplication> parameters from being set by non-superusers (Noah Misch)
- This change mitigates a
PL/Java security bug - (CVE-2016-0766), which was fixed in
PL/Java by marking + This change mitigates a
PL/Javaapplication> security bug + (CVE-2016-0766), which was fixed in
PL/Javaapplication> by marking these parameters as superuser-only. To fix the security hazard for
- sites that update
PostgreSQL more frequently - than
PL/Java, make the core code aware of them also. + sites that update
PostgreSQLproductname> more frequently + than
PL/Javaapplication>, make the core code aware of them also.
- Improve
libpq's handling of out-of-memory situations + Improve
libpqapplication>'s handling of out-of-memory situations (Michael Paquier, Amit Kapila, Heikki Linnakangas)
Fix order of arguments
- in
ecpg>-generated typedef> statements + in
ecpgapplication>-generated typedef> statements (Michael Meskes)
- Use %g> not %f> format
- in
ecpg>'s PGTYPESnumeric_from_double()> + Use %gliteral> not %f> format
+ in
ecpgapplication>'s PGTYPESnumeric_from_double()> (Tom Lane)
- Fix
ecpg-supplied header files to not contain comments + Fix
ecpgapplication>-supplied header files to not contain comments continued from a preprocessor directive line onto the next line
(Michael Meskes)
- Such a comment is rejected by
ecpg. It's not yet clear - whether
ecpg itself should be changed. + Such a comment is rejected by
ecpgapplication>. It's not yet clear + whether
ecpgapplication> itself should be changed.
- Fix hstore_to_json_loose()'s test for whether
- an hstore value can be converted to a JSON number (Tom Lane)
+ Fix hstore_to_json_loose()function>'s test for whether
+ an hstoretype> value can be converted to a JSON number (Tom Lane)
- Ensure that contrib/pgcrypto>'s crypt()>
+ Ensure that contrib/pgcryptofilename>'s crypt()>
function can be interrupted by query cancel (Andreas Karlsson)
- Accept
flex versions later than 2.5.x + Accept
flexapplication> versions later than 2.5.x (Tom Lane, Michael Paquier)
- Install our missing script where PGXS builds can find it
+ Install our missingfilename> script where PGXS builds can find it
(Jim Nasby)
This allows sane behavior in a PGXS build done on a machine where build
- tools such as
bison are missing. + tools such as
bisonapplication> are missing.
- Ensure that dynloader.h is included in the installed
+ Ensure that dynloader.hfilename> is included in the installed
header files in MSVC builds (Bruce Momjian, Michael Paquier)
Add variant regression test expected-output file to match behavior of
- current
libxml2 (Tom Lane) + current
libxml2application> (Tom Lane)
- The fix for
libxml2's CVE-2015-7499 causes it not to + The fix for
libxml2application>'s CVE-2015-7499 causes it not to output error context reports in some cases where it used to do so.
This seems to be a bug, but we'll probably have to live with it for
some time, so work around it.
- Update time zone data files to
tzdata release 2016a for + Update time zone data files to
tzdataapplication> release 2016a for DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
- Guard against stack overflows in json parsing
+ Guard against stack overflows in jsontype> parsing
(Oskari Saarenmaa)
- If an application constructs PostgreSQL json
- or jsonb values from arbitrary user input, the application's
+ If an application constructs PostgreSQL jsontype>
+ or jsonbtype> values from arbitrary user input, the application's
users can reliably crash the PostgreSQL server, causing momentary
denial of service. (CVE-2015-5289)
- Fix contrib/pgcrypto to detect and report
- too-short crypt() salts (Josh Kupershmidt)
+ Fix contrib/pgcryptofilename> to detect and report
+ too-short crypt()function> salts (Josh Kupershmidt)
- Fix insertion of relations into the relation cache init file
+ Fix insertion of relations into the relation cache init filequote>
(Tom Lane)
An oversight in a patch in the most recent minor releases
- caused pg_trigger_tgrelid_tgname_index to be omitted
+ caused pg_trigger_tgrelid_tgname_indexstructname> to be omitted
from the init file. Subsequent sessions detected this, then deemed the
init file to be broken and silently ignored it, resulting in a
significant degradation in session startup time. In addition to fixing
- Improve LISTEN startup time when there are many unread
+ Improve LISTENcommand> startup time when there are many unread
notifications (Matt Newell)
- This was seen primarily when restoring
pg_dump output + This was seen primarily when restoring
pg_dumpapplication> output for databases with many thousands of tables.
too many bugs in practice, both in the underlying OpenSSL library and
in our usage of it. Renegotiation will be removed entirely in 9.5 and
later. In the older branches, just change the default value
- of ssl_renegotiation_limit to zero (disabled).
+ of ssl_renegotiation_limitvarname> to zero (disabled).
- Lower the minimum values of the *_freeze_max_age parameters
+ Lower the minimum values of the *_freeze_max_ageliteral> parameters
(Andres Freund)
- Limit the maximum value of wal_buffers to 2GB to avoid
+ Limit the maximum value of wal_buffersvarname> to 2GB to avoid
server crashes (Josh Berkus)
Avoid logging complaints when a parameter that can only be set at
- server start appears multiple times in postgresql.conf,
- and fix counting of line numbers after an include_dir
+ server start appears multiple times in postgresql.conffilename>,
+ and fix counting of line numbers after an include_dirliteral>
directive (Tom Lane)
- Fix rare internal overflow in multiplication of numeric values
+ Fix rare internal overflow in multiplication of numerictype> values
(Dean Rasheed)
Guard against hard-to-reach stack overflows involving record types,
- range types, json>, jsonb, tsquery>,
- ltxtquery> and query_int> (Noah Misch)
+ range types, jsontype>, jsonb , tsquery>,
+ ltxtquerytype> and query_int> (Noah Misch)
- Fix handling of DOW> and DOY> in datetime input
+ Fix handling of DOWliteral> and DOY> in datetime input
(Greg Stark)
These tokens aren't meant to be used in datetime values, but previously
they resulted in opaque internal error messages rather
- than invalid input syntax.
+ than invalid input syntaxquote>.
Add recursion depth protections to regular expression, SIMILAR
- TO>, and LIKE> matching (Tom Lane)
+ TOliteral>, and LIKE> matching (Tom Lane)
- Fix unexpected out-of-memory situation during sort errors
- when using tuplestores with small work_mem settings (Tom
+ Fix unexpected out-of-memory situation during sortquote> errors
+ when using tuplestores with small work_memvarname> settings (Tom
Lane)
- Fix very-low-probability stack overrun in qsort (Tom Lane)
+ Fix very-low-probability stack overrun in qsortfunction> (Tom Lane)
- Fix invalid memory alloc request size failure in hash joins
- with large work_mem settings (Tomas Vondra, Tom Lane)
+ Fix invalid memory alloc request sizequote> failure in hash joins
+ with large work_memvarname> settings (Tomas Vondra, Tom Lane)
These mistakes could lead to incorrect query plans that would give wrong
answers, or to assertion failures in assert-enabled builds, or to odd
planner errors such as could not devise a query plan for the
- given query, could not find pathkey item to
- sort>, plan should not reference subplan's variable>,
- or failed to assign all NestLoopParams to plan nodes.
+ given queryquote>, could not find pathkey item to
+ sortquote>, plan should not reference subplan's variable>,
+ or failed to assign all NestLoopParams to plan nodesquote>.
Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz
testing that exposed these problems.
- Improve planner's performance for UPDATE>/DELETE>
+ Improve planner's performance for UPDATEcommand>/DELETE>
on large inheritance sets (Tom Lane, Dean Rasheed)
During postmaster shutdown, ensure that per-socket lock files are
removed and listen sockets are closed before we remove
- the postmaster.pid file (Tom Lane)
+ the postmaster.pidfilename> file (Tom Lane)
This avoids race-condition failures if an external script attempts to
- start a new postmaster as soon as pg_ctl stop returns.
+ start a new postmaster as soon as pg_ctl stopliteral> returns.
- Do not print a WARNING when an autovacuum worker is already
+ Do not print a WARNINGliteral> when an autovacuum worker is already
gone when we attempt to signal it, and reduce log verbosity for such
signals (Tom Lane)
- VACUUM attempted to recycle such pages, but did so in a
+ VACUUMcommand> attempted to recycle such pages, but did so in a
way that wasn't crash-safe.
Fix off-by-one error that led to otherwise-harmless warnings
- about apparent wraparound in subtrans/multixact truncation
+ about apparent wraparoundquote> in subtrans/multixact truncation
(Thomas Munro)
- Fix misreporting of CONTINUE> and MOVE> statement
- types in
PL/pgSQL's error context messages + Fix misreporting of CONTINUEcommand> and MOVE> statement
+ types in
PL/pgSQLapplication>'s error context messages (Pavel Stehule, Tom Lane)
- Fix
PL/Perl> to handle non-ASCII> error + Fix
PL/Perlapplication> to handle non-ASCII> error message texts correctly (Alex Hunsaker)
- Fix
PL/Python crash when returning the string - representation of a record result (Tom Lane)
+ Fix
PL/Pythonapplication> crash when returning the string + representation of a recordtype> result (Tom Lane)
- Fix some places in
PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro
+ Fix some places in
PL/Tclapplication> that neglected to check for + failure of malloc()function> calls (Michael Paquier, Álvaro
Herrera)
- In contrib/isn, fix output of ISBN-13 numbers that begin
+ In contrib/isnfilename>, fix output of ISBN-13 numbers that begin
with 979 (Fabien Coelho)
- Improve contrib/postgres_fdw's handling of
+ Improve contrib/postgres_fdwfilename>'s handling of
collation-related decisions (Tom Lane)
The main user-visible effect is expected to be that comparisons
- involving varchar columns will be sent to the remote server
+ involving varchartype> columns will be sent to the remote server
for execution in more cases than before.
- Improve
libpq's handling of out-of-memory conditions + Improve
libpqapplication>'s handling of out-of-memory conditions (Michael Paquier, Heikki Linnakangas)
Fix memory leaks and missing out-of-memory checks
- in
ecpg (Michael Paquier) + in
ecpgapplication> (Michael Paquier)
- Fix
psql's code for locale-aware formatting of numeric + Fix
psqlapplication>'s code for locale-aware formatting of numeric output (Tom Lane)
- The formatting code invoked by \pset numericlocale on
+ The formatting code invoked by \pset numericlocale onliteral>
did the wrong thing for some uncommon cases such as numbers with an
exponent but no decimal point. It could also mangle already-localized
- output from the money data type.
+ output from the moneytype> data type.
- Prevent crash in
psql>'s \c> command when + Prevent crash in
psqlapplication>'s \c> command when there is no current connection (Noah Misch)
- Make
pg_dump> handle inherited NOT VALID> + Make
pg_dumpapplication> handle inherited NOT VALID> check constraints correctly (Tom Lane)
- Fix selection of default
zlib compression level - in
pg_dump's directory output format (Andrew Dunstan) + Fix selection of default
zlibapplication> compression level + in
pg_dumpapplication>'s directory output format (Andrew Dunstan)
- Ensure that temporary files created during a
pg_dump - run with
tar-format output are not world-readable (Michael + Ensure that temporary files created during a
pg_dumpapplication> + run with
taracronym>-format output are not world-readable (Michael Paquier)
- Fix
pg_dump> and pg_upgrade> to support - cases where the postgres> or template1> database
+ Fix
pg_dumpapplication> and pg_upgrade> to support + cases where the postgresliteral> or template1> database
is in a non-default tablespace (Marti Raudsepp, Bruce Momjian)
- Fix
pg_dump to handle object privileges sanely when + Fix
pg_dumpapplication> to handle object privileges sanely when dumping from a server too old to have a particular privilege type
(Tom Lane)
When dumping data types from pre-9.2 servers, and when dumping
functions or procedural languages from pre-7.3
- produce GRANT>/REVOKE> commands that revoked the
+ servers,
pg_dumpapplication> would + produce GRANTcommand>/REVOKE> commands that revoked the
owner's grantable privileges and instead granted all privileges
- to PUBLIC. Since the privileges involved are
- just USAGE> and EXECUTE>, this isn't a security
+ to PUBLICliteral>. Since the privileges involved are
+ just USAGEliteral> and EXECUTE>, this isn't a security
problem, but it's certainly a surprising representation of the older
systems' behavior. Fix it to leave the default privilege state alone
in these cases.
- Fix
pg_dump to dump shell types (Tom Lane) + Fix
pg_dumpapplication> to dump shell types (Tom Lane)
Shell types (that is, not-yet-fully-defined types) aren't useful for
- much, but nonetheless
pg_dump should dump them. + much, but nonetheless
pg_dumpapplication> should dump them.
- Fix assorted minor memory leaks in
pg_dump and other + Fix assorted minor memory leaks in
pg_dumpapplication> and other client-side programs (Michael Paquier)
Fix spinlock assembly code for PPC hardware to be compatible
- with
AIX's native assembler (Tom Lane) + with
AIXacronym>'s native assembler (Tom Lane)
- Building with
gcc> didn't work if gcc> + Building with
gccapplication> didn't work if gcc> had been configured to use the native assembler, which is becoming more
common.
- On
AIX>, test the -qlonglong> compiler option + On
AIXacronym>, test the -qlonglong> compiler option rather than just assuming it's safe to use (Noah Misch)
- On
AIX>, use -Wl,-brtllib> link option to allow + On
AIXacronym>, use -Wl,-brtllib> link option to allow symbols to be resolved at runtime (Noah Misch)
Avoid use of inline functions when compiling with
- 32-bit
xlc, due to compiler bugs (Noah Misch) + 32-bit
xlcapplication>, due to compiler bugs (Noah Misch)
- Use librt> for sched_yield()> when necessary,
+ Use librtfilename> for sched_yield()> when necessary,
which it is on some Solaris versions (Oskari Saarenmaa)
- Fix Windows install.bat script to handle target directory
+ Fix Windows install.batfilename> script to handle target directory
names that contain spaces (Heikki Linnakangas)
- Make the numeric form of the
PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles,
- as a variable named VERSION_NUM (Michael Paquier)
+ Make the numeric form of the
PostgreSQLproductname> version number + (e.g., 90405literal>) readily available to extension Makefiles,
+ as a variable named VERSION_NUMvarname> (Michael Paquier)
- Update time zone data files to
tzdata release 2015g for + Update time zone data files to
tzdataapplication> release 2015g for DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk
Island, North Korea, Turkey, and Uruguay. There is a new zone name
- America/Fort_Nelson for the Canadian Northern Rockies.
+ America/Fort_Nelsonliteral> for the Canadian Northern Rockies.
However, if you are upgrading an installation that was previously
- upgraded using a
pg_upgrade version between 9.3.0 and + upgraded using a
pg_upgradeapplication> version between 9.3.0 and 9.3.4 inclusive, see the first changelog entry below.
- Recent
PostgreSQL releases introduced mechanisms to + Recent
PostgreSQLproductname> releases introduced mechanisms to protect against multixact wraparound, but some of that code did not
account for the possibility that it would need to run during crash
recovery, when the database may not be in a consistent state. This
could result in failure to restart after a crash, or failure to start
up a secondary server. The lingering effects of a previously-fixed
- bug in
pg_upgrade could also cause such a failure, in - installations that had used
pg_upgrade versions + bug in
pg_upgradeapplication> could also cause such a failure, in + installations that had used
pg_upgradeapplication> versions between 9.3.0 and 9.3.4.
- The
pg_upgrade bug in question was that it would - set oldestMultiXid> to 1 in pg_control> even
+ The
pg_upgradeapplication> bug in question was that it would + set oldestMultiXidliteral> to 1 in pg_control> even
if the true value should be higher. With the fixes introduced in
this release, such a situation will result in immediate emergency
- autovacuuming until a correct oldestMultiXid value can be
+ autovacuuming until a correct oldestMultiXidliteral> value can be
determined. If that would pose a hardship, users can avoid it by
- doing manual vacuuming before upgrading to this release.
+ doing manual vacuuming beforeemphasis> upgrading to this release.
In detail:
- Check whether
pg_controldata reports Latest
- checkpoint's oldestMultiXid to be 1. If not, there's nothing
+ Check whether
pg_controldataapplication> reports Latest
+ checkpoint's oldestMultiXidquote> to be 1. If not, there's nothing
to do.
- Look in PGDATA/pg_multixact/offsets to see if there's a
- file named 0000. If there is, there's nothing to do.
+ Look in PGDATA/pg_multixact/offsetsfilename> to see if there's a
+ file named 0000filename>. If there is, there's nothing to do.
Otherwise, for each table that has
- pg_class>.relminmxid> equal to 1,
- VACUUM that table with
+ pg_classstructname>.relminmxid> equal to 1,
+ VACUUMcommand> that table with
both
and set to
zero. (You can use the vacuum cost delay parameters described
in to reduce
the performance consequences for concurrent sessions.) You must
- use
PostgreSQL 9.3.5 or later to perform this step. + use
PostgreSQLproductname> 9.3.5 or later to perform this step.
With just the wrong timing of concurrent activity, a VACUUM
- FULL> on a system catalog might fail to update the init file>
+ FULLcommand> on a system catalog might fail to update the init file>
that's used to avoid cache-loading work for new sessions. This would
result in later sessions being unable to access that catalog at all.
This is a very ancient bug, but it's so hard to trigger that no
Avoid deadlock between incoming sessions and CREATE/DROP
- DATABASE (Tom Lane)
+ DATABASEliteral> (Tom Lane)
A new session starting in a database that is the target of
- a DROP DATABASE command, or is the template for
- a CREATE DATABASE command, could cause the command to wait
+ a DROP DATABASEcommand> command, or is the template for
+ a CREATE DATABASEcommand> command, could cause the command to wait
for five seconds and then fail, even if the new session would have
exited before that.
- Avoid failures while fsync'ing data directory during
+ Avoid failures while fsyncfunction>'ing data directory during
crash restart (Abhijit Menon-Sen, Tom Lane)
- In the previous minor releases we added a patch to fsync
+ In the previous minor releases we added a patch to fsyncfunction>
everything in the data directory after a crash. Unfortunately its
response to any error condition was to fail, thereby preventing the
server from starting up, even when the problem was quite harmless.
- Also apply the same rules in initdb --sync-only.
+ Also apply the same rules in initdb --sync-onlyliteral>.
This case is less critical but it should act similarly.
- Fix pg_get_functiondef() to show
- functions' LEAKPROOF property, if set (Jeevan Chalke)
+ Fix pg_get_functiondef()function> to show
+ functions' LEAKPROOFliteral> property, if set (Jeevan Chalke)
- Remove
configure's check prohibiting linking to a - on OpenBSD (Tom Lane)
+ Remove
configureapplication>'s check prohibiting linking to a + threaded
libpythonapplication> + on OpenBSDsystemitem> (Tom Lane)
The failure this restriction was meant to prevent seems to not be a
- problem anymore on current OpenBSD
+ problem anymore on current OpenBSDsystemitem>
versions.
- Allow
libpq to use TLS protocol versions beyond v1 + Allow
libpqapplication> to use TLS protocol versions beyond v1 (Noah Misch)
- For a long time,
libpq was coded so that the only SSL + For a long time,
libpqapplication> was coded so that the only SSL protocol it would allow was TLS v1. Now that newer TLS versions are
becoming popular, allow it to negotiate the highest commonly-supported
- TLS version with the server. (
PostgreSQL servers were + TLS version with the server. (
PostgreSQLproductname> servers were already capable of such negotiation, so no change is needed on the
server side.) This is a back-patch of a change already released in
9.4.0.
- However, if you use contrib/citext's
- regexp_matches() functions, see the changelog entry below
+ However, if you use contrib/citextfilename>'s
+ regexp_matches()function> functions, see the changelog entry below
about that.
- Our replacement implementation of snprintf() failed to
+ Our replacement implementation of snprintf()function> failed to
check for errors reported by the underlying system library calls;
the main case that might be missed is out-of-memory situations.
In the worst case this might lead to information exposure, due to our
- It remains possible that some calls of the *printf()
+ It remains possible that some calls of the *printf()function>
family of functions are vulnerable to information disclosure if an
out-of-memory error occurs at just the wrong time. We judge the risk
to not be large, but will continue analysis in this area.
- In contrib/pgcrypto, uniformly report decryption failures
- as Wrong key or corrupt data (Noah Misch)
+ In contrib/pgcryptofilename>, uniformly report decryption failures
+ as Wrong key or corrupt dataquote> (Noah Misch)
Previously, some cases of decryption with an incorrect key could report
other error message texts. It has been shown that such variance in
error reports can aid attackers in recovering keys from other systems.
- While it's unknown whether pgcrypto's specific behaviors
+ While it's unknown whether pgcryptofilename>'s specific behaviors
are likewise exploitable, it seems better to avoid the risk by using a
one-size-fits-all message.
(CVE-2015-3167)
Under certain usage patterns, the existing defenses against this might
- be insufficient, allowing pg_multixact/members files to be
+ be insufficient, allowing pg_multixact/membersfilename> files to be
removed too early, resulting in data loss.
The fix for this includes modifying the server to fail transactions
that would result in overwriting old multixact member ID data, and
- Fix incorrect declaration of contrib/citext's
- regexp_matches() functions (Tom Lane)
+ Fix incorrect declaration of contrib/citextfilename>'s
+ regexp_matches()function> functions (Tom Lane)
- These functions should return setof text[], like the core
+ These functions should return setof text[]type>, like the core
functions they are wrappers for; but they were incorrectly declared as
- returning just text[]. This mistake had two results: first,
+ returning just text[]type>. This mistake had two results: first,
if there was no match you got a scalar null result, whereas what you
- should get is an empty set (zero rows). Second, the g flag
+ should get is an empty set (zero rows). Second, the gliteral> flag
was effectively ignored, since you would get only one result array even
if there were multiple matches.
While the latter behavior is clearly a bug, there might be applications
depending on the former behavior; therefore the function declarations
- will not be changed by default until
PostgreSQL 9.5. + will not be changed by default until
PostgreSQLproductname> 9.5. In pre-9.5 branches, the old behavior exists in version 1.0 of
- the citext extension, while we have provided corrected
- declarations in version 1.1 (which is not installed by
+ the citextliteral> extension, while we have provided corrected
+ declarations in version 1.1 (which is notemphasis> installed by
default). To adopt the fix in pre-9.5 branches, execute
- ALTER EXTENSION citext UPDATE TO '1.1' in each database in
- which citext> is installed. (You can also update>
+ ALTER EXTENSION citext UPDATE TO '1.1'literal> in each database in
+ which citextliteral> is installed. (You can also update>
back to 1.0 if you need to undo that.) Be aware that either update
direction will require dropping and recreating any views or rules that
- use citext>'s regexp_matches()> functions.
+ use citextfilename>'s regexp_matches()> functions.
This oversight in the planner has been observed to cause could
- not find RelOptInfo for given relids errors, but it seems possible
+ not find RelOptInfo for given relidsquote> errors, but it seems possible
that sometimes an incorrect query plan might get past that consistency
check and result in silently-wrong query output.
This oversight has been seen to lead to failed to join all
- relations together> errors in queries involving LATERAL>,
+ relations togetherquote> errors in queries involving LATERAL>,
and that might happen in other cases as well.
Fix possible deadlock at startup
- when max_prepared_transactions is too small
+ when max_prepared_transactionsliteral> is too small
(Heikki Linnakangas)
- Recursively fsync() the data directory after a crash
+ Recursively fsync()function> the data directory after a crash
(Abhijit Menon-Sen, Robert Haas)
- Cope with unexpected signals in LockBufferForCleanup()
+ Cope with unexpected signals in LockBufferForCleanup()function>
(Andres Freund)
This oversight could result in spurious errors about multiple
- backends attempting to wait for pincount 1.
+ backends attempting to wait for pincount 1quote>.
- Fix crash when doing COPY IN to a table with check
+ Fix crash when doing COPY INliteral> to a table with check
constraints that contain whole-row references (Tom Lane)
- ANALYZE executes index expressions many times; if there are
+ ANALYZEcommand> executes index expressions many times; if there are
slow functions in such an expression, it's desirable to be able to
- cancel the ANALYZE before that loop finishes.
+ cancel the ANALYZEcommand> before that loop finishes.
- Ensure tableoid of a foreign table is reported
- correctly when a READ COMMITTED recheck occurs after
- locking rows in SELECT FOR UPDATE>, UPDATE>,
- or DELETE (Etsuro Fujita)
+ Ensure tableoidstructfield> of a foreign table is reported
+ correctly when a READ COMMITTEDliteral> recheck occurs after
+ locking rows in SELECT FOR UPDATEcommand>, UPDATE>,
+ or DELETEcommand> (Etsuro Fujita)
- Recommend setting include_realm to 1 when using
+ Recommend setting include_realmliteral> to 1 when using
Kerberos/GSSAPI/SSPI authentication (Stephen Frost)
Without this, identically-named users from different realms cannot be
distinguished. For the moment this is only a documentation change, but
- it will become the default setting in
PostgreSQL 9.5. + it will become the default setting in
PostgreSQLproductname> 9.5.
- Remove code for matching IPv4 pg_hba.conf entries to
+ Remove code for matching IPv4 pg_hba.conffilename> entries to
IPv4-in-IPv6 addresses (Tom Lane)
crashes on some systems, so let's just remove it rather than fix it.
(Had we chosen to fix it, that would make for a subtle and potentially
security-sensitive change in the effective meaning of
- IPv4 pg_hba.conf entries, which does not seem like a good
+ IPv4 pg_hba.conffilename> entries, which does not seem like a good
thing to do in minor releases.)
- Report WAL flush, not insert, position in IDENTIFY_SYSTEM
+ Report WAL flush, not insert, position in IDENTIFY_SYSTEMliteral>
replication command (Heikki Linnakangas)
This avoids a possible startup failure
+ in
pg_receivexlogapplication>.
While shutting down service on Windows, periodically send status
updates to the Service Control Manager to prevent it from killing the
- service too soon; and ensure that
pg_ctl will wait for + service too soon; and ensure that
pg_ctlapplication> will wait for shutdown (Krystian Bigaj)
- Reduce risk of network deadlock when using
libpq's + Reduce risk of network deadlock when using
libpqapplication>'s non-blocking mode (Heikki Linnakangas)
buffer every so often, in case the server has sent enough response data
to cause it to block on output. (A typical scenario is that the server
is sending a stream of NOTICE messages during COPY FROM
- STDIN.) This worked properly in the normal blocking mode, but not
- so much in non-blocking mode. We've modified
libpq + STDINliteral>.) This worked properly in the normal blocking mode, but not
+ so much in non-blocking mode. We've modified
libpqapplication> to opportunistically drain input when it can, but a full defense
against this problem requires application cooperation: the application
should watch for socket read-ready as well as write-ready conditions,
- and be sure to call PQconsumeInput() upon read-ready.
+ and be sure to call PQconsumeInput()function> upon read-ready.
- In
libpq, fix misparsing of empty values in URI + In
libpqapplication>, fix misparsing of empty values in URI connection strings (Thomas Fanghaenel)
- Fix array handling in
ecpg (Michael Meskes) + Fix array handling in
ecpgapplication> (Michael Meskes)
- Fix
psql to sanely handle URIs and conninfo strings as - the first parameter to \connect
+ Fix
psqlapplication> to sanely handle URIs and conninfo strings as + the first parameter to \connectcommand>
(David Fetter, Andrew Dunstan, Álvaro Herrera)
- Suppress incorrect complaints from
psql on some - platforms that it failed to write ~/.psql_history at exit
+ Suppress incorrect complaints from
psqlapplication> on some + platforms that it failed to write ~/.psql_historyfilename> at exit
(Tom Lane)
This misbehavior was caused by a workaround for a bug in very old
- (pre-2006) versions of
libedit. We fixed it by + (pre-2006) versions of
libeditapplication>. We fixed it by removing the workaround, which will cause a similar failure to appear
- for anyone still using such versions of
libedit. - Recommendation: upgrade that library, or use
libreadline. + for anyone still using such versions of
libeditapplication>. + Recommendation: upgrade that library, or use
libreadlineapplication>.
- Fix
pg_dump's rule for deciding which casts are + Fix
pg_dumpapplication>'s rule for deciding which casts are system-provided casts that should not be dumped (Tom Lane)
- In
pg_dump>, fix failure to honor -Z> - compression level option together with -Fd
+ In
pg_dumpapplication>, fix failure to honor -Z> + compression level option together with -Fdliteral>
(Michael Paquier)
- Make
pg_dump consider foreign key relationships + Make
pg_dumpapplication> consider foreign key relationships between extension configuration tables while choosing dump order
(Gilles Darold, Michael Paquier, Stephen Frost)
- Avoid possible
pg_dump failure when concurrent sessions + Avoid possible
pg_dumpapplication> failure when concurrent sessions are creating and dropping temporary functions (Tom Lane)
- Fix dumping of views that are just VALUES(...) but have
+ Fix dumping of views that are just VALUES(...)literal> but have
column aliases (Tom Lane)
- In
pg_upgrade, force timeline 1 in the new cluster + In
pg_upgradeapplication>, force timeline 1 in the new cluster (Bruce Momjian)
- In
pg_upgrade, check for improperly non-connectable + In
pg_upgradeapplication>, check for improperly non-connectable databases before proceeding
(Bruce Momjian)
- In
pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script
+ In
pg_upgradeapplication>, quote directory paths + properly in the generated delete_old_clusterliteral> script
(Bruce Momjian)
- In
pg_upgrade, preserve database-level freezing info + In
pg_upgradeapplication>, preserve database-level freezing info properly
(Bruce Momjian)
This oversight could cause missing-clog-file errors for tables within
- the postgres> and template1> databases.
+ the postgresliteral> and template1> databases.
- Run
pg_upgrade> and pg_resetxlog> with + Run
pg_upgradeapplication> and pg_resetxlog> with restricted privileges on Windows, so that they don't fail when run by
an administrator (Muhammad Asif Naeem)
- Improve handling of readdir() failures when scanning
- directories in
initdb> and pg_basebackup> + Improve handling of readdir()function> failures when scanning
+ directories in
initdbapplication> and pg_basebackup> (Marco Nenciarini)
- Fix slow sorting algorithm in contrib/intarray (Tom Lane)
+ Fix slow sorting algorithm in contrib/intarrayfilename> (Tom Lane)
- Update time zone data files to
tzdata release 2015d + Update time zone data files to
tzdataapplication> release 2015d for DST law changes in Egypt, Mongolia, and Palestine, plus historical
changes in Canada and Chile. Also adopt revised zone abbreviations for
the America/Adak zone (HST/HDT not HAST/HADT).
However, if you are a Windows user and are using the Norwegian
- (Bokmål) locale, manual action is needed after the upgrade to
- replace any Norwegian (Bokmål)_Norway locale names stored
- in
PostgreSQL system catalogs with the plain-ASCII - alias Norwegian_Norway. For details see
+ (Bokmål)quote> locale, manual action is needed after the upgrade to
+ replace any Norwegian (Bokmål)_Norwayquote> locale names stored
+ in
PostgreSQLproductname> system catalogs with the plain-ASCII + alias Norwegian_Norwayquote>. For details see
- Fix buffer overruns in to_char()
+ Fix buffer overruns in to_char()function>
(Bruce Momjian)
- When to_char() processes a numeric formatting template
- calling for a large number of digits,
PostgreSQL + When to_char()function> processes a numeric formatting template
+ calling for a large number of digits,
PostgreSQLproductname> would read past the end of a buffer. When processing a crafted
- timestamp formatting template,
PostgreSQL would write + timestamp formatting template,
PostgreSQLproductname> would write past the end of a buffer. Either case could crash the server.
We have not ruled out the possibility of attacks that lead to
privilege escalation, though they seem unlikely.
- Fix buffer overrun in replacement *printf() functions
+ Fix buffer overrun in replacement *printf()function> functions
(Tom Lane)
-
PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun
+
PostgreSQLproductname> includes a replacement implementation + of printffunction> and related functions. This code will overrun
a stack buffer when formatting a floating point number (conversion
- specifiers e>, E, f, F>,
- g> or G>) with requested precision greater than
+ specifiers eliteral>, E , f , F>,
+ gliteral> or G>) with requested precision greater than
about 500. This will crash the server, and we have not ruled out the
possibility of attacks that lead to privilege escalation.
A database user can trigger such a buffer overrun through
- the to_char() SQL function. While that is the only
- affected core
PostgreSQL functionality, extension + the to_char()function> SQL function. While that is the only
+ affected core
PostgreSQLproductname> functionality, extension modules that use printf-family functions may be at risk as well.
- This issue primarily affects
PostgreSQL on Windows. -
PostgreSQL uses the system implementation of these + This issue primarily affects
PostgreSQLproductname> on Windows. +
PostgreSQLproductname> uses the system implementation of these functions where adequate, which it is on other modern platforms.
(CVE-2015-0242)
- Fix buffer overruns in contrib/pgcrypto
+ Fix buffer overruns in contrib/pgcryptofilename>
(Marko Tiikkaja, Noah Misch)
- Errors in memory size tracking within the pgcrypto
+ Errors in memory size tracking within the pgcryptofilename>
module permitted stack buffer overruns and improper dependence on the
contents of uninitialized memory. The buffer overrun cases can
crash the server, and we have not ruled out the possibility of
Some server error messages show the values of columns that violate
a constraint, such as a unique constraint. If the user does not have
- SELECT privilege on all columns of the table, this could
+ SELECTliteral> privilege on all columns of the table, this could
mean exposing values that the user should not be able to see. Adjust
the code so that values are displayed only when they came from the SQL
command or could be selected by the user.
- Cope with the Windows locale named Norwegian (Bokmål)
+ Cope with the Windows locale named Norwegian (Bokmål)quote>
(Heikki Linnakangas)
Non-ASCII locale names are problematic since it's not clear what
encoding they should be represented in. Map the troublesome locale
- name to a plain-ASCII alias, Norwegian_Norway.
+ name to a plain-ASCII alias, Norwegian_Norwayquote>.
Avoid possible data corruption if ALTER DATABASE SET
- TABLESPACE is used to move a database to a new tablespace and then
+ TABLESPACEcommand> is used to move a database to a new tablespace and then
shortly later move it back to its original tablespace (Tom Lane)
- Avoid corrupting tables when ANALYZE inside a transaction
+ Avoid corrupting tables when ANALYZEcommand> inside a transaction
is rolled back (Andres Freund, Tom Lane, Michael Paquier)
If the failing transaction had earlier removed the last index, rule, or
trigger from the table, the table would be left in a corrupted state
- with the relevant pg_class flags not set though they
+ with the relevant pg_classstructname> flags not set though they
should be.
Ensure that unlogged tables are copied correctly
- during CREATE DATABASE or ALTER DATABASE SET
- TABLESPACE (Pavan Deolasee, Andres Freund)
+ during CREATE DATABASEcommand> or ALTER DATABASE SET
+ TABLESPACEcommand> (Pavan Deolasee, Andres Freund)
Fix incorrect processing
- of CreateEventTrigStmt>.eventname> (Petr
+ of CreateEventTrigStmtstructname>.eventname> (Petr
Jelinek)
- This could result in misbehavior if CREATE EVENT TRIGGER
+ This could result in misbehavior if CREATE EVENT TRIGGERcommand>
were executed as a prepared query, or via extended query protocol.
- Fix DROP's dependency searching to correctly handle the
+ Fix DROPcommand>'s dependency searching to correctly handle the
case where a table column is recursively visited before its table
(Petr Jelinek, Tom Lane)
This case is only known to arise when an extension creates both a
datatype and a table using that datatype. The faulty code might
- refuse a DROP EXTENSION> unless CASCADE> is
+ refuse a DROP EXTENSIONcommand> unless CASCADE> is
specified, which should not be required.
- In READ COMMITTED mode, queries that lock or update
+ In READ COMMITTEDliteral> mode, queries that lock or update
recently-updated rows could crash as a result of this bug.
Fix failure to wait when a transaction tries to acquire a FOR
- NO KEY EXCLUSIVE tuple lock, while multiple other transactions
- currently hold FOR SHARE locks (Álvaro Herrera)
+ NO KEY EXCLUSIVEliteral> tuple lock, while multiple other transactions
+ currently hold FOR SHAREliteral> locks (Álvaro Herrera)
- Fix planning of SELECT FOR UPDATE when using a partial
+ Fix planning of SELECT FOR UPDATEcommand> when using a partial
index on a child table (Kyotaro Horiguchi)
- In READ COMMITTED> mode, SELECT FOR UPDATE> must
- also recheck the partial index's WHERE condition when
+ In READ COMMITTEDliteral> mode, SELECT FOR UPDATE> must
+ also recheck the partial index's WHEREliteral> condition when
rechecking a recently-updated row to see if it still satisfies the
- query's WHERE condition. This requirement was missed if the
+ query's WHEREliteral> condition. This requirement was missed if the
index belonged to an inheritance child table, so that it was possible
to incorrectly return rows that no longer satisfy the query condition.
- Fix corner case wherein SELECT FOR UPDATE could return a row
+ Fix corner case wherein SELECT FOR UPDATEcommand> could return a row
twice, and possibly miss returning other rows (Tom Lane)
- In READ COMMITTED> mode, a SELECT FOR UPDATE>
+ In READ COMMITTEDliteral> mode, a SELECT FOR UPDATE>
that is scanning an inheritance tree could incorrectly return a row
from a prior child table instead of the one it should return from a
later child table.
- Improve performance of EXPLAIN with large range tables
+ Improve performance of EXPLAINcommand> with large range tables
(Tom Lane)
Reject duplicate column names in the referenced-columns list of
- a FOREIGN KEY declaration (David Rowley)
+ a FOREIGN KEYliteral> declaration (David Rowley)
- Re-enable error for SELECT ... OFFSET -1 (Tom Lane)
+ Re-enable error for SELECT ... OFFSET -1literal> (Tom Lane)
- Fix json_agg() to not return extra trailing right
+ Fix json_agg()function> to not return extra trailing right
brackets in its result (Tom Lane)
- Fix bugs in raising a numeric value to a large integral power
+ Fix bugs in raising a numerictype> value to a large integral power
(Tom Lane)
- In numeric_recv(), truncate away any fractional digits
- that would be hidden according to the value's dscale field
+ In numeric_recv()function>, truncate away any fractional digits
+ that would be hidden according to the value's dscaleliteral> field
(Tom Lane)
- A numeric> value's display scale (dscale>) should
+ A numerictype> value's display scale (dscale>) should
never be less than the number of nonzero fractional digits; but
apparently there's at least one broken client application that
- transmits binary numeric values in which that's true.
+ transmits binary numerictype> values in which that's true.
This leads to strange behavior since the extra digits are taken into
account by arithmetic operations even though they aren't printed.
- The least risky fix seems to be to truncate away such hidden
+ The least risky fix seems to be to truncate away such hiddenquote>
digits on receipt, so that the value is indeed what it prints as.
Matching would often fail when the number of allowed iterations is
- limited by a ? quantifier or a bound expression.
+ limited by a ?literal> quantifier or a bound expression.
- Fix bugs in tsquery> @> tsquery>
+ Fix bugs in tsquerytype> @> tsquery>
operator (Heikki Linnakangas)
- Fix namespace handling in xpath() (Ali Akbar)
+ Fix namespace handling in xpath()function> (Ali Akbar)
- Previously, the xml value resulting from
- an xpath() call would not have namespace declarations if
+ Previously, the xmltype> value resulting from
+ an xpath()function> call would not have namespace declarations if
the namespace declarations were attached to an ancestor element in the
- input xml value, rather than to the specific element being
+ input xmltype> value, rather than to the specific element being
returned. Propagate the ancestral declaration so that the result is
correct when considered in isolation.
- In some contexts, constructs like row_to_json(tab.*) may
+ In some contexts, constructs like row_to_json(tab.*)literal> may
not produce the expected column names. This is fixed properly as of
9.4; in older branches, just ensure that we produce some nonempty
name. (In some cases this will be the underlying table's column name
Fix mishandling of system columns,
- particularly tableoid, in FDW queries (Etsuro Fujita)
+ particularly tableoidstructfield>, in FDW queries (Etsuro Fujita)
- This patch fixes corner-case unexpected operator NNNN planner
+ This patch fixes corner-case unexpected operator NNNNquote> planner
errors, and improves the selectivity estimates for some other cases.
- Avoid doing indexed_column = ANY
- (array) as an index qualifier if that leads
+ Avoid doing indexed_columnreplaceable> = ANY
+ (arrayreplaceable>) as an index qualifier if that leads
to an inferior plan (Andrew Gierth)
- In some cases, = ANY conditions applied to non-first index
+ In some cases, = ANYliteral> conditions applied to non-first index
columns would be done as index conditions even though it would be
better to use them as simple filter conditions.
- Fix variable not found in subplan target list planner
+ Fix variable not found in subplan target listquote> planner
failure when an inline-able SQL function taking a composite argument
- is used in a LATERAL subselect and the composite argument
+ is used in a LATERALliteral> subselect and the composite argument
is a lateral reference (Tom Lane)
Fix planner problems with nested append relations, such as inherited
- tables within UNION ALL subqueries (Tom Lane)
+ tables within UNION ALLliteral> subqueries (Tom Lane)
- Exempt tables that have per-table cost_limit
- and/or cost_delay settings from autovacuum's global cost
+ Exempt tables that have per-table cost_limitvarname>
+ and/or cost_delayvarname> settings from autovacuum's global cost
balancing rules (Álvaro Herrera)
the target database, if they met the usual thresholds for
autovacuuming. This is at best pretty unexpected; at worst it delays
response to the wraparound threat. Fix it so that if autovacuum is
- turned off, workers only do anti-wraparound vacuums and
+ turned off, workers onlyemphasis> do anti-wraparound vacuums and
not any other work.
Fix several cases where recovery logic improperly ignored WAL records
- for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+ for COMMIT/ABORT PREPAREDliteral> (Heikki Linnakangas)
The most notable oversight was
- that recovery_target_xid could not be used to stop at
+ that recovery_target_xidvarname> could not be used to stop at
a two-phase commit.
- Avoid creating unnecessary .ready marker files for
+ Avoid creating unnecessary .readyfilename> marker files for
timeline history files (Fujii Masao)
Fix possible null pointer dereference when an empty prepared statement
- is used and the log_statement> setting is mod>
- or ddl (Fujii Masao)
+ is used and the log_statementvarname> setting is mod>
+ or ddlliteral> (Fujii Masao)
- Change pgstat wait timeout warning message to be LOG level,
+ Change pgstat wait timeoutquote> warning message to be LOG level,
and rephrase it to be more understandable (Tom Lane)
case, but it occurs often enough on our slower buildfarm members to be
a nuisance. Reduce it to LOG level, and expend a bit more effort on
the wording: it now reads using stale statistics instead of
- current ones because stats collector is not responding.
+ current ones because stats collector is not respondingquote>.
- Warn if macOS's setlocale() starts an unwanted extra
+ Warn if macOS's setlocale()function> starts an unwanted extra
thread inside the postmaster (Noah Misch)
- Fix processing of repeated dbname parameters
- in PQconnectdbParams() (Alex Shulgin)
+ Fix processing of repeated dbnameliteral> parameters
+ in PQconnectdbParams()function> (Alex Shulgin)
Unexpected behavior ensued if the first occurrence
- of dbname contained a connection string or URI to be
+ of dbnameliteral> contained a connection string or URI to be
expanded.
- Ensure that
libpq reports a suitable error message on + Ensure that
libpqapplication> reports a suitable error message on unexpected socket EOF (Marko Tiikkaja, Tom Lane)
- Depending on kernel behavior,
libpq might return an + Depending on kernel behavior,
libpqapplication> might return an empty error string rather than something useful when the server
unexpectedly closed the socket.
- Clear any old error message during PQreset()
+ Clear any old error message during PQreset()function>
(Heikki Linnakangas)
- If PQreset() is called repeatedly, and the connection
+ If PQreset()function> is called repeatedly, and the connection
cannot be re-established, error messages from the failed connection
- attempts kept accumulating in the PGconn's error
+ attempts kept accumulating in the PGconnstructname>'s error
string.
Properly handle out-of-memory conditions while parsing connection
- options in
libpq (Alex Shulgin, Heikki Linnakangas) + options in
libpqapplication> (Alex Shulgin, Heikki Linnakangas)
- Fix array overrun in
ecpg's version - of ParseDateTime() (Michael Paquier)
+ Fix array overrun in
ecpgapplication>'s version + of ParseDateTime()function> (Michael Paquier)
- In
initdb, give a clearer error message if a password + In
initdbapplication>, give a clearer error message if a password file is specified but is empty (Mats Erik Andersson)
- Fix
psql>'s \s> command to work nicely with + Fix
psqlapplication>'s \s> command to work nicely with libedit, and add pager support (Stepan Rutz, Tom Lane)
- When using libedit rather than readline, \s printed the
+ When using libedit rather than readline, \scommand> printed the
command history in a fairly unreadable encoded format, and on recent
libedit versions might fail altogether. Fix that by printing the
history ourselves rather than having the library do it. A pleasant
This patch also fixes a bug that caused newline encoding to be applied
inconsistently when saving the command history with libedit.
- Multiline history entries written by older
psql + Multiline history entries written by older
psqlapplication> versions will be read cleanly with this patch, but perhaps not
vice versa, depending on the exact libedit versions involved.
- Improve consistency of parsing of
psql's special + Improve consistency of parsing of
psqlapplication>'s special variables (Tom Lane)
- Allow variant spellings of on> and off> (such
- as 1>/0) for ECHO_HIDDEN>
- and ON_ERROR_ROLLBACK. Report a warning for unrecognized
- values for COMP_KEYWORD_CASE>, ECHO>,
- ECHO_HIDDEN>, HISTCONTROL>,
- ON_ERROR_ROLLBACK>, and VERBOSITY>. Recognize
+ Allow variant spellings of onliteral> and off> (such
+ as 1literal>/0 ) for ECHO_HIDDEN>
+ and ON_ERROR_ROLLBACKliteral>. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASEliteral>, ECHO>,
+ ECHO_HIDDENliteral>, HISTCONTROL>,
+ ON_ERROR_ROLLBACKliteral>, and VERBOSITY>. Recognize
all values for all these variables case-insensitively; previously
there was a mishmash of case-sensitive and case-insensitive behaviors.
- Make
psql>'s \watch> command display - nulls as specified by \pset null (Fujii Masao)
+ Make
psqlapplication>'s \watch> command display + nulls as specified by \pset nullcommand> (Fujii Masao)
- Fix
psql's expanded-mode display to work - consistently when using border = 3
- and linestyle> = ascii or unicode>
+ Fix
psqlapplication>'s expanded-mode display to work + consistently when using borderliteral> = 3
+ and linestyleliteral> = ascii or unicode>
(Stephen Frost)
- Fix
pg_dump to handle comments on event triggers + Fix
pg_dumpapplication> to handle comments on event triggers without failing (Tom Lane)
- Allow parallel
pg_dump to - use --serializable-deferrable (Kevin Grittner)
+ Allow parallel
pg_dumpapplication> to + use --serializable-deferrableoption> (Kevin Grittner)
- Improve performance of
pg_dump when the database + Improve performance of
pg_dumpapplication> when the database contains many instances of multiple dependency paths between the same
two objects (Tom Lane)
- Fix
pg_dumpall to restore its ability to dump from + Fix
pg_dumpallapplication> to restore its ability to dump from pre-8.1 servers (Gilles Darold)
- Fix core dump in pg_dump --binary-upgrade on zero-column
+ Fix core dump in pg_dump --binary-upgradeliteral> on zero-column
composite type (Rushabh Lathia)
Fix failure to fsync tables in nondefault tablespaces
- during
pg_upgrade (Abhijit Menon-Sen, Andres Freund) + during
pg_upgradeapplication> (Abhijit Menon-Sen, Andres Freund)
- In
pg_upgrade, cope with cases where the new cluster + In
pg_upgradeapplication>, cope with cases where the new cluster creates a TOAST table for a table that didn't previously have one
(Bruce Momjian)
- In
pg_upgrade, don't try to - set autovacuum_multixact_freeze_max_age for the old cluster
+ In
pg_upgradeapplication>, don't try to + set autovacuum_multixact_freeze_max_ageliteral> for the old cluster
(Bruce Momjian)
- In
pg_upgrade, preserve the transaction ID epoch + In
pg_upgradeapplication>, preserve the transaction ID epoch (Bruce Momjian)
- This oversight did not bother
PostgreSQL proper, + This oversight did not bother
PostgreSQLproductname> proper, but could confuse some external replication tools.
- Prevent WAL files created by pg_basebackup -x/-X from
+ Prevent WAL files created by pg_basebackup -x/-Xliteral> from
being archived again when the standby is promoted (Andres Freund)
- Fix memory leak in
pg_receivexlog (Fujii Masao) + Fix memory leak in
pg_receivexlogapplication> (Fujii Masao)
- Fix unintended suppression of
pg_receivexlog verbose + Fix unintended suppression of
pg_receivexlogapplication> verbose messages (Fujii Masao)
- Fix failure of contrib/auto_explain to print per-node
- timing information when doing EXPLAIN ANALYZE (Tom Lane)
+ Fix failure of contrib/auto_explainfilename> to print per-node
+ timing information when doing EXPLAIN ANALYZEcommand> (Tom Lane)
- Fix upgrade-from-unpackaged script for contrib/citext
+ Fix upgrade-from-unpackaged script for contrib/citextfilename>
(Tom Lane)
Avoid integer overflow and buffer overrun
- in contrib/hstore>'s hstore_to_json()>
+ in contrib/hstorefilename>'s hstore_to_json()>
(Heikki Linnakangas)
- Fix recognition of numbers in hstore_to_json_loose(),
+ Fix recognition of numbers in hstore_to_json_loose()function>,
so that JSON numbers and strings are correctly distinguished
(Andrew Dunstan)
Fix block number checking
- in contrib/pageinspect>'s get_raw_page()>
+ in contrib/pageinspectfilename>'s get_raw_page()>
(Tom Lane)
- Fix contrib/pgcrypto>'s pgp_sym_decrypt()>
+ Fix contrib/pgcryptofilename>'s pgp_sym_decrypt()>
to not fail on messages whose length is 6 less than a power of 2
(Marko Tiikkaja)
- Fix file descriptor leak in contrib/pg_test_fsync
+ Fix file descriptor leak in contrib/pg_test_fsyncfilename>
(Jeff Janes)
Handle unexpected query results, especially NULLs, safely in
- contrib/tablefunc>'s connectby()>
+ contrib/tablefuncfilename>'s connectby()>
(Michael Paquier)
- connectby() previously crashed if it encountered a NULL
+ connectby()function> previously crashed if it encountered a NULL
key value. It now prints that row but doesn't recurse further.
- Avoid a possible crash in contrib/xml2's
- xslt_process() (Mark Simonetti)
+ Avoid a possible crash in contrib/xml2filename>'s
+ xslt_process()function> (Mark Simonetti)
-
libxslt seems to have an undocumented dependency on +
libxsltapplication> seems to have an undocumented dependency on the order in which resources are freed; reorder our calls to avoid a
crash.
- Mark some contrib I/O functions with correct volatility
+ Mark some contribfilename> I/O functions with correct volatility
properties (Tom Lane)
With OpenLDAP versions 2.4.24 through 2.4.31,
- inclusive,
PostgreSQL backends can crash at exit. - Raise a warning during
configure based on the + inclusive,
PostgreSQLproductname> backends can crash at exit. + Raise a warning during
configureapplication> based on the compile-time OpenLDAP version number, and test the crashing scenario
- in the contrib/dblink regression test.
+ in the contrib/dblinkfilename> regression test.
- In non-MSVC Windows builds, ensure libpq.dll is installed
+ In non-MSVC Windows builds, ensure libpq.dllfilename> is installed
with execute permissions (Noah Misch)
- Make
pg_regress remove any temporary installation it + Make
pg_regressapplication> remove any temporary installation it created upon successful exit (Tom Lane)
This results in a very substantial reduction in disk space usage
- during make check-world, since that sequence involves
+ during make check-worldliteral>, since that sequence involves
creation of numerous temporary installations.
- Previously,
PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST)
+ Previously,
PostgreSQLproductname> assumed that the UTC offset + associated with a time zone abbreviation (such as ESTliteral>)
never changes in the usage of any particular locale. However this
assumption fails in the real world, so introduce the ability for a
zone abbreviation to represent a UTC offset that sometimes changes.
Update the zone abbreviation definition files to make use of this
feature in timezone locales that have changed the UTC offset of their
abbreviations since 1970 (according to the IANA timezone database).
- In such timezones,
PostgreSQL will now associate the + In such timezones,
PostgreSQLproductname> will now associate the correct UTC offset with the abbreviation depending on the given date.
Add CST (China Standard Time) to our lists.
- Remove references to ADT as Arabia Daylight Time, an
+ Remove references to ADT as Arabia Daylight Timequote>, an
abbreviation that's been out of use since 2007; therefore, claiming
- there is a conflict with Atlantic Daylight Time doesn't seem
+ there is a conflict with Atlantic Daylight Timequote> doesn't seem
especially helpful.
Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
(Fiji); we didn't even have them on the proper side of the date line.
- Update time zone data files to
tzdata release 2015a. + Update time zone data files to
tzdataapplication> release 2015a.
The IANA timezone database has adopted abbreviations of the form
- Ax>ST /Ax>DT
+ Axreplaceable>ST /Ax>DT
for all Australian time zones, reflecting what they believe to be
current majority practice Down Under. These names do not conflict
with usage elsewhere (other than ACST for Acre Summer Time, which has
been in disuse since 1994). Accordingly, adopt these names into
- our Default timezone abbreviation set.
- The Australia abbreviation set now contains only CST, EAST,
+ our Defaultquote> timezone abbreviation set.
+ The Australiaquote> abbreviation set now contains only CST, EAST,
EST, SAST, SAT, and WST, all of which are thought to be mostly
historical usage. Note that SAST has also been changed to be South
- Africa Standard Time in the Default abbreviation set.
+ Africa Standard Time in the Defaultquote> abbreviation set.
However, this release corrects a logic error
- in
pg_upgrade, as well as an index corruption problem in + in
pg_upgradeapplication>, as well as an index corruption problem in some GiST indexes. See the first two changelog entries below to find out
whether your installation has been affected and what steps you should take
if so.
- In
pg_upgrade>, remove pg_multixact> files - left behind by
initdb (Bruce Momjian) + In
pg_upgradeapplication>, remove pg_multixact> files + left behind by
initdbapplication> (Bruce Momjian)
- If you used a pre-9.3.5 version of
pg_upgrade to + If you used a pre-9.3.5 version of
pg_upgradeapplication> to upgrade a database cluster to 9.3, it might have left behind a file
- $PGDATA/pg_multixact/offsets/0000 that should not be
- there and will eventually cause problems in VACUUM.
+ $PGDATA/pg_multixact/offsets/0000filename> that should not be
+ there and will eventually cause problems in VACUUMcommand>.
However, in common cases this file is actually valid and
must not be removed.
To determine whether your installation has this problem, run this
EXISTS (SELECT * FROM list WHERE file != '0000')
AS file_0000_removal_required;
- If this query returns t, manually remove the file
- $PGDATA/pg_multixact/offsets/0000.
- Do nothing if the query returns f.
+ If this query returns tliteral>, manually remove the file
+ $PGDATA/pg_multixact/offsets/0000filename>.
+ Do nothing if the query returns fliteral>.
- Correctly initialize padding bytes in contrib/btree_gist
- indexes on bit columns (Heikki Linnakangas)
+ Correctly initialize padding bytes in contrib/btree_gistfilename>
+ indexes on bittype> columns (Heikki Linnakangas)
This error could result in incorrect query results due to values that
should compare equal not being seen as equal.
- Users with GiST indexes on bit> or bit varying>
- columns should REINDEX those indexes after installing this
+ Users with GiST indexes on bittype> or bit varying>
+ columns should REINDEXcommand> those indexes after installing this
update.
- Fix wraparound handling for pg_multixact/members
+ Fix wraparound handling for pg_multixact/membersfilename>
(Álvaro Herrera)
- Truncate pg_multixact during checkpoints, not
- during VACUUM (Álvaro Herrera)
+ Truncate pg_multixactstructname> during checkpoints, not
+ during VACUUMcommand> (Álvaro Herrera)
- This change ensures that pg_multixact segments can't be
+ This change ensures that pg_multixactstructname> segments can't be
removed if they'd still be needed during WAL replay after a crash.
Fix possibly-incorrect cache invalidation during nested calls
- to ReceiveSharedInvalidMessages (Andres Freund)
+ to ReceiveSharedInvalidMessagesfunction> (Andres Freund)
- Fix could not find pathkey item to sort planner failures
- with UNION ALL over subqueries reading from tables with
+ Fix could not find pathkey item to sortquote> planner failures
+ with UNION ALLliteral> over subqueries reading from tables with
inheritance children (Tom Lane)
Improve planner to drop constant-NULL inputs
- of AND>/OR> when possible (Tom Lane)
+ of ANDliteral>/OR> when possible (Tom Lane)
- Ensure that the planner sees equivalent VARIADIC and
- non-VARIADIC function calls as equivalent (Tom Lane)
+ Ensure that the planner sees equivalent VARIADICliteral> and
+ non-VARIADICliteral> function calls as equivalent (Tom Lane)
- Fix handling of nested JSON objects
- in json_populate_recordset() and friends
+ Fix handling of nested JSONtype> objects
+ in json_populate_recordset()function> and friends
(Michael Paquier, Tom Lane)
- A nested JSON object could result in previous fields of the
+ A nested JSONtype> object could result in previous fields of the
parent object not being shown in the output.
- Fix identification of input type category in to_json()
+ Fix identification of input type category in to_json()function>
and friends (Tom Lane)
- This is known to have led to inadequate quoting of money
- fields in the JSON result, and there may have been wrong
+ This is known to have led to inadequate quoting of moneytype>
+ fields in the JSONtype> result, and there may have been wrong
results for other data types as well.
This corrects cases where TOAST pointers could be copied into other
tables without being dereferenced. If the original data is later
deleted, it would lead to errors like missing chunk number 0
- for toast value ... when the now-dangling pointer is used.
+ for toast value ...quote> when the now-dangling pointer is used.
- Fix record type has not been registered failures with
+ Fix record type has not been registeredquote> failures with
whole-row references to the output of Append plan nodes (Tom Lane)
Fix query-lifespan memory leak while evaluating the arguments for a
- function in FROM (Tom Lane)
+ function in FROMliteral> (Tom Lane)
- Fix data encoding error in hungarian.stop (Tom Lane)
+ Fix data encoding error in hungarian.stopfilename> (Tom Lane)
This could cause problems (at least spurious warnings, and at worst an
- infinite loop) if CREATE INDEX> or CLUSTER> were
+ infinite loop) if CREATE INDEXcommand> or CLUSTER> were
done later in the same transaction.
- Clear pg_stat_activity>.xact_start>
- during PREPARE TRANSACTION (Andres Freund)
+ Clear pg_stat_activitystructname>.xact_start>
+ during PREPARE TRANSACTIONcommand> (Andres Freund)
- After the PREPARE, the originating session is no longer in
+ After the PREPAREcommand>, the originating session is no longer in
a transaction, so it should not continue to display a transaction
start time.
- Fix REASSIGN OWNED to not fail for text search objects
+ Fix REASSIGN OWNEDcommand> to not fail for text search objects
(Álvaro Herrera)
- Prevent pg_class>.relminmxid> values from
- going backwards during VACUUM FULL (Álvaro Herrera)
+ Prevent pg_classstructname>.relminmxid> values from
+ going backwards during VACUUM FULLcommand> (Álvaro Herrera)
Fix dumping of rules/views when subsequent addition of a column has
- resulted in multiple input columns matching a USING
+ resulted in multiple input columns matching a USINGliteral>
specification (Tom Lane)
Repair view printing for some cases involving functions
- in FROM that return a composite type containing dropped
+ in FROMliteral> that return a composite type containing dropped
columns (Tom Lane)
This ensures that the postmaster will properly clean up after itself
- if, for example, it receives SIGINT while still
+ if, for example, it receives SIGINTsystemitem> while still
starting up.
- Fix client host name lookup when processing pg_hba.conf
+ Fix client host name lookup when processing pg_hba.conffilename>
entries that specify host names instead of IP addresses (Tom Lane)
- Allow the root user to use postgres -C variable and
- postgres --describe-config (MauMau)
+ Allow the root user to use postgres -C variableliteral> and
+ postgres --describe-configliteral> (MauMau)
The prohibition on starting the server as root does not need to extend
to these operations, and relaxing it prevents failure
- of
pg_ctl in some scenarios. + of
pg_ctlapplication> in some scenarios.
Secure Unix-domain sockets of temporary postmasters started during
- make check (Noah Misch)
+ make checkliteral> (Noah Misch)
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory
- of /tmp. The hazard remains however on platforms where
+ of /tmpfilename>. The hazard remains however on platforms where
Unix sockets are not supported, notably Windows, because then the
temporary postmaster must accept local TCP connections.
A useful side effect of this change is to simplify
- make check testing in builds that
- override DEFAULT_PGSOCKET_DIR. Popular non-default values
- like /var/run/postgresql are often not writable by the
+ make checkliteral> testing in builds that
+ override DEFAULT_PGSOCKET_DIRliteral>. Popular non-default values
+ like /var/run/postgresqlfilename> are often not writable by the
build user, requiring workarounds that will no longer be necessary.
- This oversight could cause
initdb - and
pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs.
+ This oversight could cause
initdbapplication> + and
pg_upgradeapplication> to fail on Windows, if the installation + path contained both spaces and @literal> signs.
- Fix linking of
libpython on macOS (Tom Lane) + Fix linking of
libpythonapplication> on macOS (Tom Lane)
- Avoid buffer bloat in
libpq when the server + Avoid buffer bloat in
libpqapplication> when the server consistently sends data faster than the client can absorb it
(Shin-ichi Morita, Tom Lane)
-
libpq could be coerced into enlarging its input buffer +
libpqapplication> could be coerced into enlarging its input buffer until it runs out of memory (which would be reported misleadingly
- as lost synchronization with server). Under ordinary
+ as lost synchronization with serverquote>). Under ordinary
circumstances it's quite far-fetched that data could be continuously
- transmitted more quickly than the recv() loop can
+ transmitted more quickly than the recv()function> loop can
absorb it, but this has been observed when the client is artificially
slowed by scheduler constraints.
- Ensure that LDAP lookup attempts in
libpq time out as + Ensure that LDAP lookup attempts in
libpqapplication> time out as intended (Laurenz Albe)
- Fix
ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more
+ Fix
ecpgapplication> to do the right thing when an array + of char *type> is the target for a FETCH statement returning more
than one row, as well as some other array-handling fixes
(Ashutosh Bapat)
- Fix
pg_dump to cope with a materialized view that + Fix
pg_dumpapplication> to cope with a materialized view that depends on a table's primary key (Tom Lane)
This occurs if the view's query relies on functional dependency to
- abbreviate a
GROUP BY> list. pg_dump> got + abbreviate a
GROUP BYliteral> list. pg_dump> got sufficiently confused that it dumped the materialized view as a
regular view.
- Fix parsing of
pg_dumpall>'s -i> switch + Fix parsing of
pg_dumpallapplication>'s -i> switch (Tom Lane)
- Fix
pg_restore's processing of old-style large object + Fix
pg_restoreapplication>'s processing of old-style large object comments (Tom Lane)
A direct-to-database restore from an archive file generated by a
- pre-9.0 version of
pg_dump would usually fail if the + pre-9.0 version of
pg_dumpapplication> would usually fail if the archive contained more than a few comments for large objects.
- Fix
pg_upgrade for cases where the new server creates + Fix
pg_upgradeapplication> for cases where the new server creates a TOAST table but the old version did not (Bruce Momjian)
- This rare situation would manifest as relation OID mismatch
+ This rare situation would manifest as relation OID mismatchquote>
errors.
- preserve pg_database>.datminmxid>
- and pg_class>.relminmxid> values from the
+ In
pg_upgradeapplication>, + preserve pg_databasestructname>.datminmxid>
+ and pg_classstructname>.relminmxid> values from the
old cluster, or insert reasonable values when upgrading from pre-9.3;
also defend against unreasonable values in the core server
(Bruce Momjian, Álvaro Herrera, Tom Lane)
- Prevent contrib/auto_explain from changing the output of
- a user's EXPLAIN (Tom Lane)
+ Prevent contrib/auto_explainfilename> from changing the output of
+ a user's EXPLAINcommand> (Tom Lane)
- If auto_explain is active, it could cause
- an EXPLAIN (ANALYZE, TIMING OFF) command to nonetheless
+ If auto_explainfilename> is active, it could cause
+ an EXPLAIN (ANALYZE, TIMING OFF)literal> command to nonetheless
print timing information.
- Fix query-lifespan memory leak in contrib/dblink
+ Fix query-lifespan memory leak in contrib/dblinkfilename>
(MauMau, Joe Conway)
- In contrib/pgcrypto functions, ensure sensitive
+ In contrib/pgcryptofilename> functions, ensure sensitive
information is cleared from stack variables before returning
(Marko Kreen)
Prevent use of already-freed memory in
- contrib/pgstattuple>'s pgstat_heap()>
+ contrib/pgstattuplefilename>'s pgstat_heap()>
(Noah Misch)
- In contrib/uuid-ossp, cache the state of the OSSP UUID
+ In contrib/uuid-osspfilename>, cache the state of the OSSP UUID
library across calls (Tom Lane)
This improves the efficiency of UUID generation and reduces the amount
- of entropy drawn from /dev/urandom, on platforms that
+ of entropy drawn from /dev/urandomfilename>, on platforms that
have that.
- Update time zone data files to
tzdata release 2014e + Update time zone data files to
tzdataapplication> release 2014e for DST law changes in Crimea, Egypt, and Morocco.
Avoid race condition in checking transaction commit status during
- receipt of a NOTIFY message (Marko Tiikkaja)
+ receipt of a NOTIFYcommand> message (Marko Tiikkaja)
- Allow materialized views to be referenced in UPDATE
- and DELETE commands (Michael Paquier)
+ Allow materialized views to be referenced in UPDATEcommand>
+ and DELETEcommand> commands (Michael Paquier)
- Remove incorrect code that tried to allow OVERLAPS with
+ Remove incorrect code that tried to allow OVERLAPSliteral> with
single-element row arguments (Joshua Yanovski)
- Avoid getting more than AccessShareLock when de-parsing a
+ Avoid getting more than AccessShareLockliteral> when de-parsing a
rule or view (Dean Rasheed)
- This oversight resulted in
pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as
- the targets of INSERT>/UPDATE/DELETE>
+ This oversight resulted in
pg_dumpapplication> unexpectedly + acquiring RowExclusiveLockliteral> locks on tables mentioned as
+ the targets of INSERTliteral>/UPDATE /DELETE>
commands in rules. While usually harmless, that could interfere with
concurrent transactions that tried to acquire, for example,
- ShareLock on those tables.
+ ShareLockliteral> on those tables.
Use non-default selectivity estimates for
- value> IN (list>)
- value> operator> ANY
- (array)
+ valuereplaceable> IN (list>)
+ valuereplaceable> operator> ANY
+ (arrayreplaceable>)
expressions when the righthand side is a stable expression (Tom Lane)
Remove the correct per-database statistics file during DROP
- DATABASE (Tomas Vondra)
+ DATABASEcommand> (Tomas Vondra)
This fix prevents a permanent leak of statistics file space.
- Users who have done many DROP DATABASE commands since
- upgrading to
PostgreSQL 9.3 may wish to check their + Users who have done many DROP DATABASEcommand> commands since
+ upgrading to
PostgreSQLproductname> 9.3 may wish to check their statistics directory and delete statistics files that do not
correspond to any existing database. Please note
- that db_0.stat should not be removed.
+ that db_0.statfilename> should not be removed.
- Fix
walsender ping logic to avoid inappropriate + Fix
walsenderapplication> ping logic to avoid inappropriate disconnects under continuous load (Andres Freund, Heikki Linnakangas)
-
walsender failed to send ping messages to the client +
walsenderapplication> failed to send ping messages to the client if it was constantly busy sending WAL data; but it expected to see
ping responses despite that, and would therefore disconnect
once elapsed.
- Fix
walsender's failure to shut down cleanly when client - is
pg_receivexlog (Fujii Masao) + Fix
walsenderapplication>'s failure to shut down cleanly when client + is
pg_receivexlogapplication> (Fujii Masao)
- Prevent interrupts while reporting non-ERROR messages
+ Prevent interrupts while reporting non-ERRORliteral> messages
(Tom Lane)
This guards against rare server-process freezeups due to recursive
- entry to syslog(), and perhaps other related problems.
+ entry to syslog()function>, and perhaps other related problems.
- Fix tracking of
psql script line numbers - during \copy from out-of-line data
+ Fix tracking of
psqlapplication> script line numbers + during \copyliteral> from out-of-line data
(Kumar Rajeev Rastogi, Amit Khandekar)
- \copy ... from incremented the script file line number
+ \copy ... fromliteral> incremented the script file line number
for each data line, even if the data was not coming from the script
file. This mistake resulted in wrong line numbers being reported for
any errors occurring later in the same script file.
- Fix
contrib/postgres_fdw to handle multiple join + Fix
contrib/postgres_fdwapplication> to handle multiple join conditions properly (Tom Lane)
- This oversight could result in sending WHERE clauses to
+ This oversight could result in sending WHEREliteral> clauses to
the remote server for execution even though the clauses are not known
to have the same semantics on the remote server (for example, clauses
that use non-built-in operators). The query might succeed anyway,
- Prevent intermittent could not reserve shared memory region
+ Prevent intermittent could not reserve shared memory regionquote>
failures on recent Windows versions (MauMau)
- Update time zone data files to
tzdata release 2014a + Update time zone data files to
tzdataapplication> release 2014a for DST law changes in Fiji and Turkey, plus historical changes in
Israel and Ukraine.
- Shore up GRANT ... WITH ADMIN OPTION restrictions
+ Shore up GRANT ... WITH ADMIN OPTIONliteral> restrictions
(Noah Misch)
- Granting a role without ADMIN OPTION is supposed to
+ Granting a role without ADMIN OPTIONliteral> is supposed to
prevent the grantee from adding or removing members from the granted
role, but this restriction was easily bypassed by doing SET
- ROLE first. The security impact is mostly that a role member can
+ ROLEliteral> first. The security impact is mostly that a role member can
revoke the access of others, contrary to the wishes of his grantor.
Unapproved role member additions are a lesser concern, since an
uncooperative role member could provide most of his rights to others
- anyway by creating views or SECURITY DEFINER functions.
+ anyway by creating views or SECURITY DEFINERliteral> functions.
(CVE-2014-0060)
The primary role of PL validator functions is to be called implicitly
- during CREATE FUNCTION, but they are also normal SQL
+ during CREATE FUNCTIONcommand>, but they are also normal SQL
functions that a user can call explicitly. Calling a validator on
a function actually written in some other language was not checked
for and could be exploited for privilege-escalation purposes.
If the name lookups come to different conclusions due to concurrent
activity, we might perform some parts of the DDL on a different table
- than other parts. At least in the case of CREATE INDEX,
+ than other parts. At least in the case of CREATE INDEXcommand>,
this can be used to cause the permissions checks to be performed
against a different table than the index creation, allowing for a
privilege escalation attack.
- The MAXDATELEN constant was too small for the longest
- possible value of type interval, allowing a buffer overrun
- in interval_out(). Although the datetime input
+ The MAXDATELENliteral> constant was too small for the longest
+ possible value of type intervaltype>, allowing a buffer overrun
+ in interval_out()function>. Although the datetime input
functions were more careful about avoiding buffer overrun, the limit
was short enough to cause them to reject some valid inputs, such as
- input containing a very long timezone name. The
ecpg + input containing a very long timezone name. The
ecpgapplication> library contained these vulnerabilities along with some of its own.
(CVE-2014-0063)
- Use strlcpy() and related functions to provide a clear
+ Use strlcpy()function> and related functions to provide a clear
guarantee that fixed-size buffers are not overrun. Unlike the
preceding items, it is unclear whether these cases really represent
live issues, since in most cases there appear to be previous
- Avoid crashing if crypt() returns NULL (Honza Horak,
+ Avoid crashing if crypt()function> returns NULL (Honza Horak,
Bruce Momjian)
- There are relatively few scenarios in which crypt()
- could return NULL, but contrib/chkpass would crash
+ There are relatively few scenarios in which crypt()function>
+ could return NULL, but contrib/chkpassfilename> would crash
if it did. One practical case in which this could be an issue is
- if
libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode).
+ if
libcapplication> is configured to refuse to execute unapproved + hashing algorithms (e.g., FIPS modequote>).
(CVE-2014-0066)
- Document risks of make check in the regression testing
+ Document risks of make checkliteral> in the regression testing
instructions (Noah Misch, Tom Lane)
- Since the temporary server started by make check
- uses trust authentication, another user on the same machine
+ Since the temporary server started by make checkliteral>
+ uses trustquote> authentication, another user on the same machine
could connect to it as database superuser, and then potentially
exploit the privileges of the operating-system user who started the
tests. A future release will probably incorporate changes in the
testing procedure to prevent this risk, but some public discussion is
needed first. So for the moment, just warn people against using
- make check when there are untrusted users on the
+ make checkliteral> when there are untrusted users on the
same machine.
(CVE-2014-0067)
The logic for tuple freezing was unable to handle some cases involving
freezing of
- multixact
+ multixactfirstterm>
IDs, with the practical effect that shared row-level locks
might be forgotten once old enough.
Fixing this required changing the WAL record format for tuple
freezing. While this is no issue for standalone servers, when using
replication it means that standby servers must be upgraded
- to 9.3.3 or later before their masters are. An older standby will
+ to 9.3.3 or later before their masters areemphasis>. An older standby will
be unable to interpret freeze records generated by a newer master, and
will fail with a PANIC message. (In such a case, upgrading the
standby should be sufficient to let it resume execution.)
This oversight could allow referential integrity checks to give false
positives (for instance, allow deletes that should have been rejected).
- Applications using the new commands SELECT FOR KEY SHARE
- and SELECT FOR NO KEY UPDATE might also have suffered
+ Applications using the new commands SELECT FOR KEY SHAREliteral>
+ and SELECT FOR NO KEY UPDATEliteral> might also have suffered
locking failures of this kind.
- Prevent forgetting valid row locks when one of several
+ Prevent forgettingquote> valid row locks when one of several
holders of a row lock aborts (Álvaro Herrera)
This mistake could result in spurious could not serialize access
- due to concurrent update> errors in REPEATABLE READ>
- and SERIALIZABLE transaction isolation modes.
+ due to concurrent updatequote> errors in REPEATABLE READ>
+ and SERIALIZABLEliteral> transaction isolation modes.
Handle wraparound correctly during extension or truncation
- of pg_multixact/members
+ of pg_multixact/membersfilename>
(Andres Freund, Álvaro Herrera)
- Fix handling of 5-digit filenames in pg_multixact/members
+ Fix handling of 5-digit filenames in pg_multixact/membersfilename>
(Álvaro Herrera)
This fixes a performance regression from pre-9.3 versions when doing
- SELECT FOR UPDATE> followed by UPDATE/DELETE>.
+ SELECT FOR UPDATEliteral> followed by UPDATE/DELETE>.
During archive recovery, prefer highest timeline number when WAL
segments with the same ID are present in both the archive
- and pg_xlog/ (Kyotaro Horiguchi)
+ and pg_xlog/filename> (Kyotaro Horiguchi)
The WAL update could be applied to the wrong page, potentially many
pages past where it should have been. Aside from corrupting data,
- this error has been observed to result in significant bloat
+ this error has been observed to result in significant bloatquote>
of standby servers compared to their masters, due to updates being
applied far beyond where the end-of-file should have been. This
failure mode does not appear to be a significant risk during crash
was already consistent at the start of replay, thus possibly allowing
hot-standby queries before the database was really consistent. Other
symptoms such as PANIC: WAL contains references to invalid
- pages were also possible.
+ pagesquote> were also possible.
Fix improper locking of btree index pages while replaying
- a VACUUM operation in hot-standby mode (Andres Freund,
+ a VACUUMliteral> operation in hot-standby mode (Andres Freund,
Heikki Linnakangas, Tom Lane)
This error could result in PANIC: WAL contains references to
- invalid pages failures.
+ invalid pagesquote> failures.
- When pause_at_recovery_target
- and recovery_target_inclusive are both set, ensure the
+ When pause_at_recovery_targetliteral>
+ and recovery_target_inclusiveliteral> are both set, ensure the
target record is applied before pausing, not after (Heikki
Linnakangas)
Prevent timeout interrupts from taking control away from mainline
- code unless ImmediateInterruptOK is set
+ code unless ImmediateInterruptOKvarname> is set
(Andres Freund, Tom Lane)
This is a serious issue for any application making use of statement
timeouts, as it could cause all manner of strange failures after a
- timeout occurred. We have seen reports of stuck spinlocks,
+ timeout occurred. We have seen reports of stuckquote> spinlocks,
ERRORs being unexpectedly promoted to PANICs, unkillable backends,
and other misbehaviors.
Ensure that signal handlers don't attempt to use the
- process's MyProc pointer after it's no longer valid.
+ process's MyProcvarname> pointer after it's no longer valid.
- Fix unsafe references to errno within error reporting
+ Fix unsafe references to errnovarname> within error reporting
logic (Christian Kruse)
This would typically lead to odd behaviors such as missing or
- inappropriate HINT fields.
+ inappropriate HINTliteral> fields.
- Fix possible crashes from using ereport() too early
+ Fix possible crashes from using ereport()function> too early
during server startup (Tom Lane)
- Fix length checking for Unicode identifiers (U&"..."
+ Fix length checking for Unicode identifiers (U&"..."literal>
syntax) containing escapes (Tom Lane)
A previous patch allowed such keywords to be used without quoting
in places such as role identifiers; but it missed cases where a
- list of role identifiers was permitted, such as DROP ROLE.
+ list of role identifiers was permitted, such as DROP ROLEliteral>.
Fix possible crash due to invalid plan for nested sub-selects, such
- as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...)
+ as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...)literal>
(Tom Lane)
- Fix mishandling of WHERE conditions pulled up from
- a LATERAL subquery (Tom Lane)
+ Fix mishandling of WHEREliteral> conditions pulled up from
+ a LATERALliteral> subquery (Tom Lane)
The typical symptom of this bug was a JOIN qualification
- cannot refer to other relations error, though subtle logic
+ cannot refer to other relationsquote> error, though subtle logic
errors in created plans seem possible as well.
- Disallow LATERAL references to the target table of
- an UPDATE/DELETE (Tom Lane)
+ Disallow LATERALliteral> references to the target table of
+ an UPDATE/DELETEliteral> (Tom Lane)
- Fix UPDATE/DELETE of an inherited target table
- that has UNION ALL subqueries (Tom Lane)
+ Fix UPDATE/DELETEliteral> of an inherited target table
+ that has UNION ALLliteral> subqueries (Tom Lane)
- Without this fix, UNION ALL subqueries aren't correctly
+ Without this fix, UNION ALLliteral> subqueries aren't correctly
inserted into the update plans for inheritance child tables after the
first one, typically resulting in no update happening for those child
table(s).
- Fix ANALYZE to not fail on a column that's a domain over
+ Fix ANALYZEcommand> to not fail on a column that's a domain over
a range type (Tom Lane)
- Ensure that ANALYZE creates statistics for a table column
- even when all the values in it are too wide (Tom Lane)
+ Ensure that ANALYZEcommand> creates statistics for a table column
+ even when all the values in it are too widequote> (Tom Lane)
- ANALYZE intentionally omits very wide values from its
+ ANALYZEcommand> intentionally omits very wide values from its
histogram and most-common-values calculations, but it neglected to do
something sane in the case that all the sampled entries are too wide.
- In ALTER TABLE ... SET TABLESPACE, allow the database's
+ In ALTER TABLE ... SET TABLESPACEliteral>, allow the database's
default tablespace to be used without a permissions check
(Stephen Frost)
- CREATE TABLE has always allowed such usage,
- but ALTER TABLE didn't get the memo.
+ CREATE TABLEliteral> has always allowed such usage,
+ but ALTER TABLEliteral> didn't get the memo.
- Fix cannot accept a set error when some arms of
- a CASE return a set and others don't (Tom Lane)
+ Fix cannot accept a setquote> error when some arms of
+ a CASEliteral> return a set and others don't (Tom Lane)
- Fix possible misbehavior in plainto_tsquery()
+ Fix possible misbehavior in plainto_tsquery()function>
(Heikki Linnakangas)
- Use memmove()> not memcpy()> for copying
+ Use memmove()function> not memcpy()> for copying
overlapping memory regions. There have been no field reports of
this actually causing trouble, but it's certainly risky.
- Fix placement of permissions checks in pg_start_backup()
- and pg_stop_backup() (Andres Freund, Magnus Hagander)
+ Fix placement of permissions checks in pg_start_backup()function>
+ and pg_stop_backup()function> (Andres Freund, Magnus Hagander)
- Accept SHIFT_JIS as an encoding name for locale checking
+ Accept SHIFT_JISliteral> as an encoding name for locale checking
purposes (Tatsuo Ishii)
- Fix *-qualification of named parameters in SQL-language
+ Fix *literal>-qualification of named parameters in SQL-language
functions (Tom Lane)
Given a composite-type parameter
- named foo>, $1.*> worked fine,
- but foo.* not so much.
+ named fooliteral>, $1.*> worked fine,
+ but foo.*literal> not so much.
- Fix misbehavior of PQhost() on Windows (Fujii Masao)
+ Fix misbehavior of PQhost()function> on Windows (Fujii Masao)
- It should return localhost if no host has been specified.
+ It should return localhostliteral> if no host has been specified.
- Improve error handling in
libpq> and psql> - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane)
+ Improve error handling in
libpqapplication> and psql> + for failures during COPY TO STDOUT/FROM STDINliteral> (Tom Lane)
In particular this fixes an infinite loop that could occur in 9.2 and
up if the server connection was lost during COPY FROM
- STDIN. Variants of that scenario might be possible in older
+ STDINliteral>. Variants of that scenario might be possible in older
versions, or with other client applications.
Fix incorrect translation handling in
- some
psql> \d> commands + some
psqlapplication> \d> commands (Peter Eisentraut, Tom Lane)
- Ensure
pg_basebackup's background process is killed + Ensure
pg_basebackupapplication>'s background process is killed when exiting its foreground process (Magnus Hagander)
Fix possible incorrect printing of filenames
- in
pg_basebackup's verbose mode (Magnus Hagander) + in
pg_basebackupapplication>'s verbose mode (Magnus Hagander)
- Fix misaligned descriptors in
ecpg (MauMau) + Fix misaligned descriptors in
ecpgapplication> (MauMau)
- In
ecpg, handle lack of a hostname in the connection + In
ecpgapplication>, handle lack of a hostname in the connection parameters properly (Michael Meskes)
- Fix performance regression in contrib/dblink connection
+ Fix performance regression in contrib/dblinkfilename> connection
startup (Joe Conway)
- In contrib/isn, fix incorrect calculation of the check
+ In contrib/isnfilename>, fix incorrect calculation of the check
digit for ISMN values (Fabien Coelho)
- Fix contrib/pgbench's progress logging to avoid overflow
+ Fix contrib/pgbenchfilename>'s progress logging to avoid overflow
when the scale factor is large (Tatsuo Ishii)
- Fix contrib/pg_stat_statement's handling
- of CURRENT_DATE and related constructs (Kyotaro
+ Fix contrib/pg_stat_statementfilename>'s handling
+ of CURRENT_DATEliteral> and related constructs (Kyotaro
Horiguchi)
Improve lost-connection error handling
- in contrib/postgres_fdw (Tom Lane)
+ in contrib/postgres_fdwfilename> (Tom Lane)
- In Mingw and Cygwin builds, install the
libpq DLL - in the bin directory (Andrew Dunstan)
+ In Mingw and Cygwin builds, install the
libpqapplication> DLL + in the binfilename> directory (Andrew Dunstan)
This duplicates what the MSVC build has long done. It should fix
- problems with programs like
psql failing to start + problems with programs like
psqlapplication> failing to start because they can't find the DLL.
- Avoid using the deprecated dllwrap tool in Cygwin builds
+ Avoid using the deprecated dllwrapliteral> tool in Cygwin builds
(Marco Atzeri)
- Don't generate plain-text HISTORY
- and src/test/regress/README files anymore (Tom Lane)
+ Don't generate plain-text HISTORYfilename>
+ and src/test/regress/READMEfilename> files anymore (Tom Lane)
the likely audience for plain-text format. Distribution tarballs
will still contain files by these names, but they'll just be stubs
directing the reader to consult the main documentation.
- The plain-text INSTALL file will still be maintained, as
+ The plain-text INSTALLfilename> file will still be maintained, as
there is arguably a use-case for that.
- Update time zone data files to
tzdata release 2013i + Update time zone data files to
tzdataapplication> release 2013i for DST law changes in Jordan and historical changes in Cuba.
- In addition, the zones Asia/Riyadh87,
- Asia/Riyadh88>, and Asia/Riyadh89> have been
+ In addition, the zones Asia/Riyadh87literal>,
+ Asia/Riyadh88literal>, and Asia/Riyadh89> have been
removed, as they are no longer maintained by IANA, and never
represented actual civil timekeeping practice.
- Fix VACUUM's tests to see whether it can
- update relfrozenxid (Andres Freund)
+ Fix VACUUMcommand>'s tests to see whether it can
+ update relfrozenxidstructfield> (Andres Freund)
- In some cases VACUUM (either manual or autovacuum) could
- incorrectly advance a table's relfrozenxid value,
+ In some cases VACUUMcommand> (either manual or autovacuum) could
+ incorrectly advance a table's relfrozenxidstructfield> value,
allowing tuples to escape freezing, causing those rows to become
invisible once 2^31 transactions have elapsed. The probability of
data loss is fairly low since multiple incorrect advancements would
need to happen before actual loss occurs, but it's not zero. In 9.2.0
and later, the probability of loss is higher, and it's also possible
- to get could not access status of transaction errors as a
+ to get could not access status of transactionquote> errors as a
consequence of this bug. Users upgrading from releases 9.0.4 or 8.4.8
or earlier are not affected, but all later versions contain the bug.
The issue can be ameliorated by, after upgrading, vacuuming all tables
in all databases while having
- linkend="guc-vacuum-freeze-table-age">vacuum_freeze_table_age
+ linkend="guc-vacuum-freeze-table-age">vacuum_freeze_table_agevarname>
set to zero. This will fix any latent corruption but will not be able
to fix all pre-existing data errors. However, an installation can be
presumed safe after performing this vacuuming if it has executed fewer
than 2^31 update transactions in its lifetime (check this with
- SELECT txid_current() < 2^31>).
+ SELECT txid_current() < 2^31>).
These bugs could lead to could not access status of
- transaction errors, or to duplicate or vanishing rows.
+ transactionquote> errors, or to duplicate or vanishing rows.
Users upgrading from releases prior to 9.3.0 are not affected.
The issue can be ameliorated by, after upgrading, vacuuming all tables
in all databases while having
- linkend="guc-vacuum-freeze-table-age">vacuum_freeze_table_age
+ linkend="guc-vacuum-freeze-table-age">vacuum_freeze_table_agevarname>
set to zero. This will fix latent corruption but will not be able to
fix all pre-existing data errors.
- Fix initialization of pg_clog> and pg_subtrans>
+ Fix initialization of pg_clogfilename> and pg_subtrans>
during hot standby startup (Andres Freund, Heikki Linnakangas)
These bugs could result in incorrect behavior, such as locking or even
updating the wrong row, in the presence of concurrent updates.
- Spurious unable to fetch updated version of tuple errors
+ Spurious unable to fetch updated version of tuplequote> errors
were also possible.
This could lead to corruption of the lock data structures in shared
- memory, causing lock already held and other odd errors.
+ memory, causing lock already heldquote> and other odd errors.
- Truncate pg_multixact contents during WAL replay
+ Truncate pg_multixactfilename> contents during WAL replay
(Andres Freund)
- Ensure an anti-wraparound VACUUM counts a page as scanned
+ Ensure an anti-wraparound VACUUMcommand> counts a page as scanned
when it's only verified that no tuples need freezing (Sergey
Burladyan, Jeff Janes)
This bug could result in failing to
- advance relfrozenxid, so that the table would still be
+ advance relfrozenxidstructfield>, so that the table would still be
thought to need another anti-wraparound vacuum. In the worst case the
database might even shut down to prevent wraparound.
- Fix unexpected spgdoinsert() failure error during SP-GiST
+ Fix unexpected spgdoinsert() failurequote> error during SP-GiST
index creation (Teodor Sigaev)
- Historically
PostgreSQL has accepted queries like + Historically
PostgreSQLproductname> has accepted queries like SELECT ... FROM tab1 x CROSS JOIN (tab2 x CROSS JOIN tab3 y) z
although a strict reading of the SQL standard would forbid the
- duplicate usage of table alias x. A misguided change in
+ duplicate usage of table alias xliteral>. A misguided change in
9.3.0 caused it to reject some such cases that were formerly accepted.
Restore the previous behavior.
- Avoid flattening a subquery whose SELECT list contains a
- volatile function wrapped inside a sub-SELECT (Tom Lane)
+ Avoid flattening a subquery whose SELECTliteral> list contains a
+ volatile function wrapped inside a sub-SELECTliteral> (Tom Lane)
This error could lead to incorrect plans for queries involving
- multiple levels of subqueries within JOIN syntax.
+ multiple levels of subqueries within JOINliteral> syntax.
Fix incorrect planning in cases where the same non-strict expression
- appears in multiple WHERE> and outer JOIN>
+ appears in multiple WHEREliteral> and outer JOIN>
equality clauses (Tom Lane)
- Fix array slicing of int2vector> and oidvector> values
+ Fix array slicing of int2vectortype> and oidvector> values
(Tom Lane)
Expressions of this kind are now implicitly promoted to
- regular int2> or oid> arrays.
+ regular int2type> or oid> arrays.
- Return a valid JSON value when converting an empty hstore value
- to json
+ Return a valid JSON value when converting an empty hstoretype> value
+ to jsontype>
(Oskari Saarenmaa)
In some cases, the system would use the simple GMT offset value when
it should have used the regular timezone setting that had prevailed
before the simple offset was selected. This change also causes
- the timeofday function to honor the simple GMT offset
+ the timeofdayfunction> function to honor the simple GMT offset
zone.
- Properly quote generated command lines in
pg_ctl + Properly quote generated command lines in
pg_ctlapplication> (Naoya Anzai and Tom Lane)
- Fix
pg_dumpall to work when a source database + Fix
pg_dumpallapplication> to work when a source database sets
- linkend="guc-default-transaction-read-only">default_transaction_read_only
- via ALTER DATABASE SET (Kevin Grittner)
+ linkend="guc-default-transaction-read-only">default_transaction_read_onlyvarname>
+ via ALTER DATABASE SETcommand> (Kevin Grittner)
- Fix
pg_isready> to handle its -d> option + Fix
pg_isreadyapplication> to handle its -d> option properly (Fabrízio de Royes Mello and Fujii Masao)
- Fix parsing of WAL file names in
pg_receivexlog + Fix parsing of WAL file names in
pg_receivexlogapplication> (Heikki Linnakangas)
- This error made
pg_receivexlog unable to restart + This error made
pg_receivexlogapplication> unable to restart streaming after stopping, once at least 4 GB of WAL had been written.
Report out-of-disk-space failures properly
- in
pg_upgrade (Peter Eisentraut) + in
pg_upgradeapplication> (Peter Eisentraut)
- Make
ecpg search for quoted cursor names + Make
ecpgapplication> search for quoted cursor names case-sensitively (Zoltán Böszörményi)
- Fix
ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi)
+ Fix
ecpgapplication>'s processing of lists of variables + declared varchartype> (Zoltán Böszörményi)
- Make contrib/lo defend against incorrect trigger definitions
+ Make contrib/lofilename> defend against incorrect trigger definitions
(Marc Cousin)
- Update time zone data files to
tzdata release 2013h + Update time zone data files to
tzdataapplication> release 2013h for DST law changes in Argentina, Brazil, Jordan, Libya,
Liechtenstein, Morocco, and Palestine. Also, new timezone
abbreviations WIB, WIT, WITA for Indonesia.
- However, if you use the hstore extension, see the
+ However, if you use the hstoreliteral> extension, see the
first changelog entry.
- Ensure new-in-9.3 JSON functionality is added to the hstore
+ Ensure new-in-9.3 JSON functionality is added to the hstoreliteral>
extension during an update (Andrew Dunstan)
- Users who upgraded a pre-9.3 database containing hstore
+ Users who upgraded a pre-9.3 database containing hstoreliteral>
should execute
ALTER EXTENSION hstore UPDATE;
after installing 9.3.1, to add two new JSON functions and a cast.
- (If hstore is already up to date, this command does
+ (If hstoreliteral> is already up to date, this command does
nothing.)
- Fix timeline handling bugs in
pg_receivexlog + Fix timeline handling bugs in
pg_receivexlogapplication> (Heikki Linnakangas, Andrew Gierth)
- Prevent CREATE FUNCTION> from checking SET>
+ Prevent CREATE FUNCTIONcommand> from checking SET>
variables unless function body checking is enabled (Tom Lane)
Overview
- Major enhancements in
PostgreSQL 9.3 include: + Major enhancements in
PostgreSQLproductname> 9.3 include:
- Add SQL-CREATEMATERIALIZEDVIEW">materialized
+ Add sql-creatematerializedview">materialized
views
Make simple views
- linkend="SQL-CREATEVIEW -updatable-views">auto-updatable
+ linkend="sql-createview -updatable-views">auto-updatable
- Add many features for the JSON data type,
+ Add many features for the JSONtype> data type,
including operators and functions
- to extract elements from JSON values
+ to extract elements from JSONtype> values
- Implement
SQL-standard
- linkend="queries-lateral">LATERAL option for
- FROM-clause subqueries and function calls
+ Implement
SQLacronym>-standard
+ linkend="queries-lateral">LATERALliteral> option for
+ FROMliteral>-clause subqueries and function calls
- Allow SQL-CREATEFOREIGNDATAWRAPPER">foreign data
+ Allow sql-createforeigndatawrapper">foreign data
wrappers to support writes (inserts/updates/deletes) on foreign
tables
+ Add a
Postgresproductname> foreign data wrapper to allow access to
+ other
Postgresproductname> servers
A dump/restore using
- linkend="
APP-PG-DUMPALL">pg_dumpall>, or use + linkend="
app-pg-dumpall">pg_dumpall>, or use + of
pg_upgradeapplication>, is required for those wishing to migrate data from any previous release.
- Rename
replication_timeout to
- linkend="guc-wal-sender-timeout">wal_sender_timeout
+ Rename
replication_timeoutvarname> to
+ linkend="guc-wal-sender-timeout">wal_sender_timeoutvarname>
(Amit Kapila)
This setting controls the
- linkend="wal">
WAL sender timeout. + linkend="wal">
WALacronym> sender timeout.
Require superuser privileges to set
- linkend="guc-commit-delay">commit_delay
+ linkend="guc-commit-delay">commit_delayvarname>
because it can now potentially delay other sessions (Simon Riggs)
Users who have set
- linkend="guc-work-mem">work_mem based on the
+ linkend="guc-work-mem">work_memvarname> based on the
previous behavior may need to revisit that setting.
Throw an error if a tuple to be updated or deleted has already been
- updated or deleted by a BEFORE trigger (Kevin Grittner)
+ updated or deleted by a BEFOREliteral> trigger (Kevin Grittner)
Now an error is thrown to prevent the inconsistent results from being
committed. If this change affects your application, the best solution
is usually to move the data-propagation actions to
- an AFTER trigger.
+ an AFTERliteral> trigger.
- Change multicolumn SQL-CREATETABLE">ON UPDATE
- SET NULL/SET DEFAULT foreign key actions to affect
+ Change multicolumn sql-createtable">ON UPDATE
+ SET NULL/SET DEFAULTliteral> foreign key actions to affect
all columns of the constraint, not just those changed in the
- UPDATE (Tom Lane)
+ UPDATEcommand> (Tom Lane)
Previously, we would set only those referencing columns that
correspond to referenced columns that were changed by
- the UPDATE. This was what was required by SQL-92,
+ the UPDATEcommand>. This was what was required by SQL-92,
but more recent editions of the SQL standard specify the new behavior.
Force cached plans to be replanned if the
- linkend="guc-search-path">search_path changes
+ linkend="guc-search-path">search_pathvarname> changes
(Tom Lane)
Previously, cached plans already generated in the current session were
not redone if the query was re-executed with a
- new search_path setting, resulting in surprising behavior.
+ new search_pathvarname> setting, resulting in surprising behavior.
Fix
- linkend="functions-formatting-table">to_number()
+ linkend="functions-formatting-table">to_number()function>
to properly handle a period used as a thousands separator (Tom Lane)
Previously, a period was considered to be a decimal point even when
- the locale says it isn't and the D format code is used to
+ the locale says it isn't and the Dliteral> format code is used to
specify use of the locale-specific decimal point. This resulted in
- wrong answers if FM format was also used.
+ wrong answers if FMliteral> format was also used.
- Fix STRICT non-set-returning functions that have
+ Fix STRICTliteral> non-set-returning functions that have
set-returning functions in their arguments to properly return null
rows (Tom Lane)
- Store
WAL in a continuous + Store
WALacronym> in a continuous stream, rather than skipping the last 16MB segment every 4GB
(Heikki Linnakangas)
- Previously,
WAL> files with names ending in FF> - were not used because of this skipping. If you have
WAL + Previously,
WALacronym> files with names ending in FF> + were not used because of this skipping. If you have
WALacronym> backup or restore scripts that took this behavior into account, they
will need to be adjusted.
In
- linkend="catalog-pg-constraint">pg_constraint.confmatchtype,
- store the default foreign key match type (non-FULL,
- non-PARTIAL>) as s for simple>
+ linkend="catalog-pg-constraint">pg_constraint.confmatchtypestructname>,
+ store the default foreign key match type (non-FULLliteral>,
+ non-PARTIALliteral>) as s for simple>
(Tom Lane)
- Previously this case was represented by u
- for unspecified.
+ Previously this case was represented by uliteral>
+ for unspecifiedquote>.
This change improves concurrency and reduces the probability of
deadlocks when updating tables involved in a foreign-key constraint.
- UPDATEs that do not change any columns referenced in a
- foreign key now take the new NO KEY UPDATE lock mode on
- the row, while foreign key checks use the new KEY SHARE
- lock mode, which does not conflict with NO KEY UPDATE.
+ UPDATEcommand>s that do not change any columns referenced in a
+ foreign key now take the new NO KEY UPDATEliteral> lock mode on
+ the row, while foreign key checks use the new KEY SHAREliteral>
+ lock mode, which does not conflict with NO KEY UPDATEliteral>.
So there is no blocking unless a foreign-key column is changed.
Add configuration variable
- linkend="guc-lock-timeout">lock_timeout to
+ linkend="guc-lock-timeout">lock_timeoutvarname> to
allow limiting how long a session will wait to acquire any one lock
(Zoltán Böszörményi)
support for range data types (Alexander Korotkov)
- Allow
GiST">GiST> indexes to be + Allow
gist">GiST> indexes to be unlogged (Jeevan Chalke)
- Improve performance of
GiST index insertion by randomizing + Improve performance of
GiSTacronym> index insertion by randomizing the choice of which page to descend to when there are multiple equally
good alternatives (Heikki Linnakangas)
Improve optimizer's hash table size estimate for
- doing DISTINCT via hash aggregation (Tom Lane)
+ doing DISTINCTliteral> via hash aggregation (Tom Lane)
- Add SQL-COPY">COPY FREEZE>
+ Add sql-copy">COPY FREEZE>
option to avoid the overhead of marking tuples as frozen later
(Simon Riggs, Jeff Davis)
Improve performance of
- linkend="datatype-numeric">NUMERIC calculations
+ linkend="datatype-numeric">NUMERICtype> calculations
(Kyotaro Horiguchi)
Improve synchronization of sessions waiting for
- linkend="guc-commit-delay">commit_delay
+ linkend="guc-commit-delay">commit_delayvarname>
(Peter Geoghegan)
- This greatly improves the usefulness of commit_delay.
+ This greatly improves the usefulness of commit_delayvarname>.
Improve performance of the
- linkend="SQL-CREATETABLE ">CREATE TEMPORARY TABLE ... ON
- COMMIT DELETE ROWS option by not truncating such temporary
+ linkend="sql-createtable ">CREATE TEMPORARY TABLE ... ON
+ COMMIT DELETE ROWScommand> option by not truncating such temporary
tables in transactions that haven't touched any temporary tables
(Heikki Linnakangas)
This speeds up lock bookkeeping at statement completion in
multi-statement transactions that hold many locks; it is particularly
+ useful for
pg_dumpapplication>.
This speeds up sessions that create many tables in successive
- small transactions, such as a
pg_restore run. + small transactions, such as a
pg_restoreapplication> run.
The checksum option can be set during
- linkend="APP-INITDB ">initdb.
+ linkend="app-initdb ">initdb.
When an authentication failure occurs, log the relevant
- pg_hba.conf
+ pg_hba.conffilename>
line, to ease debugging of unintended failures
(Magnus Hagander)
+ Improve
LDAPacronym> error reporting and documentation (Peter Eisentraut)
- Add support for specifying
LDAP authentication parameters - in
URL format, per RFC 4516 (Peter Eisentraut) + Add support for specifying
LDAPacronym> authentication parameters + in
URLacronym> format, per RFC 4516 (Peter Eisentraut)
Change the
- linkend="guc-ssl-ciphers">ssl_ciphers parameter
- to start with DEFAULT>, rather than ALL>,
+ linkend="guc-ssl-ciphers">ssl_ciphersvarname> parameter
+ to start with DEFAULTliteral>, rather than ALL>,
then remove insecure ciphers (Magnus Hagander)
Parse and load
- linkend="auth-username-maps">pg_ident.conf
+ linkend="auth-username-maps">pg_ident.conffilename>
once, not during each connection (Amit Kapila)
- This is similar to how pg_hba.conf is processed.
+ This is similar to how pg_hba.conffilename> is processed.
- On Unix-like systems, mmap() is now used for most
- of
PostgreSQL's shared memory. For most users, this + On Unix-like systems, mmap()function> is now used for most
+ of
PostgreSQLproductname>'s shared memory. For most users, this will eliminate any need to adjust kernel parameters for shared memory.
The configuration parameter
-
unix_socket_directory is replaced by
- linkend="guc-unix-socket-directories">unix_socket_directories,
+
unix_socket_directoryvarname> is replaced by
+ linkend="guc-unix-socket-directories">unix_socket_directoriesvarname>,
which accepts a list of directories.
Such a directory is specified with
- linkend="config-includes">include_dir in the server
+ linkend="config-includes">include_dirvarname> in the server
configuration file.
Increase the maximum
- linkend="
APP-INITDB ">initdb-configured value for
- linkend="guc-shared-buffers">shared_buffers
+ linkend="
app-initdb ">initdb-configured value for
+ linkend="guc-shared-buffers">shared_buffersvarname>
to 128MB (Robert Haas)
This is the maximum value that initdb will attempt to set in
- linkend="config-setting-configuration-file">postgresql.conf;
+ linkend="config-setting-configuration-file">postgresql.conffilename>;
the previous maximum was 32MB.
Remove the external
-
PID file, if any, on postmaster exit +
PIDacronym> file, if any, on postmaster exit (Peter Eisentraut)
- Add
SQL functions
- linkend="functions-admin-backup">pg_is_in_backup()
+ Add
SQLacronym> functions
+ linkend="functions-admin-backup">pg_is_in_backup()function>
and
- linkend="functions-admin-backup">pg_backup_start_time()
+ linkend="functions-admin-backup">pg_backup_start_time()function>
(Gilles Darold)
Improve performance of streaming log shipping with
- linkend="guc-synchronous-commit">synchronous_commit
+ linkend="guc-synchronous-commit">synchronous_commitvarname>
disabled (Andres Freund)
Add the last checkpoint's redo location to
- linkend="
APP-PGCONTROLDATA">pg_controldata>'s + linkend="
app-pgcontroldata">pg_controldata>'s output (Fujii Masao)
- This information is useful for determining which
WAL + This information is useful for determining which
WALacronym> files are needed for restore.
Allow tools like
- linkend="app-pgreceivewal">
pg_receivexlog + linkend="app-pgreceivewal">
pg_receivexlogapplication> to run on computers with different architectures (Heikki
Linnakangas)
Make
- linkend="app-pgbasebackup">
pg_basebackup - --write-recovery-conf output a
- minimal recovery.conf file (Zoltán
+ linkend="app-pgbasebackup">
pg_basebackupapplication> + --write-recovery-confoption> output a
+ minimal recovery.conffilename> file (Zoltán
Böszörményi, Magnus Hagander)
Allow
- linkend="app-pgreceivewal">
pg_receivexlog + linkend="app-pgreceivewal">
pg_receivexlogapplication> and
- linkend="app-pgbasebackup">
pg_basebackup - --xlog-method to handle streaming timeline switches
+ linkend="app-pgbasebackup">
pg_basebackupapplication> + --xlog-methodoption> to handle streaming timeline switches
(Heikki Linnakangas)
Add
- linkend="guc-wal-receiver-timeout">wal_receiver_timeout
- parameter to control the
WAL receiver's timeout + linkend="guc-wal-receiver-timeout">wal_receiver_timeoutvarname>
+ parameter to control the
WALacronym> receiver's timeout (Amit Kapila)
- Change the
WAL record format to + Change the
WALacronym> record format to allow splitting the record header across pages (Heikki Linnakangas)
- Implement
SQL-standard
- linkend="queries-lateral">LATERAL option for
- FROM-clause subqueries and function calls (Tom Lane)
+ Implement
SQLacronym>-standard
+ linkend="queries-lateral">
projects / postgresql.git / commitdiff