+
+
Release 9.0.19
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.0.18.
+ For information about new features in the 9.0 major release, see
+ .
+
+
+
+
Migration to Version 9.0.19
+
+ A dump/restore is not required for those running 9.0.X.
+
+
+ However, if you are upgrading from a version earlier than 9.0.18,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+ Avoid possible data corruption if ALTER DATABASE SET
+ TABLESPACE is used to move a database to a new tablespace and then
+ shortly later move it back to its original tablespace (Tom Lane)
+
+
+
+
+ Avoid corrupting tables when ANALYZE inside a transaction
+ is rolled back (Andres Freund, Tom Lane, Michael Paquier)
+
+
+ If the failing transaction had earlier removed the last index, rule, or
+ trigger from the table, the table would be left in a corrupted state
+ with the relevant pg_class flags not set though they
+ should be.
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+ Fix planning of SELECT FOR UPDATE when using a partial
+ index on a child table (Kyotaro Horiguchi)
+
+
+ In READ COMMITTED mode, SELECT FOR UPDATE must
+ also recheck the partial index's WHERE condition when
+ rechecking a recently-updated row to see if it still satisfies the
+ query's WHERE condition. This requirement was missed if the
+ index belonged to an inheritance child table, so that it was possible
+ to incorrectly return rows that no longer satisfy the query condition.
+
+
+
+
+ Fix corner case wherein SELECT FOR UPDATE could return a row
+ twice, and possibly miss returning other rows (Tom Lane)
+
+
+ In READ COMMITTED mode, a SELECT FOR UPDATE
+ that is scanning an inheritance tree could incorrectly return a row
+ from a prior child table instead of the one it should return from a
+ later child table.
+
+
+
+
+ Reject duplicate column names in the referenced-columns list of
+ a FOREIGN KEY declaration (David Rowley)
+
+
+ This restriction is per SQL standard. Previously we did not reject
+ the case explicitly, but later on the code would fail with
+ bizarre-looking errors.
+
+
+
+
+ Fix bugs in raising a numeric value to a large integral power
+ (Tom Lane)
+
+
+ The previous code could get a wrong answer, or consume excessive
+ amounts of time and memory before realizing that the answer must
+ overflow.
+
+
+
+
+ In numeric_recv(), truncate away any fractional digits
+ that would be hidden according to the value's dscale field
+ (Tom Lane)
+
+
+ A numeric value's display scale (dscale) should
+ never be less than the number of nonzero fractional digits; but
+ apparently there's at least one broken client application that
+ transmits binary numeric values in which that's true.
+ This leads to strange behavior since the extra digits are taken into
+ account by arithmetic operations even though they aren't printed.
+ The least risky fix seems to be to truncate away such hidden
+ digits on receipt, so that the value is indeed what it prints as.
+
+
+
+
+ Reject out-of-range numeric timezone specifications (Tom Lane)
+
+
+ Simple numeric timezone specifications exceeding +/- 168 hours (one
+ week) would be accepted, but could then cause null-pointer dereference
+ crashes in certain operations. There's no use-case for such large UTC
+ offsets, so reject them.
+
+
+
+
+ Fix bugs in tsquery @> tsquery
+ operator (Heikki Linnakangas)
+
+
+ Two different terms would be considered to match if they had the same
+ CRC. Also, if the second operand had more terms than the first, it
+ would be assumed not to be contained in the first; which is wrong
+ since it might contain duplicate terms.
+
+
+
+
+ Improve ispell dictionary's defenses against bad affix files (Tom Lane)
+
+
+
+
+ Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
+
+
+ The previous coding could crash on an oversize dictionary, so this was
+ deemed a back-patchable bug fix rather than a feature addition.
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+ Fix planner problems with nested append relations, such as inherited
+ tables within UNION ALL subqueries (Tom Lane)
+
+
+
+
+ Fail cleanly when a GiST index tuple doesn't fit on a page, rather
+ than going into infinite recursion (Andrew Gierth)
+
+
+
+
+ Exempt tables that have per-table cost_limit
+ and/or cost_delay settings from autovacuum's global cost
+ balancing rules (Álvaro Herrera)
+
+
+ The previous behavior resulted in basically ignoring these per-table
+ settings, which was unintended. Now, a table having such settings
+ will be vacuumed using those settings, independently of what is going
+ on in other autovacuum workers. This may result in heavier total I/O
+ load than before, so such settings should be re-examined for sanity.
+
+
+
+
+ Avoid wholesale autovacuuming when autovacuum is nominally off
+ (Tom Lane)
+
+
+ Even when autovacuum is nominally off, we will still launch autovacuum
+ worker processes to vacuum tables that are at risk of XID wraparound.
+ However, such a worker process then proceeded to vacuum all tables in
+ the target database, if they met the usual thresholds for
+ autovacuuming. This is at best pretty unexpected; at worst it delays
+ response to the wraparound threat. Fix it so that if autovacuum is
+ turned off, workers only do anti-wraparound vacuums and
+ not any other work.
+
+
+
+
+ Fix race condition between hot standby queries and replaying a
+ full-page image (Heikki Linnakangas)
+
+
+ This mistake could result in transient errors in queries being
+ executed in hot standby.
+
+
+
+
+ Fix several cases where recovery logic improperly ignored WAL records
+ for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+
+
+ The most notable oversight was
+ that recovery_min_apply_delay failed to delay application
+ of a two-phase commit.
+
+
+
+
+ Avoid creating unnecessary .ready marker files for
+ timeline history files (Fujii Masao)
+
+
+
+
+ Fix possible null pointer dereference when an empty prepared statement
+ is used and the log_statement setting is mod
+ or ddl (Fujii Masao)
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+ Fix SPARC spinlock implementation to ensure correctness if the CPU is
+ being run in a non-TSO coherency mode, as some non-Solaris kernels do
+ (Andres Freund)
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+ Fix processing of repeated dbname parameters
+ in PQconnectdbParams() (Alex Shulgin)
+
+
+ Unexpected behavior ensued if the first occurrence
+ of dbname contained a connection string or URI to be
+ expanded.
+
+
+
+
+ Ensure that
libpq reports a suitable error message on+ unexpected socket EOF (Marko Tiikkaja, Tom Lane)
+
+
+ Depending on kernel behavior,
libpq might return an+ empty error string rather than something useful when the server
+ unexpectedly closed the socket.
+
+
+
+
+ Clear any old error message during PQreset()
+ (Heikki Linnakangas)
+
+
+ If PQreset() is called repeatedly, and the connection
+ cannot be re-established, error messages from the failed connection
+ attempts kept accumulating in the PGconn's error
+ string.
+
+
+
+
+ Properly handle out-of-memory conditions while parsing connection
+ options in
libpq (Alex Shulgin, Heikki Linnakangas)+
+
+
+
+ Fix array overrun in
ecpg's version+ of ParseDateTime() (Michael Paquier)
+
+
+
+
+ In
initdb, give a clearer error message if a password+ file is specified but is empty (Mats Erik Andersson)
+
+
+
+
+ Fix
psql's \s command to work nicely with+ libedit, and add pager support (Stepan Rutz, Tom Lane)
+
+
+ When using libedit rather than readline, \s printed the
+ command history in a fairly unreadable encoded format, and on recent
+ libedit versions might fail altogether. Fix that by printing the
+ history ourselves rather than having the library do it. A pleasant
+ side-effect is that the pager is used if appropriate.
+
+
+ This patch also fixes a bug that caused newline encoding to be applied
+ inconsistently when saving the command history with libedit.
+ Multiline history entries written by older
psql+ versions will be read cleanly with this patch, but perhaps not
+ vice versa, depending on the exact libedit versions involved.
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+ Fix
psql's expanded-mode display to work+ consistently when using border = 3
+ and linestyle = ascii or unicode
+ (Stephen Frost)
+
+
+
+
+ Fix possible deadlock during parallel restore of a schema-only dump
+ (Robert Haas, Tom Lane)
+
+
+
+
+ Fix core dump in pg_dump --binary-upgrade on zero-column
+ composite type (Rushabh Lathia)
+
+
+
+
+ Fix block number checking
+ in contrib/pageinspect's get_raw_page()
+ (Tom Lane)
+
+
+ The incorrect checking logic could prevent access to some pages in
+ non-main relation forks.
+
+
+
+
+ Fix contrib/pgcrypto's pgp_sym_decrypt()
+ to not fail on messages whose length is 6 less than a power of 2
+ (Marko Tiikkaja)
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+ Avoid a possible crash in contrib/xml2's
+ xslt_process() (Mark Simonetti)
+
+
+
libxslt seems to have an undocumented dependency on+ the order in which resources are freed; reorder our calls to avoid a
+ crash.
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+ Detect incompatible OpenLDAP versions during build (Noah Misch)
+
+
+ With OpenLDAP versions 2.4.24 through 2.4.31,
+ inclusive,
PostgreSQL backends can crash at exit.+ Raise a warning during
configure based on the+ compile-time OpenLDAP version number, and test the crashing scenario
+ in the contrib/dblink regression test.
+
+
+
+
+ In non-MSVC Windows builds, ensure libpq.dll is installed
+ with execute permissions (Noah Misch)
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+ Support time zone abbreviations that change UTC offset from time to
+ time (Tom Lane)
+
+
+ Previously,
PostgreSQL assumed that the UTC offset+ associated with a time zone abbreviation (such as EST)
+ never changes in the usage of any particular locale. However this
+ assumption fails in the real world, so introduce the ability for a
+ zone abbreviation to represent a UTC offset that sometimes changes.
+ Update the zone abbreviation definition files to make use of this
+ feature in timezone locales that have changed the UTC offset of their
+ abbreviations since 1970 (according to the IANA timezone database).
+ In such timezones,
PostgreSQL will now associate the+ correct UTC offset with the abbreviation depending on the given date.
+
+
+
+
+ Update time zone abbreviations lists (Tom Lane)
+
+
+ Add CST (China Standard Time) to our lists.
+ Remove references to ADT as Arabia Daylight Time, an
+ abbreviation that's been out of use since 2007; therefore, claiming
+ there is a conflict with Atlantic Daylight Time doesn't seem
+ especially helpful.
+ Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
+ (Fiji); we didn't even have them on the proper side of the date line.
+
+
+
+
+ Update time zone data files to
tzdata release 2015a.+
+
+ The IANA timezone database has adopted abbreviations of the form
+ AxST/AxDT
+ for all Australian time zones, reflecting what they believe to be
+ current majority practice Down Under. These names do not conflict
+ with usage elsewhere (other than ACST for Acre Summer Time, which has
+ been in disuse since 1994). Accordingly, adopt these names into
+ our Default timezone abbreviation set.
+ The Australia abbreviation set now contains only CST, EAST,
+ EST, SAST, SAT, and WST, all of which are thought to be mostly
+ historical usage. Note that SAST has also been changed to be South
+ Africa Standard Time in the Default abbreviation set.
+
+
+ Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
+ (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
+ DST law changes in Chile, Mexico, the Turks & Caicos Islands
+ (America/Grand_Turk), and Fiji. There is a new zone
+ Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
+ corrections for historical (pre-1970) time zone data.
+
+
+
+
+
+
+
+
Release 9.0.18
+
+
Release 9.1.15
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.1.14.
+ For information about new features in the 9.1 major release, see
+ .
+
+
+
+
Migration to Version 9.1.15
+
+ A dump/restore is not required for those running 9.1.X.
+
+
+ However, if you are upgrading from a version earlier than 9.1.14,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+ Avoid possible data corruption if ALTER DATABASE SET
+ TABLESPACE is used to move a database to a new tablespace and then
+ shortly later move it back to its original tablespace (Tom Lane)
+
+
+
+
+ Avoid corrupting tables when ANALYZE inside a transaction
+ is rolled back (Andres Freund, Tom Lane, Michael Paquier)
+
+
+ If the failing transaction had earlier removed the last index, rule, or
+ trigger from the table, the table would be left in a corrupted state
+ with the relevant pg_class flags not set though they
+ should be.
+
+
+
+
+ Ensure that unlogged tables are copied correctly
+ during CREATE DATABASE or ALTER DATABASE SET
+ TABLESPACE (Pavan Deolasee, Andres Freund)
+
+
+
+
+ Fix DROP's dependency searching to correctly handle the
+ case where a table column is recursively visited before its table
+ (Petr Jelinek, Tom Lane)
+
+
+ This case is only known to arise when an extension creates both a
+ datatype and a table using that datatype. The faulty code might
+ refuse a DROP EXTENSION unless CASCADE is
+ specified, which should not be required.
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+ Fix planning of SELECT FOR UPDATE when using a partial
+ index on a child table (Kyotaro Horiguchi)
+
+
+ In READ COMMITTED mode, SELECT FOR UPDATE must
+ also recheck the partial index's WHERE condition when
+ rechecking a recently-updated row to see if it still satisfies the
+ query's WHERE condition. This requirement was missed if the
+ index belonged to an inheritance child table, so that it was possible
+ to incorrectly return rows that no longer satisfy the query condition.
+
+
+
+
+ Fix corner case wherein SELECT FOR UPDATE could return a row
+ twice, and possibly miss returning other rows (Tom Lane)
+
+
+ In READ COMMITTED mode, a SELECT FOR UPDATE
+ that is scanning an inheritance tree could incorrectly return a row
+ from a prior child table instead of the one it should return from a
+ later child table.
+
+
+
+
+ Reject duplicate column names in the referenced-columns list of
+ a FOREIGN KEY declaration (David Rowley)
+
+
+ This restriction is per SQL standard. Previously we did not reject
+ the case explicitly, but later on the code would fail with
+ bizarre-looking errors.
+
+
+
+
+ Fix bugs in raising a numeric value to a large integral power
+ (Tom Lane)
+
+
+ The previous code could get a wrong answer, or consume excessive
+ amounts of time and memory before realizing that the answer must
+ overflow.
+
+
+
+
+ In numeric_recv(), truncate away any fractional digits
+ that would be hidden according to the value's dscale field
+ (Tom Lane)
+
+
+ A numeric value's display scale (dscale) should
+ never be less than the number of nonzero fractional digits; but
+ apparently there's at least one broken client application that
+ transmits binary numeric values in which that's true.
+ This leads to strange behavior since the extra digits are taken into
+ account by arithmetic operations even though they aren't printed.
+ The least risky fix seems to be to truncate away such hidden
+ digits on receipt, so that the value is indeed what it prints as.
+
+
+
+
+ Reject out-of-range numeric timezone specifications (Tom Lane)
+
+
+ Simple numeric timezone specifications exceeding +/- 168 hours (one
+ week) would be accepted, but could then cause null-pointer dereference
+ crashes in certain operations. There's no use-case for such large UTC
+ offsets, so reject them.
+
+
+
+
+ Fix bugs in tsquery @> tsquery
+ operator (Heikki Linnakangas)
+
+
+ Two different terms would be considered to match if they had the same
+ CRC. Also, if the second operand had more terms than the first, it
+ would be assumed not to be contained in the first; which is wrong
+ since it might contain duplicate terms.
+
+
+
+
+ Improve ispell dictionary's defenses against bad affix files (Tom Lane)
+
+
+
+
+ Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
+
+
+ The previous coding could crash on an oversize dictionary, so this was
+ deemed a back-patchable bug fix rather than a feature addition.
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+ Fix planner problems with nested append relations, such as inherited
+ tables within UNION ALL subqueries (Tom Lane)
+
+
+
+
+ Fail cleanly when a GiST index tuple doesn't fit on a page, rather
+ than going into infinite recursion (Andrew Gierth)
+
+
+
+
+ Exempt tables that have per-table cost_limit
+ and/or cost_delay settings from autovacuum's global cost
+ balancing rules (Álvaro Herrera)
+
+
+ The previous behavior resulted in basically ignoring these per-table
+ settings, which was unintended. Now, a table having such settings
+ will be vacuumed using those settings, independently of what is going
+ on in other autovacuum workers. This may result in heavier total I/O
+ load than before, so such settings should be re-examined for sanity.
+
+
+
+
+ Avoid wholesale autovacuuming when autovacuum is nominally off
+ (Tom Lane)
+
+
+ Even when autovacuum is nominally off, we will still launch autovacuum
+ worker processes to vacuum tables that are at risk of XID wraparound.
+ However, such a worker process then proceeded to vacuum all tables in
+ the target database, if they met the usual thresholds for
+ autovacuuming. This is at best pretty unexpected; at worst it delays
+ response to the wraparound threat. Fix it so that if autovacuum is
+ turned off, workers only do anti-wraparound vacuums and
+ not any other work.
+
+
+
+
+ During crash recovery, ensure that unlogged relations are rewritten as
+ empty and are synced to disk before recovery is considered complete
+ (Abhijit Menon-Sen, Andres Freund)
+
+
+ This prevents scenarios in which unlogged relations might contain
+ garbage data following database crash recovery.
+
+
+
+
+ Fix race condition between hot standby queries and replaying a
+ full-page image (Heikki Linnakangas)
+
+
+ This mistake could result in transient errors in queries being
+ executed in hot standby.
+
+
+
+
+ Fix several cases where recovery logic improperly ignored WAL records
+ for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+
+
+ The most notable oversight was
+ that recovery_min_apply_delay failed to delay application
+ of a two-phase commit.
+
+
+
+
+ Avoid creating unnecessary .ready marker files for
+ timeline history files (Fujii Masao)
+
+
+
+
+ Fix possible null pointer dereference when an empty prepared statement
+ is used and the log_statement setting is mod
+ or ddl (Fujii Masao)
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+ Fix SPARC spinlock implementation to ensure correctness if the CPU is
+ being run in a non-TSO coherency mode, as some non-Solaris kernels do
+ (Andres Freund)
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+ Fix processing of repeated dbname parameters
+ in PQconnectdbParams() (Alex Shulgin)
+
+
+ Unexpected behavior ensued if the first occurrence
+ of dbname contained a connection string or URI to be
+ expanded.
+
+
+
+
+ Ensure that
libpq reports a suitable error message on+ unexpected socket EOF (Marko Tiikkaja, Tom Lane)
+
+
+ Depending on kernel behavior,
libpq might return an+ empty error string rather than something useful when the server
+ unexpectedly closed the socket.
+
+
+
+
+ Clear any old error message during PQreset()
+ (Heikki Linnakangas)
+
+
+ If PQreset() is called repeatedly, and the connection
+ cannot be re-established, error messages from the failed connection
+ attempts kept accumulating in the PGconn's error
+ string.
+
+
+
+
+ Properly handle out-of-memory conditions while parsing connection
+ options in
libpq (Alex Shulgin, Heikki Linnakangas)+
+
+
+
+ Fix array overrun in
ecpg's version+ of ParseDateTime() (Michael Paquier)
+
+
+
+
+ In
initdb, give a clearer error message if a password+ file is specified but is empty (Mats Erik Andersson)
+
+
+
+
+ Fix
psql's \s command to work nicely with+ libedit, and add pager support (Stepan Rutz, Tom Lane)
+
+
+ When using libedit rather than readline, \s printed the
+ command history in a fairly unreadable encoded format, and on recent
+ libedit versions might fail altogether. Fix that by printing the
+ history ourselves rather than having the library do it. A pleasant
+ side-effect is that the pager is used if appropriate.
+
+
+ This patch also fixes a bug that caused newline encoding to be applied
+ inconsistently when saving the command history with libedit.
+ Multiline history entries written by older
psql+ versions will be read cleanly with this patch, but perhaps not
+ vice versa, depending on the exact libedit versions involved.
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+ Fix
psql's expanded-mode display to work+ consistently when using border = 3
+ and linestyle = ascii or unicode
+ (Stephen Frost)
+
+
+
+
+ Improve performance of
pg_dump when the database+ contains many instances of multiple dependency paths between the same
+ two objects (Tom Lane)
+
+
+
+
+ Fix possible deadlock during parallel restore of a schema-only dump
+ (Robert Haas, Tom Lane)
+
+
+
+
+ Fix core dump in pg_dump --binary-upgrade on zero-column
+ composite type (Rushabh Lathia)
+
+
+
+
+ Prevent WAL files created by pg_basebackup -x/-X from
+ being archived again when the standby is promoted (Andres Freund)
+
+
+
+
+ Fix upgrade-from-unpackaged script for contrib/citext
+ (Tom Lane)
+
+
+
+
+ Fix block number checking
+ in contrib/pageinspect's get_raw_page()
+ (Tom Lane)
+
+
+ The incorrect checking logic could prevent access to some pages in
+ non-main relation forks.
+
+
+
+
+ Fix contrib/pgcrypto's pgp_sym_decrypt()
+ to not fail on messages whose length is 6 less than a power of 2
+ (Marko Tiikkaja)
+
+
+
+
+ Fix file descriptor leak in contrib/pg_test_fsync
+ (Jeff Janes)
+
+
+ This could cause failure to remove temporary files on Windows.
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+ Avoid a possible crash in contrib/xml2's
+ xslt_process() (Mark Simonetti)
+
+
+
libxslt seems to have an undocumented dependency on+ the order in which resources are freed; reorder our calls to avoid a
+ crash.
+
+
+
+
+ Mark some contrib I/O functions with correct volatility
+ properties (Tom Lane)
+
+
+ The previous over-conservative marking was immaterial in normal use,
+ but could cause optimization problems or rejection of valid index
+ expression definitions. Since the consequences are not large, we've
+ just adjusted the function definitions in the extension modules'
+ scripts, without changing version numbers.
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+ Detect incompatible OpenLDAP versions during build (Noah Misch)
+
+
+ With OpenLDAP versions 2.4.24 through 2.4.31,
+ inclusive,
PostgreSQL backends can crash at exit.+ Raise a warning during
configure based on the+ compile-time OpenLDAP version number, and test the crashing scenario
+ in the contrib/dblink regression test.
+
+
+
+
+ In non-MSVC Windows builds, ensure libpq.dll is installed
+ with execute permissions (Noah Misch)
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+ Support time zone abbreviations that change UTC offset from time to
+ time (Tom Lane)
+
+
+ Previously,
PostgreSQL assumed that the UTC offset+ associated with a time zone abbreviation (such as EST)
+ never changes in the usage of any particular locale. However this
+ assumption fails in the real world, so introduce the ability for a
+ zone abbreviation to represent a UTC offset that sometimes changes.
+ Update the zone abbreviation definition files to make use of this
+ feature in timezone locales that have changed the UTC offset of their
+ abbreviations since 1970 (according to the IANA timezone database).
+ In such timezones,
PostgreSQL will now associate the+ correct UTC offset with the abbreviation depending on the given date.
+
+
+
+
+ Update time zone abbreviations lists (Tom Lane)
+
+
+ Add CST (China Standard Time) to our lists.
+ Remove references to ADT as Arabia Daylight Time, an
+ abbreviation that's been out of use since 2007; therefore, claiming
+ there is a conflict with Atlantic Daylight Time doesn't seem
+ especially helpful.
+ Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
+ (Fiji); we didn't even have them on the proper side of the date line.
+
+
+
+
+ Update time zone data files to
tzdata release 2015a.+
+
+ The IANA timezone database has adopted abbreviations of the form
+ AxST/AxDT
+ for all Australian time zones, reflecting what they believe to be
+ current majority practice Down Under. These names do not conflict
+ with usage elsewhere (other than ACST for Acre Summer Time, which has
+ been in disuse since 1994). Accordingly, adopt these names into
+ our Default timezone abbreviation set.
+ The Australia abbreviation set now contains only CST, EAST,
+ EST, SAST, SAT, and WST, all of which are thought to be mostly
+ historical usage. Note that SAST has also been changed to be South
+ Africa Standard Time in the Default abbreviation set.
+
+
+ Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
+ (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
+ DST law changes in Chile, Mexico, the Turks & Caicos Islands
+ (America/Grand_Turk), and Fiji. There is a new zone
+ Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
+ corrections for historical (pre-1970) time zone data.
+
+
+
+
+
+
+
+
Release 9.1.14
- Add <link linkend="dummy-seclabel">dummy_seclabel>
+ Add <filename>dummy_seclabel>
contrib module (KaiGai Kohei)
+
+
Release 9.2.10
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.2.9.
+ For information about new features in the 9.2 major release, see
+ .
+
+
+
+
Migration to Version 9.2.10
+
+ A dump/restore is not required for those running 9.2.X.
+
+
+ However, if you are a Windows user and are using the Norwegian
+ (Bokmål) locale, manual action is needed after the upgrade to
+ replace any Norwegian (Bokmål)_Norway locale names stored
+ in
PostgreSQL system catalogs with the plain-ASCII+ alias Norwegian_Norway. For details see
+
+
+ Also, if you are upgrading from a version earlier than 9.2.9,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+ Cope with the Windows locale named Norwegian (Bokmål)
+ (Heikki Linnakangas)
+
+
+ Non-ASCII locale names are problematic since it's not clear what
+ encoding they should be represented in. Map the troublesome locale
+ name to a plain-ASCII alias, Norwegian_Norway.
+
+
+
+
+ Avoid possible data corruption if ALTER DATABASE SET
+ TABLESPACE is used to move a database to a new tablespace and then
+ shortly later move it back to its original tablespace (Tom Lane)
+
+
+
+
+ Avoid corrupting tables when ANALYZE inside a transaction
+ is rolled back (Andres Freund, Tom Lane, Michael Paquier)
+
+
+ If the failing transaction had earlier removed the last index, rule, or
+ trigger from the table, the table would be left in a corrupted state
+ with the relevant pg_class flags not set though they
+ should be.
+
+
+
+
+ Ensure that unlogged tables are copied correctly
+ during CREATE DATABASE or ALTER DATABASE SET
+ TABLESPACE (Pavan Deolasee, Andres Freund)
+
+
+
+
+ Fix DROP's dependency searching to correctly handle the
+ case where a table column is recursively visited before its table
+ (Petr Jelinek, Tom Lane)
+
+
+ This case is only known to arise when an extension creates both a
+ datatype and a table using that datatype. The faulty code might
+ refuse a DROP EXTENSION unless CASCADE is
+ specified, which should not be required.
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+ Fix planning of SELECT FOR UPDATE when using a partial
+ index on a child table (Kyotaro Horiguchi)
+
+
+ In READ COMMITTED mode, SELECT FOR UPDATE must
+ also recheck the partial index's WHERE condition when
+ rechecking a recently-updated row to see if it still satisfies the
+ query's WHERE condition. This requirement was missed if the
+ index belonged to an inheritance child table, so that it was possible
+ to incorrectly return rows that no longer satisfy the query condition.
+
+
+
+
+ Fix corner case wherein SELECT FOR UPDATE could return a row
+ twice, and possibly miss returning other rows (Tom Lane)
+
+
+ In READ COMMITTED mode, a SELECT FOR UPDATE
+ that is scanning an inheritance tree could incorrectly return a row
+ from a prior child table instead of the one it should return from a
+ later child table.
+
+
+
+
+ Reject duplicate column names in the referenced-columns list of
+ a FOREIGN KEY declaration (David Rowley)
+
+
+ This restriction is per SQL standard. Previously we did not reject
+ the case explicitly, but later on the code would fail with
+ bizarre-looking errors.
+
+
+
+
+ Restore previous behavior of conversion of domains to JSON
+ (Tom Lane)
+
+
+ This change causes domains over numeric and boolean to be treated
+ like their base types for purposes of conversion to JSON. It worked
+ like that before 9.3.5 and 9.2.9, but was unintentionally changed
+ while fixing a related problem.
+
+
+
+
+ Fix bugs in raising a numeric value to a large integral power
+ (Tom Lane)
+
+
+ The previous code could get a wrong answer, or consume excessive
+ amounts of time and memory before realizing that the answer must
+ overflow.
+
+
+
+
+ In numeric_recv(), truncate away any fractional digits
+ that would be hidden according to the value's dscale field
+ (Tom Lane)
+
+
+ A numeric value's display scale (dscale) should
+ never be less than the number of nonzero fractional digits; but
+ apparently there's at least one broken client application that
+ transmits binary numeric values in which that's true.
+ This leads to strange behavior since the extra digits are taken into
+ account by arithmetic operations even though they aren't printed.
+ The least risky fix seems to be to truncate away such hidden
+ digits on receipt, so that the value is indeed what it prints as.
+
+
+
+
+ Fix incorrect search for shortest-first regular expression matches
+ (Tom Lane)
+
+
+ Matching would often fail when the number of allowed iterations is
+ limited by a ? quantifier or a bound expression.
+
+
+
+
+ Reject out-of-range numeric timezone specifications (Tom Lane)
+
+
+ Simple numeric timezone specifications exceeding +/- 168 hours (one
+ week) would be accepted, but could then cause null-pointer dereference
+ crashes in certain operations. There's no use-case for such large UTC
+ offsets, so reject them.
+
+
+
+
+ Fix bugs in tsquery @> tsquery
+ operator (Heikki Linnakangas)
+
+
+ Two different terms would be considered to match if they had the same
+ CRC. Also, if the second operand had more terms than the first, it
+ would be assumed not to be contained in the first; which is wrong
+ since it might contain duplicate terms.
+
+
+
+
+ Improve ispell dictionary's defenses against bad affix files (Tom Lane)
+
+
+
+
+ Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
+
+
+ The previous coding could crash on an oversize dictionary, so this was
+ deemed a back-patchable bug fix rather than a feature addition.
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+ Ensure that whole-row variables expose nonempty column names
+ to functions that pay attention to column names within composite
+ arguments (Tom Lane)
+
+
+ In some contexts, constructs like row_to_json(tab.*) may
+ not produce the expected column names. This is fixed properly as of
+ 9.4; in older branches, just ensure that we produce some nonempty
+ name. (In some cases this will be the underlying table's column name
+ rather than the query-assigned alias that should theoretically be
+ visible.)
+
+
+
+
+ Fix mishandling of system columns,
+ particularly tableoid, in FDW queries (Etsuro Fujita)
+
+
+
+
+ Avoid doing indexed_column = ANY
+ (array) as an index qualifier if that leads
+ to an inferior plan (Andrew Gierth)
+
+
+ In some cases, = ANY conditions applied to non-first index
+ columns would be done as index conditions even though it would be
+ better to use them as simple filter conditions.
+
+
+
+
+ Fix planner problems with nested append relations, such as inherited
+ tables within UNION ALL subqueries (Tom Lane)
+
+
+
+
+ Fail cleanly when a GiST index tuple doesn't fit on a page, rather
+ than going into infinite recursion (Andrew Gierth)
+
+
+
+
+ Exempt tables that have per-table cost_limit
+ and/or cost_delay settings from autovacuum's global cost
+ balancing rules (Álvaro Herrera)
+
+
+ The previous behavior resulted in basically ignoring these per-table
+ settings, which was unintended. Now, a table having such settings
+ will be vacuumed using those settings, independently of what is going
+ on in other autovacuum workers. This may result in heavier total I/O
+ load than before, so such settings should be re-examined for sanity.
+
+
+
+
+ Avoid wholesale autovacuuming when autovacuum is nominally off
+ (Tom Lane)
+
+
+ Even when autovacuum is nominally off, we will still launch autovacuum
+ worker processes to vacuum tables that are at risk of XID wraparound.
+ However, such a worker process then proceeded to vacuum all tables in
+ the target database, if they met the usual thresholds for
+ autovacuuming. This is at best pretty unexpected; at worst it delays
+ response to the wraparound threat. Fix it so that if autovacuum is
+ turned off, workers only do anti-wraparound vacuums and
+ not any other work.
+
+
+
+
+ During crash recovery, ensure that unlogged relations are rewritten as
+ empty and are synced to disk before recovery is considered complete
+ (Abhijit Menon-Sen, Andres Freund)
+
+
+ This prevents scenarios in which unlogged relations might contain
+ garbage data following database crash recovery.
+
+
+
+
+ Fix race condition between hot standby queries and replaying a
+ full-page image (Heikki Linnakangas)
+
+
+ This mistake could result in transient errors in queries being
+ executed in hot standby.
+
+
+
+
+ Fix several cases where recovery logic improperly ignored WAL records
+ for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+
+
+ The most notable oversight was
+ that recovery_min_apply_delay failed to delay application
+ of a two-phase commit.
+
+
+
+
+ Prevent latest WAL file from being archived a second time at completion
+ of crash recovery (Fujii Masao)
+
+
+
+
+ Avoid creating unnecessary .ready marker files for
+ timeline history files (Fujii Masao)
+
+
+
+
+ Fix possible null pointer dereference when an empty prepared statement
+ is used and the log_statement setting is mod
+ or ddl (Fujii Masao)
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+ Fix SPARC spinlock implementation to ensure correctness if the CPU is
+ being run in a non-TSO coherency mode, as some non-Solaris kernels do
+ (Andres Freund)
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+ Fix processing of repeated dbname parameters
+ in PQconnectdbParams() (Alex Shulgin)
+
+
+ Unexpected behavior ensued if the first occurrence
+ of dbname contained a connection string or URI to be
+ expanded.
+
+
+
+
+ Ensure that
libpq reports a suitable error message on+ unexpected socket EOF (Marko Tiikkaja, Tom Lane)
+
+
+ Depending on kernel behavior,
libpq might return an+ empty error string rather than something useful when the server
+ unexpectedly closed the socket.
+
+
+
+
+ Clear any old error message during PQreset()
+ (Heikki Linnakangas)
+
+
+ If PQreset() is called repeatedly, and the connection
+ cannot be re-established, error messages from the failed connection
+ attempts kept accumulating in the PGconn's error
+ string.
+
+
+
+
+ Properly handle out-of-memory conditions while parsing connection
+ options in
libpq (Alex Shulgin, Heikki Linnakangas)+
+
+
+
+ Fix array overrun in
ecpg's version+ of ParseDateTime() (Michael Paquier)
+
+
+
+
+ In
initdb, give a clearer error message if a password+ file is specified but is empty (Mats Erik Andersson)
+
+
+
+
+ Fix
psql's \s command to work nicely with+ libedit, and add pager support (Stepan Rutz, Tom Lane)
+
+
+ When using libedit rather than readline, \s printed the
+ command history in a fairly unreadable encoded format, and on recent
+ libedit versions might fail altogether. Fix that by printing the
+ history ourselves rather than having the library do it. A pleasant
+ side-effect is that the pager is used if appropriate.
+
+
+ This patch also fixes a bug that caused newline encoding to be applied
+ inconsistently when saving the command history with libedit.
+ Multiline history entries written by older
psql+ versions will be read cleanly with this patch, but perhaps not
+ vice versa, depending on the exact libedit versions involved.
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+ Fix
psql's expanded-mode display to work+ consistently when using border = 3
+ and linestyle = ascii or unicode
+ (Stephen Frost)
+
+
+
+
+ Improve performance of
pg_dump when the database+ contains many instances of multiple dependency paths between the same
+ two objects (Tom Lane)
+
+
+
+
+ Fix
pg_dumpall to restore its ability to dump from+ pre-8.1 servers (Gilles Darold)
+
+
+
+
+ Fix possible deadlock during parallel restore of a schema-only dump
+ (Robert Haas, Tom Lane)
+
+
+
+
+ Fix core dump in pg_dump --binary-upgrade on zero-column
+ composite type (Rushabh Lathia)
+
+
+
+
+ Prevent WAL files created by pg_basebackup -x/-X from
+ being archived again when the standby is promoted (Andres Freund)
+
+
+
+
+ Fix failure of contrib/auto_explain to print per-node
+ timing information when doing EXPLAIN ANALYZE (Tom Lane)
+
+
+
+
+ Fix upgrade-from-unpackaged script for contrib/citext
+ (Tom Lane)
+
+
+
+
+ Fix block number checking
+ in contrib/pageinspect's get_raw_page()
+ (Tom Lane)
+
+
+ The incorrect checking logic could prevent access to some pages in
+ non-main relation forks.
+
+
+
+
+ Fix contrib/pgcrypto's pgp_sym_decrypt()
+ to not fail on messages whose length is 6 less than a power of 2
+ (Marko Tiikkaja)
+
+
+
+
+ Fix file descriptor leak in contrib/pg_test_fsync
+ (Jeff Janes)
+
+
+ This could cause failure to remove temporary files on Windows.
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+ Avoid a possible crash in contrib/xml2's
+ xslt_process() (Mark Simonetti)
+
+
+
libxslt seems to have an undocumented dependency on+ the order in which resources are freed; reorder our calls to avoid a
+ crash.
+
+
+
+
+ Mark some contrib I/O functions with correct volatility
+ properties (Tom Lane)
+
+
+ The previous over-conservative marking was immaterial in normal use,
+ but could cause optimization problems or rejection of valid index
+ expression definitions. Since the consequences are not large, we've
+ just adjusted the function definitions in the extension modules'
+ scripts, without changing version numbers.
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+ Detect incompatible OpenLDAP versions during build (Noah Misch)
+
+
+ With OpenLDAP versions 2.4.24 through 2.4.31,
+ inclusive,
PostgreSQL backends can crash at exit.+ Raise a warning during
configure based on the+ compile-time OpenLDAP version number, and test the crashing scenario
+ in the contrib/dblink regression test.
+
+
+
+
+ In non-MSVC Windows builds, ensure libpq.dll is installed
+ with execute permissions (Noah Misch)
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+ Support time zone abbreviations that change UTC offset from time to
+ time (Tom Lane)
+
+
+ Previously,
PostgreSQL assumed that the UTC offset+ associated with a time zone abbreviation (such as EST)
+ never changes in the usage of any particular locale. However this
+ assumption fails in the real world, so introduce the ability for a
+ zone abbreviation to represent a UTC offset that sometimes changes.
+ Update the zone abbreviation definition files to make use of this
+ feature in timezone locales that have changed the UTC offset of their
+ abbreviations since 1970 (according to the IANA timezone database).
+ In such timezones,
PostgreSQL will now associate the+ correct UTC offset with the abbreviation depending on the given date.
+
+
+
+
+ Update time zone abbreviations lists (Tom Lane)
+
+
+ Add CST (China Standard Time) to our lists.
+ Remove references to ADT as Arabia Daylight Time, an
+ abbreviation that's been out of use since 2007; therefore, claiming
+ there is a conflict with Atlantic Daylight Time doesn't seem
+ especially helpful.
+ Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
+ (Fiji); we didn't even have them on the proper side of the date line.
+
+
+
+
+ Update time zone data files to
tzdata release 2015a.+
+
+ The IANA timezone database has adopted abbreviations of the form
+ AxST/AxDT
+ for all Australian time zones, reflecting what they believe to be
+ current majority practice Down Under. These names do not conflict
+ with usage elsewhere (other than ACST for Acre Summer Time, which has
+ been in disuse since 1994). Accordingly, adopt these names into
+ our Default timezone abbreviation set.
+ The Australia abbreviation set now contains only CST, EAST,
+ EST, SAST, SAT, and WST, all of which are thought to be mostly
+ historical usage. Note that SAST has also been changed to be South
+ Africa Standard Time in the Default abbreviation set.
+
+
+ Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
+ (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
+ DST law changes in Chile, Mexico, the Turks & Caicos Islands
+ (America/Grand_Turk), and Fiji. There is a new zone
+ Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
+ corrections for historical (pre-1970) time zone data.
+
+
+
+
+
+
+
+
Release 9.2.9
+
+
Release 9.3.6
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.3.5.
+ For information about new features in the 9.3 major release, see
+ .
+
+
+
+
Migration to Version 9.3.6
+
+ A dump/restore is not required for those running 9.3.X.
+
+
+ However, if you are a Windows user and are using the Norwegian
+ (Bokmål) locale, manual action is needed after the upgrade to
+ replace any Norwegian (Bokmål)_Norway locale names stored
+ in
PostgreSQL system catalogs with the plain-ASCII+ alias Norwegian_Norway. For details see
+
+
+ Also, if you are upgrading from a version earlier than 9.3.5,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+
+
+ Cope with the Windows locale named Norwegian (Bokmål)
+ (Heikki Linnakangas)
+
+
+ Non-ASCII locale names are problematic since it's not clear what
+ encoding they should be represented in. Map the troublesome locale
+ name to a plain-ASCII alias, Norwegian_Norway.
+
+
+
+
+
+
+ Avoid possible data corruption if ALTER DATABASE SET
+ TABLESPACE is used to move a database to a new tablespace and then
+ shortly later move it back to its original tablespace (Tom Lane)
+
+
+
+
+
+
+ Avoid corrupting tables when ANALYZE inside a transaction
+ is rolled back (Andres Freund, Tom Lane, Michael Paquier)
+
+
+ If the failing transaction had earlier removed the last index, rule, or
+ trigger from the table, the table would be left in a corrupted state
+ with the relevant pg_class flags not set though they
+ should be.
+
+
+
+
+
+
+ Ensure that unlogged tables are copied correctly
+ during CREATE DATABASE or ALTER DATABASE SET
+ TABLESPACE (Pavan Deolasee, Andres Freund)
+
+
+
+
+
+
+ Fix incorrect processing
+ of CreateEventTrigStmt.eventname (Petr
+ Jelinek)
+
+
+ This could result in misbehavior if CREATE EVENT TRIGGER
+ were executed as a prepared query, or via extended query protocol.
+
+
+
+
+
+
+ Fix DROP's dependency searching to correctly handle the
+ case where a table column is recursively visited before its table
+ (Petr Jelinek, Tom Lane)
+
+
+ This case is only known to arise when an extension creates both a
+ datatype and a table using that datatype. The faulty code might
+ refuse a DROP EXTENSION unless CASCADE is
+ specified, which should not be required.
+
+
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+
+
+ Avoid possible deadlock while trying to acquire tuple locks
+ in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood)
+
+
+
+
+
+
+ Fix failure to wait when a transaction tries to acquire a FOR
+ NO KEY EXCLUSIVE tuple lock, while multiple other transactions
+ currently hold FOR SHARE locks (Álvaro Herrera)
+
+
+
+
+
+
+ Fix planning of SELECT FOR UPDATE when using a partial
+ index on a child table (Kyotaro Horiguchi)
+
+
+ In READ COMMITTED mode, SELECT FOR UPDATE must
+ also recheck the partial index's WHERE condition when
+ rechecking a recently-updated row to see if it still satisfies the
+ query's WHERE condition. This requirement was missed if the
+ index belonged to an inheritance child table, so that it was possible
+ to incorrectly return rows that no longer satisfy the query condition.
+
+
+
+
+
+
+ Fix corner case wherein SELECT FOR UPDATE could return a row
+ twice, and possibly miss returning other rows (Tom Lane)
+
+
+ In READ COMMITTED mode, a SELECT FOR UPDATE
+ that is scanning an inheritance tree could incorrectly return a row
+ from a prior child table instead of the one it should return from a
+ later child table.
+
+
+
+
+
+
+ Improve performance of EXPLAIN with large range tables
+ (Tom Lane)
+
+
+
+
+
+
+ Reject duplicate column names in the referenced-columns list of
+ a FOREIGN KEY declaration (David Rowley)
+
+
+ This restriction is per SQL standard. Previously we did not reject
+ the case explicitly, but later on the code would fail with
+ bizarre-looking errors.
+
+
+
+
+
+
+ Re-enable error for SELECT ... OFFSET -1 (Tom Lane)
+
+
+ A negative offset value has been an error since 8.4, but an
+ optimization added in 9.3 accidentally turned the case into a no-op.
+ Restore the expected behavior.
+
+
+
+
+
+
+ Restore previous behavior of conversion of domains to JSON
+ (Tom Lane)
+
+
+ This change causes domains over numeric and boolean to be treated
+ like their base types for purposes of conversion to JSON. It worked
+ like that before 9.3.5 and 9.2.9, but was unintentionally changed
+ while fixing a related problem.
+
+
+
+
+
+
+ Fix json_agg() to not return extra trailing right
+ brackets in its result (Tom Lane)
+
+
+
+
+
+
+ Fix bugs in raising a numeric value to a large integral power
+ (Tom Lane)
+
+
+ The previous code could get a wrong answer, or consume excessive
+ amounts of time and memory before realizing that the answer must
+ overflow.
+
+
+
+
+
+
+ In numeric_recv(), truncate away any fractional digits
+ that would be hidden according to the value's dscale field
+ (Tom Lane)
+
+
+ A numeric value's display scale (dscale) should
+ never be less than the number of nonzero fractional digits; but
+ apparently there's at least one broken client application that
+ transmits binary numeric values in which that's true.
+ This leads to strange behavior since the extra digits are taken into
+ account by arithmetic operations even though they aren't printed.
+ The least risky fix seems to be to truncate away such hidden
+ digits on receipt, so that the value is indeed what it prints as.
+
+
+
+
+
+
+ Fix incorrect search for shortest-first regular expression matches
+ (Tom Lane)
+
+
+ Matching would often fail when the number of allowed iterations is
+ limited by a ? quantifier or a bound expression.
+
+
+
+
+
+
+ Reject out-of-range numeric timezone specifications (Tom Lane)
+
+
+ Simple numeric timezone specifications exceeding +/- 168 hours (one
+ week) would be accepted, but could then cause null-pointer dereference
+ crashes in certain operations. There's no use-case for such large UTC
+ offsets, so reject them.
+
+
+
+
+
+
+ Fix bugs in tsquery @> tsquery
+ operator (Heikki Linnakangas)
+
+
+ Two different terms would be considered to match if they had the same
+ CRC. Also, if the second operand had more terms than the first, it
+ would be assumed not to be contained in the first; which is wrong
+ since it might contain duplicate terms.
+
+
+
+
+
+
+ Improve ispell dictionary's defenses against bad affix files (Tom Lane)
+
+
+
+
+
+
+ Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
+
+
+ The previous coding could crash on an oversize dictionary, so this was
+ deemed a back-patchable bug fix rather than a feature addition.
+
+
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+
+
+ Ensure that whole-row variables expose nonempty column names
+ to functions that pay attention to column names within composite
+ arguments (Tom Lane)
+
+
+ In some contexts, constructs like row_to_json(tab.*) may
+ not produce the expected column names. This is fixed properly as of
+ 9.4; in older branches, just ensure that we produce some nonempty
+ name. (In some cases this will be the underlying table's column name
+ rather than the query-assigned alias that should theoretically be
+ visible.)
+
+
+
+
+
+
+ Fix mishandling of system columns,
+ particularly tableoid, in FDW queries (Etsuro Fujita)
+
+
+
+
+
+
+ Fix assorted oversights in range-operator selectivity estimation
+ (Emre Hasegeli)
+
+
+ This patch fixes corner-case unexpected operator NNNN planner
+ errors, and improves the selectivity estimates for some other cases.
+
+
+
+
+
+
+ Avoid doing indexed_column = ANY
+ (array) as an index qualifier if that leads
+ to an inferior plan (Andrew Gierth)
+
+
+ In some cases, = ANY conditions applied to non-first index
+ columns would be done as index conditions even though it would be
+ better to use them as simple filter conditions.
+
+
+
+
+
+
+ Fix variable not found in subplan target list planner
+ failure when an inline-able SQL function taking a composite argument
+ is used in a LATERAL subselect and the composite argument
+ is a lateral reference (Tom Lane)
+
+
+
+
+
+
+ Fix planner problems with nested append relations, such as inherited
+ tables within UNION ALL subqueries (Tom Lane)
+
+
+
+
+
+
+ Fail cleanly when a GiST index tuple doesn't fit on a page, rather
+ than going into infinite recursion (Andrew Gierth)
+
+
+
+
+
+
+ Exempt tables that have per-table cost_limit
+ and/or cost_delay settings from autovacuum's global cost
+ balancing rules (Álvaro Herrera)
+
+
+ The previous behavior resulted in basically ignoring these per-table
+ settings, which was unintended. Now, a table having such settings
+ will be vacuumed using those settings, independently of what is going
+ on in other autovacuum workers. This may result in heavier total I/O
+ load than before, so such settings should be re-examined for sanity.
+
+
+
+
+
+
+ Avoid wholesale autovacuuming when autovacuum is nominally off
+ (Tom Lane)
+
+
+ Even when autovacuum is nominally off, we will still launch autovacuum
+ worker processes to vacuum tables that are at risk of XID wraparound.
+ However, such a worker process then proceeded to vacuum all tables in
+ the target database, if they met the usual thresholds for
+ autovacuuming. This is at best pretty unexpected; at worst it delays
+ response to the wraparound threat. Fix it so that if autovacuum is
+ turned off, workers only do anti-wraparound vacuums and
+ not any other work.
+
+
+
+
+
+
+ During crash recovery, ensure that unlogged relations are rewritten as
+ empty and are synced to disk before recovery is considered complete
+ (Abhijit Menon-Sen, Andres Freund)
+
+
+ This prevents scenarios in which unlogged relations might contain
+ garbage data following database crash recovery.
+
+
+
+
+
+
+ Fix race condition between hot standby queries and replaying a
+ full-page image (Heikki Linnakangas)
+
+
+ This mistake could result in transient errors in queries being
+ executed in hot standby.
+
+
+
+
+
+
+ Fix several cases where recovery logic improperly ignored WAL records
+ for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+
+
+ The most notable oversight was
+ that recovery_min_apply_delay failed to delay application
+ of a two-phase commit.
+
+
+
+
+
+
+ Prevent latest WAL file from being archived a second time at completion
+ of crash recovery (Fujii Masao)
+
+
+
+
+
+
+ Avoid creating unnecessary .ready marker files for
+ timeline history files (Fujii Masao)
+
+
+
+
+
+
+ Fix possible null pointer dereference when an empty prepared statement
+ is used and the log_statement setting is mod
+ or ddl (Fujii Masao)
+
+
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+
+
+ Fix possible corruption of postmaster's list of dynamic background
+ workers (Andres Freund)
+
+
+
+
+
+
+ Fix SPARC spinlock implementation to ensure correctness if the CPU is
+ being run in a non-TSO coherency mode, as some non-Solaris kernels do
+ (Andres Freund)
+
+
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+
+
+ Fix processing of repeated dbname parameters
+ in PQconnectdbParams() (Alex Shulgin)
+
+
+ Unexpected behavior ensued if the first occurrence
+ of dbname contained a connection string or URI to be
+ expanded.
+
+
+
+
+
+
+ Ensure that
libpq reports a suitable error message on+ unexpected socket EOF (Marko Tiikkaja, Tom Lane)
+
+
+ Depending on kernel behavior,
libpq might return an+ empty error string rather than something useful when the server
+ unexpectedly closed the socket.
+
+
+
+
+
+
+ Clear any old error message during PQreset()
+ (Heikki Linnakangas)
+
+
+ If PQreset() is called repeatedly, and the connection
+ cannot be re-established, error messages from the failed connection
+ attempts kept accumulating in the PGconn's error
+ string.
+
+
+
+
+
+
+ Properly handle out-of-memory conditions while parsing connection
+ options in
libpq (Alex Shulgin, Heikki Linnakangas)+
+
+
+
+
+
+ Fix array overrun in
ecpg's version+ of ParseDateTime() (Michael Paquier)
+
+
+
+
+
+
+ In
initdb, give a clearer error message if a password+ file is specified but is empty (Mats Erik Andersson)
+
+
+
+
+
+
+ Fix
psql's \s command to work nicely with+ libedit, and add pager support (Stepan Rutz, Tom Lane)
+
+
+ When using libedit rather than readline, \s printed the
+ command history in a fairly unreadable encoded format, and on recent
+ libedit versions might fail altogether. Fix that by printing the
+ history ourselves rather than having the library do it. A pleasant
+ side-effect is that the pager is used if appropriate.
+
+
+ This patch also fixes a bug that caused newline encoding to be applied
+ inconsistently when saving the command history with libedit.
+ Multiline history entries written by older
psql+ versions will be read cleanly with this patch, but perhaps not
+ vice versa, depending on the exact libedit versions involved.
+
+
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+
+
+ Make
psql's \watch command display+ nulls as specified by \pset null (Fujii Masao)
+
+
+
+
+
+
+ Fix
psql's expanded-mode display to work+ consistently when using border = 3
+ and linestyle = ascii or unicode
+ (Stephen Frost)
+
+
+
+
+
+
+ Fix
pg_dump to handle comments on event triggers+ without failing (Tom Lane)
+
+
+
+
+
+
+ Allow parallel
pg_dump to+ use
+
+
+
+
+
+
+ Improve performance of
pg_dump when the database+ contains many instances of multiple dependency paths between the same
+ two objects (Tom Lane)
+
+
+
+
+
+
+ Fix
pg_dumpall to restore its ability to dump from+ pre-8.1 servers (Gilles Darold)
+
+
+
+
+
+
+ Fix possible deadlock during parallel restore of a schema-only dump
+ (Robert Haas, Tom Lane)
+
+
+
+
+
+
+ Fix core dump in pg_dump --binary-upgrade on zero-column
+ composite type (Rushabh Lathia)
+
+
+
+
+
+
+ Fix failure to fsync tables in nondefault tablespaces
+ during
pg_upgrade (Abhijit Menon-Sen, Andres Freund)+
+
+ With an operating system crash and some bad luck, this could result in
+ data loss during an upgrade.
+
+
+
+
+
+
+ In
pg_upgrade, cope with cases where the new cluster+ creates a TOAST table for a table that didn't previously have one
+ (Bruce Momjian)
+
+
+ Previously this could result in failures due to OID conflicts.
+
+
+
+
+
+
+ In
pg_upgrade, don't try to+ set autovacuum_multixact_freeze_max_age for the old cluster
+ (Bruce Momjian)
+
+
+ This could result in failure because not all 9.3.X versions have that
+ parameter. Fortunately, we don't actually need to set it at all.
+
+
+
+
+
+
+ In
pg_upgrade, preserve the transaction ID epoch+ (Bruce Momjian)
+
+
+ This oversight did not bother
PostgreSQL proper,+ but could confuse some external replication tools.
+
+
+
+
+
+
+ Prevent WAL files created by pg_basebackup -x/-X from
+ being archived again when the standby is promoted (Andres Freund)
+
+
+
+
+
+
+ Fix memory leak in
pg_receivexlog (Fujii Masao)+
+
+
+
+
+
+ Fix unintended suppression of
pg_receivexlog verbose+ messages (Fujii Masao)
+
+
+
+
+
+
+ Fix failure of contrib/auto_explain to print per-node
+ timing information when doing EXPLAIN ANALYZE (Tom Lane)
+
+
+
+
+
+
+ Fix upgrade-from-unpackaged script for contrib/citext
+ (Tom Lane)
+
+
+
+
+
+
+ Avoid integer overflow and buffer overrun
+ in contrib/hstore's hstore_to_json()
+ (Heikki Linnakangas)
+
+
+
+
+
+
+ Fix recognition of numbers in hstore_to_json_loose(),
+ so that JSON numbers and strings are correctly distinguished
+ (Andrew Dunstan)
+
+
+
+
+
+
+ Fix block number checking
+ in contrib/pageinspect's get_raw_page()
+ (Tom Lane)
+
+
+ The incorrect checking logic could prevent access to some pages in
+ non-main relation forks.
+
+
+
+
+
+
+ Fix contrib/pgcrypto's pgp_sym_decrypt()
+ to not fail on messages whose length is 6 less than a power of 2
+ (Marko Tiikkaja)
+
+
+
+
+
+
+ Fix file descriptor leak in contrib/pg_test_fsync
+ (Jeff Janes)
+
+
+ This could cause failure to remove temporary files on Windows.
+
+
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+
+
+ Avoid a possible crash in contrib/xml2's
+ xslt_process() (Mark Simonetti)
+
+
+
libxslt seems to have an undocumented dependency on+ the order in which resources are freed; reorder our calls to avoid a
+ crash.
+
+
+
+
+
+
+ Mark some contrib I/O functions with correct volatility
+ properties (Tom Lane)
+
+
+ The previous over-conservative marking was immaterial in normal use,
+ but could cause optimization problems or rejection of valid index
+ expression definitions. Since the consequences are not large, we've
+ just adjusted the function definitions in the extension modules'
+ scripts, without changing version numbers.
+
+
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+
+
+ Fix setup of background workers in EXEC_BACKEND builds, eg Windows
+ (Robert Haas)
+
+
+
+
+
+
+ Detect incompatible OpenLDAP versions during build (Noah Misch)
+
+
+ With OpenLDAP versions 2.4.24 through 2.4.31,
+ inclusive,
PostgreSQL backends can crash at exit.+ Raise a warning during
configure based on the+ compile-time OpenLDAP version number, and test the crashing scenario
+ in the contrib/dblink regression test.
+
+
+
+
+
+
+ In non-MSVC Windows builds, ensure libpq.dll is installed
+ with execute permissions (Noah Misch)
+
+
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+
+
+ Support time zone abbreviations that change UTC offset from time to
+ time (Tom Lane)
+
+
+ Previously,
PostgreSQL assumed that the UTC offset+ associated with a time zone abbreviation (such as EST)
+ never changes in the usage of any particular locale. However this
+ assumption fails in the real world, so introduce the ability for a
+ zone abbreviation to represent a UTC offset that sometimes changes.
+ Update the zone abbreviation definition files to make use of this
+ feature in timezone locales that have changed the UTC offset of their
+ abbreviations since 1970 (according to the IANA timezone database).
+ In such timezones,
PostgreSQL will now associate the+ correct UTC offset with the abbreviation depending on the given date.
+
+
+
+
+
+
+ Update time zone abbreviations lists (Tom Lane)
+
+
+ Add CST (China Standard Time) to our lists.
+ Remove references to ADT as Arabia Daylight Time, an
+ abbreviation that's been out of use since 2007; therefore, claiming
+ there is a conflict with Atlantic Daylight Time doesn't seem
+ especially helpful.
+ Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
+ (Fiji); we didn't even have them on the proper side of the date line.
+
+
+
+
+
+
+ Update time zone data files to
tzdata release 2015a.+
+
+ The IANA timezone database has adopted abbreviations of the form
+ AxST/AxDT
+ for all Australian time zones, reflecting what they believe to be
+ current majority practice Down Under. These names do not conflict
+ with usage elsewhere (other than ACST for Acre Summer Time, which has
+ been in disuse since 1994). Accordingly, adopt these names into
+ our Default timezone abbreviation set.
+ The Australia abbreviation set now contains only CST, EAST,
+ EST, SAST, SAT, and WST, all of which are thought to be mostly
+ historical usage. Note that SAST has also been changed to be South
+ Africa Standard Time in the Default abbreviation set.
+
+
+ Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
+ (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
+ DST law changes in Chile, Mexico, the Turks & Caicos Islands
+ (America/Grand_Turk), and Fiji. There is a new zone
+ Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
+ corrections for historical (pre-1970) time zone data.
+
+
+
+
+
+
+
+
Release 9.3.5
+
+
Release 9.4.1
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.4.0.
+ For information about new features in the 9.4 major release, see
+ .
+
+
+
+
Migration to Version 9.4.1
+
+ A dump/restore is not required for those running 9.4.X.
+
+
+ However, if you are a Windows user and are using the Norwegian
+ (Bokmål) locale, manual action is needed after the upgrade to
+ replace any Norwegian (Bokmål)_Norway
+ or norwegian-bokmal locale names stored
+ in
PostgreSQL system catalogs with the plain-ASCII+ alias Norwegian_Norway. For details see
+
+
+
+
+
Changes
+
+
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+
+
+ Cope with the Windows locale named Norwegian (Bokmål)
+ (Heikki Linnakangas)
+
+
+ Non-ASCII locale names are problematic since it's not clear what
+ encoding they should be represented in. Map the troublesome locale
+ name to a plain-ASCII alias, Norwegian_Norway.
+
+
+ 9.4.0 mapped the troublesome name to norwegian-bokmal,
+ but that turns out not to work on all Windows configurations.
+ Norwegian_Norway is now recommended instead.
+
+
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+
+
+ Avoid possible deadlock while trying to acquire tuple locks
+ in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood)
+
+
+
+
+
+
+ Fix failure to wait when a transaction tries to acquire a FOR
+ NO KEY EXCLUSIVE tuple lock, while multiple other transactions
+ currently hold FOR SHARE locks (Álvaro Herrera)
+
+
+
+
+
+
+ Improve performance of EXPLAIN with large range tables
+ (Tom Lane)
+
+
+
+
+
+
+ Fix jsonb Unicode escape processing, and in consequence
+ disallow \u0000 (Tom Lane)
+
+
+ Previously, the JSON Unicode escape \u0000 was accepted
+ and was stored as those six characters; but that is indistinguishable
+ from what is stored for the input \\u0000, resulting in
+ ambiguity. Moreover, in cases where de-escaped textual output is
+ expected, such as the ->> operator, the sequence was
+ printed as \u0000, which does not meet the expectation
+ that JSON escaping would be removed. (Consistent behavior would
+ require emitting a zero byte, but
PostgreSQL does not+ support zero bytes embedded in text strings.) 9.4.0 included an
+ ill-advised attempt to improve this situation by adjusting JSON output
+ conversion rules; but of course that could not fix the fundamental
+ ambiguity, and it turned out to break other usages of Unicode escape
+ sequences. Revert that, and to avoid the core problem,
+ reject \u0000 in jsonb input.
+
+
+ If a jsonb column contains a \u0000 value stored
+ with 9.4.0, it will henceforth read out as though it
+ were \\u0000, which is the other valid interpretation of
+ the data stored by 9.4.0 for this case.
+
+
+ The json type did not have the storage-ambiguity problem, but
+ it did have the problem of inconsistent de-escaped textual output.
+ Therefore \u0000 will now also be rejected
+ in json values when conversion to de-escaped form is
+ required. This change does not break the ability to
+ store \u0000 in json columns so long as no
+ processing is done on the values. This is exactly parallel to the
+ cases in which non-ASCII Unicode escapes are allowed when the database
+ encoding is not UTF8.
+
+
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+
+
+ Fix assorted oversights in range-operator selectivity estimation
+ (Emre Hasegeli)
+
+
+ This patch fixes corner-case unexpected operator NNNN planner
+ errors, and improves the selectivity estimates for some other cases.
+
+
+
+
+
+
+ Revert unintended reduction in maximum size of a GIN index item
+ (Heikki Linnakangas)
+
+
+ 9.4.0 could fail with index row size exceeds maximum errors
+ for data that previous versions would accept.
+
+
+
+
+
+
+ Fix query-duration memory leak during repeated GIN index rescans
+ (Heikki Linnakangas)
+
+
+
+
+
+
+ Fix possible crash when using
+ nonzero gin_fuzzy_search_limit (Heikki Linnakangas)
+
+
+
+
+
+
+ Assorted fixes for logical decoding (Andres Freund)
+
+
+
+
+
+
+ Fix incorrect replay of WAL parameter change records that report
+ changes in the wal_log_hints setting (Petr Jalinek)
+
+
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+
+
+ Fix
libpq's behavior when /etc/passwd+ isn't readable (Tom Lane)
+
+
+ While doing
PQsetdbLogin(), libpq+ attempts to ascertain the user's operating system name, which on most
+ Unix platforms involves reading /etc/passwd. As of 9.4,
+ failure to do that was treated as a hard error. Restore the previous
+ behavior, which was to fail only if the application does not provide a
+ database role name to connect as. This supports operation in chroot
+ environments that lack an /etc/passwd file.
+
+
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+
+
+ Fix
pg_dump to handle comments on event triggers+ without failing (Tom Lane)
+
+
+
+
+
+
+ Allow parallel
pg_dump to+ use
+
+
+
+
+
+
+ Prevent WAL files created by pg_basebackup -x/-X from
+ being archived again when the standby is promoted (Andres Freund)
+
+
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+
+
+ Allow
CFLAGS from configure's environment+ to override automatically-supplied CFLAGS (Tom Lane)
+
+
+ Previously,
configure would add any switches that it+ chose of its own accord to the end of the
+ user-specified CFLAGS string. Since most compilers
+ process switches left-to-right, this meant that configure's choices
+ would override the user-specified flags in case of conflicts. That
+ should work the other way around, so adjust the logic to put the
+ user's string at the end not the beginning.
+
+
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+
+
+ Add CST (China Standard Time) to our lists of timezone abbreviations
+ (Tom Lane)
+
+
+
+
+
+
+ Update time zone data files to
tzdata release 2015a+ for DST law changes in Chile and Mexico, plus historical changes in
+ Iceland.
+
+
+
+
+
+
+
+
Release 9.4
projects / postgresql.git / commitdiff