+
+
Release 9.0.19
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.0.18.
+ For information about new features in the 9.0 major release, see
+ .
+
+
+
+
Migration to Version 9.0.19
+
+ A dump/restore is not required for those running 9.0.X.
+
+
+ However, if you are upgrading from a version earlier than 9.0.18,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+ Avoid possible data corruption if ALTER DATABASE SET
+ TABLESPACE is used to move a database to a new tablespace and then
+ shortly later move it back to its original tablespace (Tom Lane)
+
+
+
+
+ Avoid corrupting tables when ANALYZE inside a transaction
+ is rolled back (Andres Freund, Tom Lane, Michael Paquier)
+
+
+ If the failing transaction had earlier removed the last index, rule, or
+ trigger from the table, the table would be left in a corrupted state
+ with the relevant pg_class flags not set though they
+ should be.
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+ Fix planning of SELECT FOR UPDATE when using a partial
+ index on a child table (Kyotaro Horiguchi)
+
+
+ In READ COMMITTED mode, SELECT FOR UPDATE must
+ also recheck the partial index's WHERE condition when
+ rechecking a recently-updated row to see if it still satisfies the
+ query's WHERE condition. This requirement was missed if the
+ index belonged to an inheritance child table, so that it was possible
+ to incorrectly return rows that no longer satisfy the query condition.
+
+
+
+
+ Fix corner case wherein SELECT FOR UPDATE could return a row
+ twice, and possibly miss returning other rows (Tom Lane)
+
+
+ In READ COMMITTED mode, a SELECT FOR UPDATE
+ that is scanning an inheritance tree could incorrectly return a row
+ from a prior child table instead of the one it should return from a
+ later child table.
+
+
+
+
+ Reject duplicate column names in the referenced-columns list of
+ a FOREIGN KEY declaration (David Rowley)
+
+
+ This restriction is per SQL standard. Previously we did not reject
+ the case explicitly, but later on the code would fail with
+ bizarre-looking errors.
+
+
+
+
+ Fix bugs in raising a numeric value to a large integral power
+ (Tom Lane)
+
+
+ The previous code could get a wrong answer, or consume excessive
+ amounts of time and memory before realizing that the answer must
+ overflow.
+
+
+
+
+ In numeric_recv(), truncate away any fractional digits
+ that would be hidden according to the value's dscale field
+ (Tom Lane)
+
+
+ A numeric value's display scale (dscale) should
+ never be less than the number of nonzero fractional digits; but
+ apparently there's at least one broken client application that
+ transmits binary numeric values in which that's true.
+ This leads to strange behavior since the extra digits are taken into
+ account by arithmetic operations even though they aren't printed.
+ The least risky fix seems to be to truncate away such hidden
+ digits on receipt, so that the value is indeed what it prints as.
+
+
+
+
+ Reject out-of-range numeric timezone specifications (Tom Lane)
+
+
+ Simple numeric timezone specifications exceeding +/- 168 hours (one
+ week) would be accepted, but could then cause null-pointer dereference
+ crashes in certain operations. There's no use-case for such large UTC
+ offsets, so reject them.
+
+
+
+
+ Fix bugs in tsquery @> tsquery
+ operator (Heikki Linnakangas)
+
+
+ Two different terms would be considered to match if they had the same
+ CRC. Also, if the second operand had more terms than the first, it
+ would be assumed not to be contained in the first; which is wrong
+ since it might contain duplicate terms.
+
+
+
+
+ Improve ispell dictionary's defenses against bad affix files (Tom Lane)
+
+
+
+
+ Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
+
+
+ The previous coding could crash on an oversize dictionary, so this was
+ deemed a back-patchable bug fix rather than a feature addition.
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+ Fix planner problems with nested append relations, such as inherited
+ tables within UNION ALL subqueries (Tom Lane)
+
+
+
+
+ Fail cleanly when a GiST index tuple doesn't fit on a page, rather
+ than going into infinite recursion (Andrew Gierth)
+
+
+
+
+ Exempt tables that have per-table cost_limit
+ and/or cost_delay settings from autovacuum's global cost
+ balancing rules (Álvaro Herrera)
+
+
+ The previous behavior resulted in basically ignoring these per-table
+ settings, which was unintended. Now, a table having such settings
+ will be vacuumed using those settings, independently of what is going
+ on in other autovacuum workers. This may result in heavier total I/O
+ load than before, so such settings should be re-examined for sanity.
+
+
+
+
+ Avoid wholesale autovacuuming when autovacuum is nominally off
+ (Tom Lane)
+
+
+ Even when autovacuum is nominally off, we will still launch autovacuum
+ worker processes to vacuum tables that are at risk of XID wraparound.
+ However, such a worker process then proceeded to vacuum all tables in
+ the target database, if they met the usual thresholds for
+ autovacuuming. This is at best pretty unexpected; at worst it delays
+ response to the wraparound threat. Fix it so that if autovacuum is
+ turned off, workers only do anti-wraparound vacuums and
+ not any other work.
+
+
+
+
+ Fix race condition between hot standby queries and replaying a
+ full-page image (Heikki Linnakangas)
+
+
+ This mistake could result in transient errors in queries being
+ executed in hot standby.
+
+
+
+
+ Fix several cases where recovery logic improperly ignored WAL records
+ for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+
+
+ The most notable oversight was
+ that recovery_min_apply_delay failed to delay application
+ of a two-phase commit.
+
+
+
+
+ Avoid creating unnecessary .ready marker files for
+ timeline history files (Fujii Masao)
+
+
+
+
+ Fix possible null pointer dereference when an empty prepared statement
+ is used and the log_statement setting is mod
+ or ddl (Fujii Masao)
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+ Fix SPARC spinlock implementation to ensure correctness if the CPU is
+ being run in a non-TSO coherency mode, as some non-Solaris kernels do
+ (Andres Freund)
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+ Fix processing of repeated dbname parameters
+ in PQconnectdbParams() (Alex Shulgin)
+
+
+ Unexpected behavior ensued if the first occurrence
+ of dbname contained a connection string or URI to be
+ expanded.
+
+
+
+
+ Ensure that
libpq reports a suitable error message on+ unexpected socket EOF (Marko Tiikkaja, Tom Lane)
+
+
+ Depending on kernel behavior,
libpq might return an+ empty error string rather than something useful when the server
+ unexpectedly closed the socket.
+
+
+
+
+ Clear any old error message during PQreset()
+ (Heikki Linnakangas)
+
+
+ If PQreset() is called repeatedly, and the connection
+ cannot be re-established, error messages from the failed connection
+ attempts kept accumulating in the PGconn's error
+ string.
+
+
+
+
+ Properly handle out-of-memory conditions while parsing connection
+ options in
libpq (Alex Shulgin, Heikki Linnakangas)+
+
+
+
+ Fix array overrun in
ecpg's version+ of ParseDateTime() (Michael Paquier)
+
+
+
+
+ In
initdb, give a clearer error message if a password+ file is specified but is empty (Mats Erik Andersson)
+
+
+
+
+ Fix
psql's \s command to work nicely with+ libedit, and add pager support (Stepan Rutz, Tom Lane)
+
+
+ When using libedit rather than readline, \s printed the
+ command history in a fairly unreadable encoded format, and on recent
+ libedit versions might fail altogether. Fix that by printing the
+ history ourselves rather than having the library do it. A pleasant
+ side-effect is that the pager is used if appropriate.
+
+
+ This patch also fixes a bug that caused newline encoding to be applied
+ inconsistently when saving the command history with libedit.
+ Multiline history entries written by older
psql+ versions will be read cleanly with this patch, but perhaps not
+ vice versa, depending on the exact libedit versions involved.
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+ Fix
psql's expanded-mode display to work+ consistently when using border = 3
+ and linestyle = ascii or unicode
+ (Stephen Frost)
+
+
+
+
+ Fix possible deadlock during parallel restore of a schema-only dump
+ (Robert Haas, Tom Lane)
+
+
+
+
+ Fix core dump in pg_dump --binary-upgrade on zero-column
+ composite type (Rushabh Lathia)
+
+
+
+
+ Fix block number checking
+ in contrib/pageinspect's get_raw_page()
+ (Tom Lane)
+
+
+ The incorrect checking logic could prevent access to some pages in
+ non-main relation forks.
+
+
+
+
+ Fix contrib/pgcrypto's pgp_sym_decrypt()
+ to not fail on messages whose length is 6 less than a power of 2
+ (Marko Tiikkaja)
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+ Avoid a possible crash in contrib/xml2's
+ xslt_process() (Mark Simonetti)
+
+
+
libxslt seems to have an undocumented dependency on+ the order in which resources are freed; reorder our calls to avoid a
+ crash.
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+ Detect incompatible OpenLDAP versions during build (Noah Misch)
+
+
+ With OpenLDAP versions 2.4.24 through 2.4.31,
+ inclusive,
PostgreSQL backends can crash at exit.+ Raise a warning during
configure based on the+ compile-time OpenLDAP version number, and test the crashing scenario
+ in the contrib/dblink regression test.
+
+
+
+
+ In non-MSVC Windows builds, ensure libpq.dll is installed
+ with execute permissions (Noah Misch)
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+ Support time zone abbreviations that change UTC offset from time to
+ time (Tom Lane)
+
+
+ Previously,
PostgreSQL assumed that the UTC offset+ associated with a time zone abbreviation (such as EST)
+ never changes in the usage of any particular locale. However this
+ assumption fails in the real world, so introduce the ability for a
+ zone abbreviation to represent a UTC offset that sometimes changes.
+ Update the zone abbreviation definition files to make use of this
+ feature in timezone locales that have changed the UTC offset of their
+ abbreviations since 1970 (according to the IANA timezone database).
+ In such timezones,
PostgreSQL will now associate the+ correct UTC offset with the abbreviation depending on the given date.
+
+
+
+
+ Update time zone abbreviations lists (Tom Lane)
+
+
+ Add CST (China Standard Time) to our lists.
+ Remove references to ADT as Arabia Daylight Time, an
+ abbreviation that's been out of use since 2007; therefore, claiming
+ there is a conflict with Atlantic Daylight Time doesn't seem
+ especially helpful.
+ Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
+ (Fiji); we didn't even have them on the proper side of the date line.
+
+
+
+
+ Update time zone data files to
tzdata release 2015a.+
+
+ The IANA timezone database has adopted abbreviations of the form
+ AxST/AxDT
+ for all Australian time zones, reflecting what they believe to be
+ current majority practice Down Under. These names do not conflict
+ with usage elsewhere (other than ACST for Acre Summer Time, which has
+ been in disuse since 1994). Accordingly, adopt these names into
+ our Default timezone abbreviation set.
+ The Australia abbreviation set now contains only CST, EAST,
+ EST, SAST, SAT, and WST, all of which are thought to be mostly
+ historical usage. Note that SAST has also been changed to be South
+ Africa Standard Time in the Default abbreviation set.
+
+
+ Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
+ (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
+ DST law changes in Chile, Mexico, the Turks & Caicos Islands
+ (America/Grand_Turk), and Fiji. There is a new zone
+ Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
+ corrections for historical (pre-1970) time zone data.
+
+
+
+
+
+
+
+
Release 9.0.18
+
+
Release 9.1.15
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.1.14.
+ For information about new features in the 9.1 major release, see
+ .
+
+
+
+
Migration to Version 9.1.15
+
+ A dump/restore is not required for those running 9.1.X.
+
+
+ However, if you are upgrading from a version earlier than 9.1.14,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+ Avoid possible data corruption if ALTER DATABASE SET
+ TABLESPACE is used to move a database to a new tablespace and then
+ shortly later move it back to its original tablespace (Tom Lane)
+
+
+
+
+ Avoid corrupting tables when ANALYZE inside a transaction
+ is rolled back (Andres Freund, Tom Lane, Michael Paquier)
+
+
+ If the failing transaction had earlier removed the last index, rule, or
+ trigger from the table, the table would be left in a corrupted state
+ with the relevant pg_class flags not set though they
+ should be.
+
+
+
+
+ Ensure that unlogged tables are copied correctly
+ during CREATE DATABASE or ALTER DATABASE SET
+ TABLESPACE (Pavan Deolasee, Andres Freund)
+
+
+
+
+ Fix DROP's dependency searching to correctly handle the
+ case where a table column is recursively visited before its table
+ (Petr Jelinek, Tom Lane)
+
+
+ This case is only known to arise when an extension creates both a
+ datatype and a table using that datatype. The faulty code might
+ refuse a DROP EXTENSION unless CASCADE is
+ specified, which should not be required.
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+ Fix planning of SELECT FOR UPDATE when using a partial
+ index on a child table (Kyotaro Horiguchi)
+
+
+ In READ COMMITTED mode, SELECT FOR UPDATE must
+ also recheck the partial index's WHERE condition when
+ rechecking a recently-updated row to see if it still satisfies the
+ query's WHERE condition. This requirement was missed if the
+ index belonged to an inheritance child table, so that it was possible
+ to incorrectly return rows that no longer satisfy the query condition.
+
+
+
+
+ Fix corner case wherein SELECT FOR UPDATE could return a row
+ twice, and possibly miss returning other rows (Tom Lane)
+
+
+ In READ COMMITTED mode, a SELECT FOR UPDATE
+ that is scanning an inheritance tree could incorrectly return a row
+ from a prior child table instead of the one it should return from a
+ later child table.
+
+
+
+
+ Reject duplicate column names in the referenced-columns list of
+ a FOREIGN KEY declaration (David Rowley)
+
+
+ This restriction is per SQL standard. Previously we did not reject
+ the case explicitly, but later on the code would fail with
+ bizarre-looking errors.
+
+
+
+
+ Fix bugs in raising a numeric value to a large integral power
+ (Tom Lane)
+
+
+ The previous code could get a wrong answer, or consume excessive
+ amounts of time and memory before realizing that the answer must
+ overflow.
+
+
+
+
+ In numeric_recv(), truncate away any fractional digits
+ that would be hidden according to the value's dscale field
+ (Tom Lane)
+
+
+ A numeric value's display scale (dscale) should
+ never be less than the number of nonzero fractional digits; but
+ apparently there's at least one broken client application that
+ transmits binary numeric values in which that's true.
+ This leads to strange behavior since the extra digits are taken into
+ account by arithmetic operations even though they aren't printed.
+ The least risky fix seems to be to truncate away such hidden
+ digits on receipt, so that the value is indeed what it prints as.
+
+
+
+
+ Reject out-of-range numeric timezone specifications (Tom Lane)
+
+
+ Simple numeric timezone specifications exceeding +/- 168 hours (one
+ week) would be accepted, but could then cause null-pointer dereference
+ crashes in certain operations. There's no use-case for such large UTC
+ offsets, so reject them.
+
+
+
+
+ Fix bugs in tsquery @> tsquery
+ operator (Heikki Linnakangas)
+
+
+ Two different terms would be considered to match if they had the same
+ CRC. Also, if the second operand had more terms than the first, it
+ would be assumed not to be contained in the first; which is wrong
+ since it might contain duplicate terms.
+
+
+
+
+ Improve ispell dictionary's defenses against bad affix files (Tom Lane)
+
+
+
+
+ Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
+
+
+ The previous coding could crash on an oversize dictionary, so this was
+ deemed a back-patchable bug fix rather than a feature addition.
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+ Fix planner problems with nested append relations, such as inherited
+ tables within UNION ALL subqueries (Tom Lane)
+
+
+
+
+ Fail cleanly when a GiST index tuple doesn't fit on a page, rather
+ than going into infinite recursion (Andrew Gierth)
+
+
+
+
+ Exempt tables that have per-table cost_limit
+ and/or cost_delay settings from autovacuum's global cost
+ balancing rules (Álvaro Herrera)
+
+
+ The previous behavior resulted in basically ignoring these per-table
+ settings, which was unintended. Now, a table having such settings
+ will be vacuumed using those settings, independently of what is going
+ on in other autovacuum workers. This may result in heavier total I/O
+ load than before, so such settings should be re-examined for sanity.
+
+
+
+
+ Avoid wholesale autovacuuming when autovacuum is nominally off
+ (Tom Lane)
+
+
+ Even when autovacuum is nominally off, we will still launch autovacuum
+ worker processes to vacuum tables that are at risk of XID wraparound.
+ However, such a worker process then proceeded to vacuum all tables in
+ the target database, if they met the usual thresholds for
+ autovacuuming. This is at best pretty unexpected; at worst it delays
+ response to the wraparound threat. Fix it so that if autovacuum is
+ turned off, workers only do anti-wraparound vacuums and
+ not any other work.
+
+
+
+
+ During crash recovery, ensure that unlogged relations are rewritten as
+ empty and are synced to disk before recovery is considered complete
+ (Abhijit Menon-Sen, Andres Freund)
+
+
+ This prevents scenarios in which unlogged relations might contain
+ garbage data following database crash recovery.
+
+
+
+
+ Fix race condition between hot standby queries and replaying a
+ full-page image (Heikki Linnakangas)
+
+
+ This mistake could result in transient errors in queries being
+ executed in hot standby.
+
+
+
+
+ Fix several cases where recovery logic improperly ignored WAL records
+ for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+
+
+ The most notable oversight was
+ that recovery_min_apply_delay failed to delay application
+ of a two-phase commit.
+
+
+
+
+ Avoid creating unnecessary .ready marker files for
+ timeline history files (Fujii Masao)
+
+
+
+
+ Fix possible null pointer dereference when an empty prepared statement
+ is used and the log_statement setting is mod
+ or ddl (Fujii Masao)
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+ Fix SPARC spinlock implementation to ensure correctness if the CPU is
+ being run in a non-TSO coherency mode, as some non-Solaris kernels do
+ (Andres Freund)
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+ Fix processing of repeated dbname parameters
+ in PQconnectdbParams() (Alex Shulgin)
+
+
+ Unexpected behavior ensued if the first occurrence
+ of dbname contained a connection string or URI to be
+ expanded.
+
+
+
+
+ Ensure that
libpq reports a suitable error message on+ unexpected socket EOF (Marko Tiikkaja, Tom Lane)
+
+
+ Depending on kernel behavior,
libpq might return an+ empty error string rather than something useful when the server
+ unexpectedly closed the socket.
+
+
+
+
+ Clear any old error message during PQreset()
+ (Heikki Linnakangas)
+
+
+ If PQreset() is called repeatedly, and the connection
+ cannot be re-established, error messages from the failed connection
+ attempts kept accumulating in the PGconn's error
+ string.
+
+
+
+
+ Properly handle out-of-memory conditions while parsing connection
+ options in
libpq (Alex Shulgin, Heikki Linnakangas)+
+
+
+
+ Fix array overrun in
ecpg's version+ of ParseDateTime() (Michael Paquier)
+
+
+
+
+ In
initdb, give a clearer error message if a password+ file is specified but is empty (Mats Erik Andersson)
+
+
+
+
+ Fix
psql's \s command to work nicely with+ libedit, and add pager support (Stepan Rutz, Tom Lane)
+
+
+ When using libedit rather than readline, \s printed the
+ command history in a fairly unreadable encoded format, and on recent
+ libedit versions might fail altogether. Fix that by printing the
+ history ourselves rather than having the library do it. A pleasant
+ side-effect is that the pager is used if appropriate.
+
+
+ This patch also fixes a bug that caused newline encoding to be applied
+ inconsistently when saving the command history with libedit.
+ Multiline history entries written by older
psql+ versions will be read cleanly with this patch, but perhaps not
+ vice versa, depending on the exact libedit versions involved.
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+ Fix
psql's expanded-mode display to work+ consistently when using border = 3
+ and linestyle = ascii or unicode
+ (Stephen Frost)
+
+
+
+
+ Improve performance of
pg_dump when the database+ contains many instances of multiple dependency paths between the same
+ two objects (Tom Lane)
+
+
+
+
+ Fix possible deadlock during parallel restore of a schema-only dump
+ (Robert Haas, Tom Lane)
+
+
+
+
+ Fix core dump in pg_dump --binary-upgrade on zero-column
+ composite type (Rushabh Lathia)
+
+
+
+
+ Prevent WAL files created by pg_basebackup -x/-X from
+ being archived again when the standby is promoted (Andres Freund)
+
+
+
+
+ Fix upgrade-from-unpackaged script for contrib/citext
+ (Tom Lane)
+
+
+
+
+ Fix block number checking
+ in contrib/pageinspect's get_raw_page()
+ (Tom Lane)
+
+
+ The incorrect checking logic could prevent access to some pages in
+ non-main relation forks.
+
+
+
+
+ Fix contrib/pgcrypto's pgp_sym_decrypt()
+ to not fail on messages whose length is 6 less than a power of 2
+ (Marko Tiikkaja)
+
+
+
+
+ Fix file descriptor leak in contrib/pg_test_fsync
+ (Jeff Janes)
+
+
+ This could cause failure to remove temporary files on Windows.
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+ Avoid a possible crash in contrib/xml2's
+ xslt_process() (Mark Simonetti)
+
+
+
libxslt seems to have an undocumented dependency on+ the order in which resources are freed; reorder our calls to avoid a
+ crash.
+
+
+
+
+ Mark some contrib I/O functions with correct volatility
+ properties (Tom Lane)
+
+
+ The previous over-conservative marking was immaterial in normal use,
+ but could cause optimization problems or rejection of valid index
+ expression definitions. Since the consequences are not large, we've
+ just adjusted the function definitions in the extension modules'
+ scripts, without changing version numbers.
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+ Detect incompatible OpenLDAP versions during build (Noah Misch)
+
+
+ With OpenLDAP versions 2.4.24 through 2.4.31,
+ inclusive,
PostgreSQL backends can crash at exit.+ Raise a warning during
configure based on the+ compile-time OpenLDAP version number, and test the crashing scenario
+ in the contrib/dblink regression test.
+
+
+
+
+ In non-MSVC Windows builds, ensure libpq.dll is installed
+ with execute permissions (Noah Misch)
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+ Support time zone abbreviations that change UTC offset from time to
+ time (Tom Lane)
+
+
+ Previously,
PostgreSQL assumed that the UTC offset+ associated with a time zone abbreviation (such as EST)
+ never changes in the usage of any particular locale. However this
+ assumption fails in the real world, so introduce the ability for a
+ zone abbreviation to represent a UTC offset that sometimes changes.
+ Update the zone abbreviation definition files to make use of this
+ feature in timezone locales that have changed the UTC offset of their
+ abbreviations since 1970 (according to the IANA timezone database).
+ In such timezones,
PostgreSQL will now associate the+ correct UTC offset with the abbreviation depending on the given date.
+
+
+
+
+ Update time zone abbreviations lists (Tom Lane)
+
+
+ Add CST (China Standard Time) to our lists.
+ Remove references to ADT as Arabia Daylight Time, an
+ abbreviation that's been out of use since 2007; therefore, claiming
+ there is a conflict with Atlantic Daylight Time doesn't seem
+ especially helpful.
+ Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
+ (Fiji); we didn't even have them on the proper side of the date line.
+
+
+
+
+ Update time zone data files to
tzdata release 2015a.+
+
+ The IANA timezone database has adopted abbreviations of the form
+ AxST/AxDT
+ for all Australian time zones, reflecting what they believe to be
+ current majority practice Down Under. These names do not conflict
+ with usage elsewhere (other than ACST for Acre Summer Time, which has
+ been in disuse since 1994). Accordingly, adopt these names into
+ our Default timezone abbreviation set.
+ The Australia abbreviation set now contains only CST, EAST,
+ EST, SAST, SAT, and WST, all of which are thought to be mostly
+ historical usage. Note that SAST has also been changed to be South
+ Africa Standard Time in the Default abbreviation set.
+
+
+ Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
+ (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
+ DST law changes in Chile, Mexico, the Turks & Caicos Islands
+ (America/Grand_Turk), and Fiji. There is a new zone
+ Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
+ corrections for historical (pre-1970) time zone data.
+
+
+
+
+
+
+
+
Release 9.1.14
+
+
Release 9.2.10
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.2.9.
+ For information about new features in the 9.2 major release, see
+ .
+
+
+
+
Migration to Version 9.2.10
+
+ A dump/restore is not required for those running 9.2.X.
+
+
+ However, if you are a Windows user and are using the Norwegian
+ (Bokmål) locale, manual action is needed after the upgrade to
+ replace any Norwegian (Bokmål)_Norway locale names stored
+ in
PostgreSQL system catalogs with the plain-ASCII+ alias Norwegian_Norway. For details see
+
+
+ Also, if you are upgrading from a version earlier than 9.2.9,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+ Cope with the Windows locale named Norwegian (Bokmål)
+ (Heikki Linnakangas)
+
+
+ Non-ASCII locale names are problematic since it's not clear what
+ encoding they should be represented in. Map the troublesome locale
+ name to a plain-ASCII alias, Norwegian_Norway.
+
+
+
+
+ Avoid possible data corruption if ALTER DATABASE SET
+ TABLESPACE is used to move a database to a new tablespace and then
+ shortly later move it back to its original tablespace (Tom Lane)
+
+
+
+
+ Avoid corrupting tables when ANALYZE inside a transaction
+ is rolled back (Andres Freund, Tom Lane, Michael Paquier)
+
+
+ If the failing transaction had earlier removed the last index, rule, or
+ trigger from the table, the table would be left in a corrupted state
+ with the relevant pg_class flags not set though they
+ should be.
+
+
+
+
+ Ensure that unlogged tables are copied correctly
+ during CREATE DATABASE or ALTER DATABASE SET
+ TABLESPACE (Pavan Deolasee, Andres Freund)
+
+
+
+
+ Fix DROP's dependency searching to correctly handle the
+ case where a table column is recursively visited before its table
+ (Petr Jelinek, Tom Lane)
+
+
+ This case is only known to arise when an extension creates both a
+ datatype and a table using that datatype. The faulty code might
+ refuse a DROP EXTENSION unless CASCADE is
+ specified, which should not be required.
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+ Fix planning of SELECT FOR UPDATE when using a partial
+ index on a child table (Kyotaro Horiguchi)
+
+
+ In READ COMMITTED mode, SELECT FOR UPDATE must
+ also recheck the partial index's WHERE condition when
+ rechecking a recently-updated row to see if it still satisfies the
+ query's WHERE condition. This requirement was missed if the
+ index belonged to an inheritance child table, so that it was possible
+ to incorrectly return rows that no longer satisfy the query condition.
+
+
+
+
+ Fix corner case wherein SELECT FOR UPDATE could return a row
+ twice, and possibly miss returning other rows (Tom Lane)
+
+
+ In READ COMMITTED mode, a SELECT FOR UPDATE
+ that is scanning an inheritance tree could incorrectly return a row
+ from a prior child table instead of the one it should return from a
+ later child table.
+
+
+
+
+ Reject duplicate column names in the referenced-columns list of
+ a FOREIGN KEY declaration (David Rowley)
+
+
+ This restriction is per SQL standard. Previously we did not reject
+ the case explicitly, but later on the code would fail with
+ bizarre-looking errors.
+
+
+
+
+ Restore previous behavior of conversion of domains to JSON
+ (Tom Lane)
+
+
+ This change causes domains over numeric and boolean to be treated
+ like their base types for purposes of conversion to JSON. It worked
+ like that before 9.3.5 and 9.2.9, but was unintentionally changed
+ while fixing a related problem.
+
+
+
+
+ Fix bugs in raising a numeric value to a large integral power
+ (Tom Lane)
+
+
+ The previous code could get a wrong answer, or consume excessive
+ amounts of time and memory before realizing that the answer must
+ overflow.
+
+
+
+
+ In numeric_recv(), truncate away any fractional digits
+ that would be hidden according to the value's dscale field
+ (Tom Lane)
+
+
+ A numeric value's display scale (dscale) should
+ never be less than the number of nonzero fractional digits; but
+ apparently there's at least one broken client application that
+ transmits binary numeric values in which that's true.
+ This leads to strange behavior since the extra digits are taken into
+ account by arithmetic operations even though they aren't printed.
+ The least risky fix seems to be to truncate away such hidden
+ digits on receipt, so that the value is indeed what it prints as.
+
+
+
+
+ Fix incorrect search for shortest-first regular expression matches
+ (Tom Lane)
+
+
+ Matching would often fail when the number of allowed iterations is
+ limited by a ? quantifier or a bound expression.
+
+
+
+
+ Reject out-of-range numeric timezone specifications (Tom Lane)
+
+
+ Simple numeric timezone specifications exceeding +/- 168 hours (one
+ week) would be accepted, but could then cause null-pointer dereference
+ crashes in certain operations. There's no use-case for such large UTC
+ offsets, so reject them.
+
+
+
+
+ Fix bugs in tsquery @> tsquery
+ operator (Heikki Linnakangas)
+
+
+ Two different terms would be considered to match if they had the same
+ CRC. Also, if the second operand had more terms than the first, it
+ would be assumed not to be contained in the first; which is wrong
+ since it might contain duplicate terms.
+
+
+
+
+ Improve ispell dictionary's defenses against bad affix files (Tom Lane)
+
+
+
+
+ Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
+
+
+ The previous coding could crash on an oversize dictionary, so this was
+ deemed a back-patchable bug fix rather than a feature addition.
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+ Ensure that whole-row variables expose nonempty column names
+ to functions that pay attention to column names within composite
+ arguments (Tom Lane)
+
+
+ In some contexts, constructs like row_to_json(tab.*) may
+ not produce the expected column names. This is fixed properly as of
+ 9.4; in older branches, just ensure that we produce some nonempty
+ name. (In some cases this will be the underlying table's column name
+ rather than the query-assigned alias that should theoretically be
+ visible.)
+
+
+
+
+ Fix mishandling of system columns,
+ particularly tableoid, in FDW queries (Etsuro Fujita)
+
+
+
+
+ Avoid doing indexed_column = ANY
+ (array) as an index qualifier if that leads
+ to an inferior plan (Andrew Gierth)
+
+
+ In some cases, = ANY conditions applied to non-first index
+ columns would be done as index conditions even though it would be
+ better to use them as simple filter conditions.
+
+
+
+
+ Fix planner problems with nested append relations, such as inherited
+ tables within UNION ALL subqueries (Tom Lane)
+
+
+
+
+ Fail cleanly when a GiST index tuple doesn't fit on a page, rather
+ than going into infinite recursion (Andrew Gierth)
+
+
+
+
+ Exempt tables that have per-table cost_limit
+ and/or cost_delay settings from autovacuum's global cost
+ balancing rules (Álvaro Herrera)
+
+
+ The previous behavior resulted in basically ignoring these per-table
+ settings, which was unintended. Now, a table having such settings
+ will be vacuumed using those settings, independently of what is going
+ on in other autovacuum workers. This may result in heavier total I/O
+ load than before, so such settings should be re-examined for sanity.
+
+
+
+
+ Avoid wholesale autovacuuming when autovacuum is nominally off
+ (Tom Lane)
+
+
+ Even when autovacuum is nominally off, we will still launch autovacuum
+ worker processes to vacuum tables that are at risk of XID wraparound.
+ However, such a worker process then proceeded to vacuum all tables in
+ the target database, if they met the usual thresholds for
+ autovacuuming. This is at best pretty unexpected; at worst it delays
+ response to the wraparound threat. Fix it so that if autovacuum is
+ turned off, workers only do anti-wraparound vacuums and
+ not any other work.
+
+
+
+
+ During crash recovery, ensure that unlogged relations are rewritten as
+ empty and are synced to disk before recovery is considered complete
+ (Abhijit Menon-Sen, Andres Freund)
+
+
+ This prevents scenarios in which unlogged relations might contain
+ garbage data following database crash recovery.
+
+
+
+
+ Fix race condition between hot standby queries and replaying a
+ full-page image (Heikki Linnakangas)
+
+
+ This mistake could result in transient errors in queries being
+ executed in hot standby.
+
+
+
+
+ Fix several cases where recovery logic improperly ignored WAL records
+ for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+
+
+ The most notable oversight was
+ that recovery_min_apply_delay failed to delay application
+ of a two-phase commit.
+
+
+
+
+ Prevent latest WAL file from being archived a second time at completion
+ of crash recovery (Fujii Masao)
+
+
+
+
+ Avoid creating unnecessary .ready marker files for
+ timeline history files (Fujii Masao)
+
+
+
+
+ Fix possible null pointer dereference when an empty prepared statement
+ is used and the log_statement setting is mod
+ or ddl (Fujii Masao)
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+ Fix SPARC spinlock implementation to ensure correctness if the CPU is
+ being run in a non-TSO coherency mode, as some non-Solaris kernels do
+ (Andres Freund)
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+ Fix processing of repeated dbname parameters
+ in PQconnectdbParams() (Alex Shulgin)
+
+
+ Unexpected behavior ensued if the first occurrence
+ of dbname contained a connection string or URI to be
+ expanded.
+
+
+
+
+ Ensure that
libpq reports a suitable error message on+ unexpected socket EOF (Marko Tiikkaja, Tom Lane)
+
+
+ Depending on kernel behavior,
libpq might return an+ empty error string rather than something useful when the server
+ unexpectedly closed the socket.
+
+
+
+
+ Clear any old error message during PQreset()
+ (Heikki Linnakangas)
+
+
+ If PQreset() is called repeatedly, and the connection
+ cannot be re-established, error messages from the failed connection
+ attempts kept accumulating in the PGconn's error
+ string.
+
+
+
+
+ Properly handle out-of-memory conditions while parsing connection
+ options in
libpq (Alex Shulgin, Heikki Linnakangas)+
+
+
+
+ Fix array overrun in
ecpg's version+ of ParseDateTime() (Michael Paquier)
+
+
+
+
+ In
initdb, give a clearer error message if a password+ file is specified but is empty (Mats Erik Andersson)
+
+
+
+
+ Fix
psql's \s command to work nicely with+ libedit, and add pager support (Stepan Rutz, Tom Lane)
+
+
+ When using libedit rather than readline, \s printed the
+ command history in a fairly unreadable encoded format, and on recent
+ libedit versions might fail altogether. Fix that by printing the
+ history ourselves rather than having the library do it. A pleasant
+ side-effect is that the pager is used if appropriate.
+
+
+ This patch also fixes a bug that caused newline encoding to be applied
+ inconsistently when saving the command history with libedit.
+ Multiline history entries written by older
psql+ versions will be read cleanly with this patch, but perhaps not
+ vice versa, depending on the exact libedit versions involved.
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+ Fix
psql's expanded-mode display to work+ consistently when using border = 3
+ and linestyle = ascii or unicode
+ (Stephen Frost)
+
+
+
+
+ Improve performance of
pg_dump when the database+ contains many instances of multiple dependency paths between the same
+ two objects (Tom Lane)
+
+
+
+
+ Fix
pg_dumpall to restore its ability to dump from+ pre-8.1 servers (Gilles Darold)
+
+
+
+
+ Fix possible deadlock during parallel restore of a schema-only dump
+ (Robert Haas, Tom Lane)
+
+
+
+
+ Fix core dump in pg_dump --binary-upgrade on zero-column
+ composite type (Rushabh Lathia)
+
+
+
+
+ Prevent WAL files created by pg_basebackup -x/-X from
+ being archived again when the standby is promoted (Andres Freund)
+
+
+
+
+ Fix failure of contrib/auto_explain to print per-node
+ timing information when doing EXPLAIN ANALYZE (Tom Lane)
+
+
+
+
+ Fix upgrade-from-unpackaged script for contrib/citext
+ (Tom Lane)
+
+
+
+
+ Fix block number checking
+ in contrib/pageinspect's get_raw_page()
+ (Tom Lane)
+
+
+ The incorrect checking logic could prevent access to some pages in
+ non-main relation forks.
+
+
+
+
+ Fix contrib/pgcrypto's pgp_sym_decrypt()
+ to not fail on messages whose length is 6 less than a power of 2
+ (Marko Tiikkaja)
+
+
+
+
+ Fix file descriptor leak in contrib/pg_test_fsync
+ (Jeff Janes)
+
+
+ This could cause failure to remove temporary files on Windows.
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+ Avoid a possible crash in contrib/xml2's
+ xslt_process() (Mark Simonetti)
+
+
+
libxslt seems to have an undocumented dependency on+ the order in which resources are freed; reorder our calls to avoid a
+ crash.
+
+
+
+
+ Mark some contrib I/O functions with correct volatility
+ properties (Tom Lane)
+
+
+ The previous over-conservative marking was immaterial in normal use,
+ but could cause optimization problems or rejection of valid index
+ expression definitions. Since the consequences are not large, we've
+ just adjusted the function definitions in the extension modules'
+ scripts, without changing version numbers.
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+ Detect incompatible OpenLDAP versions during build (Noah Misch)
+
+
+ With OpenLDAP versions 2.4.24 through 2.4.31,
+ inclusive,
PostgreSQL backends can crash at exit.+ Raise a warning during
configure based on the+ compile-time OpenLDAP version number, and test the crashing scenario
+ in the contrib/dblink regression test.
+
+
+
+
+ In non-MSVC Windows builds, ensure libpq.dll is installed
+ with execute permissions (Noah Misch)
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+ Support time zone abbreviations that change UTC offset from time to
+ time (Tom Lane)
+
+
+ Previously,
PostgreSQL assumed that the UTC offset+ associated with a time zone abbreviation (such as EST)
+ never changes in the usage of any particular locale. However this
+ assumption fails in the real world, so introduce the ability for a
+ zone abbreviation to represent a UTC offset that sometimes changes.
+ Update the zone abbreviation definition files to make use of this
+ feature in timezone locales that have changed the UTC offset of their
+ abbreviations since 1970 (according to the IANA timezone database).
+ In such timezones,
PostgreSQL will now associate the+ correct UTC offset with the abbreviation depending on the given date.
+
+
+
+
+ Update time zone abbreviations lists (Tom Lane)
+
+
+ Add CST (China Standard Time) to our lists.
+ Remove references to ADT as Arabia Daylight Time, an
+ abbreviation that's been out of use since 2007; therefore, claiming
+ there is a conflict with Atlantic Daylight Time doesn't seem
+ especially helpful.
+ Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
+ (Fiji); we didn't even have them on the proper side of the date line.
+
+
+
+
+ Update time zone data files to
tzdata release 2015a.+
+
+ The IANA timezone database has adopted abbreviations of the form
+ AxST/AxDT
+ for all Australian time zones, reflecting what they believe to be
+ current majority practice Down Under. These names do not conflict
+ with usage elsewhere (other than ACST for Acre Summer Time, which has
+ been in disuse since 1994). Accordingly, adopt these names into
+ our Default timezone abbreviation set.
+ The Australia abbreviation set now contains only CST, EAST,
+ EST, SAST, SAT, and WST, all of which are thought to be mostly
+ historical usage. Note that SAST has also been changed to be South
+ Africa Standard Time in the Default abbreviation set.
+
+
+ Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
+ (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
+ DST law changes in Chile, Mexico, the Turks & Caicos Islands
+ (America/Grand_Turk), and Fiji. There is a new zone
+ Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
+ corrections for historical (pre-1970) time zone data.
+
+
+
+
+
+
+
+
Release 9.2.9
+
+
Release 9.3.6
+
+
+
Release Date
+ 2015-02-05
+
+
+ This release contains a variety of fixes from 9.3.5.
+ For information about new features in the 9.3 major release, see
+ .
+
+
+
+
Migration to Version 9.3.6
+
+ A dump/restore is not required for those running 9.3.X.
+
+
+ However, if you are a Windows user and are using the Norwegian
+ (Bokmål) locale, manual action is needed after the upgrade to
+ replace any Norwegian (Bokmål)_Norway locale names stored
+ in
PostgreSQL system catalogs with the plain-ASCII+ alias Norwegian_Norway. For details see
+
+
+ Also, if you are upgrading from a version earlier than 9.3.5,
+ see .
+
+
+
+
+
+
Changes
+
+
+
+
+
+
+ Fix information leak via constraint-violation error messages
+ (Stephen Frost)
+
+
+ Some server error messages show the values of columns that violate
+ a constraint, such as a unique constraint. If the user does not have
+ SELECT privilege on all columns of the table, this could
+ mean exposing values that the user should not be able to see. Adjust
+ the code so that values are displayed only when they came from the SQL
+ command or could be selected by the user.
+ (CVE-2014-8161)
+
+
+
+
+
+
+ Lock down regression testing's temporary installations on Windows
+ (Noah Misch)
+
+
+ Use SSPI authentication to allow connections only from the OS user
+ who launched the test suite. This closes on Windows the same
+ vulnerability previously closed on other platforms, namely that other
+ users might be able to connect to the test postmaster.
+ (CVE-2014-0067)
+
+
+
+
+
+
+ Cope with the Windows locale named Norwegian (Bokmål)
+ (Heikki Linnakangas)
+
+
+ Non-ASCII locale names are problematic since it's not clear what
+ encoding they should be represented in. Map the troublesome locale
+ name to a plain-ASCII alias, Norwegian_Norway.
+
+
+
+
+
+
+ Avoid possible data corruption if ALTER DATABASE SET
+ TABLESPACE is used to move a database to a new tablespace and then
+ shortly later move it back to its original tablespace (Tom Lane)
+
+
+
+
+
+
+ Avoid corrupting tables when ANALYZE inside a transaction
+ is rolled back (Andres Freund, Tom Lane, Michael Paquier)
+
+
+ If the failing transaction had earlier removed the last index, rule, or
+ trigger from the table, the table would be left in a corrupted state
+ with the relevant pg_class flags not set though they
+ should be.
+
+
+
+
+
+
+ Ensure that unlogged tables are copied correctly
+ during CREATE DATABASE or ALTER DATABASE SET
+ TABLESPACE (Pavan Deolasee, Andres Freund)
+
+
+
+
+
+
+ Fix incorrect processing
+ of CreateEventTrigStmt.eventname (Petr
+ Jelinek)
+
+
+ This could result in misbehavior if CREATE EVENT TRIGGER
+ were executed as a prepared query, or via extended query protocol.
+
+
+
+
+
+
+ Fix DROP's dependency searching to correctly handle the
+ case where a table column is recursively visited before its table
+ (Petr Jelinek, Tom Lane)
+
+
+ This case is only known to arise when an extension creates both a
+ datatype and a table using that datatype. The faulty code might
+ refuse a DROP EXTENSION unless CASCADE is
+ specified, which should not be required.
+
+
+
+
+
+
+ Fix use-of-already-freed-memory problem in EvalPlanQual processing
+ (Tom Lane)
+
+
+ In READ COMMITTED mode, queries that lock or update
+ recently-updated rows could crash as a result of this bug.
+
+
+
+
+
+
+ Avoid possible deadlock while trying to acquire tuple locks
+ in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood)
+
+
+
+
+
+
+ Fix failure to wait when a transaction tries to acquire a FOR
+ NO KEY EXCLUSIVE tuple lock, while multiple other transactions
+ currently hold FOR SHARE locks (Álvaro Herrera)
+
+
+
+
+
+
+ Fix planning of SELECT FOR UPDATE when using a partial
+ index on a child table (Kyotaro Horiguchi)
+
+
+ In READ COMMITTED mode, SELECT FOR UPDATE must
+ also recheck the partial index's WHERE condition when
+ rechecking a recently-updated row to see if it still satisfies the
+ query's WHERE condition. This requirement was missed if the
+ index belonged to an inheritance child table, so that it was possible
+ to incorrectly return rows that no longer satisfy the query condition.
+
+
+
+
+
+
+ Fix corner case wherein SELECT FOR UPDATE could return a row
+ twice, and possibly miss returning other rows (Tom Lane)
+
+
+ In READ COMMITTED mode, a SELECT FOR UPDATE
+ that is scanning an inheritance tree could incorrectly return a row
+ from a prior child table instead of the one it should return from a
+ later child table.
+
+
+
+
+
+
+ Improve performance of EXPLAIN with large range tables
+ (Tom Lane)
+
+
+
+
+
+
+ Reject duplicate column names in the referenced-columns list of
+ a FOREIGN KEY declaration (David Rowley)
+
+
+ This restriction is per SQL standard. Previously we did not reject
+ the case explicitly, but later on the code would fail with
+ bizarre-looking errors.
+
+
+
+
+
+
+ Re-enable error for SELECT ... OFFSET -1 (Tom Lane)
+
+
+ A negative offset value has been an error since 8.4, but an
+ optimization added in 9.3 accidentally turned the case into a no-op.
+ Restore the expected behavior.
+
+
+
+
+
+
+ Restore previous behavior of conversion of domains to JSON
+ (Tom Lane)
+
+
+ This change causes domains over numeric and boolean to be treated
+ like their base types for purposes of conversion to JSON. It worked
+ like that before 9.3.5 and 9.2.9, but was unintentionally changed
+ while fixing a related problem.
+
+
+
+
+
+
+ Fix json_agg() to not return extra trailing right
+ brackets in its result (Tom Lane)
+
+
+
+
+
+
+ Fix bugs in raising a numeric value to a large integral power
+ (Tom Lane)
+
+
+ The previous code could get a wrong answer, or consume excessive
+ amounts of time and memory before realizing that the answer must
+ overflow.
+
+
+
+
+
+
+ In numeric_recv(), truncate away any fractional digits
+ that would be hidden according to the value's dscale field
+ (Tom Lane)
+
+
+ A numeric value's display scale (dscale) should
+ never be less than the number of nonzero fractional digits; but
+ apparently there's at least one broken client application that
+ transmits binary numeric values in which that's true.
+ This leads to strange behavior since the extra digits are taken into
+ account by arithmetic operations even though they aren't printed.
+ The least risky fix seems to be to truncate away such hidden
+ digits on receipt, so that the value is indeed what it prints as.
+
+
+
+
+
+
+ Fix incorrect search for shortest-first regular expression matches
+ (Tom Lane)
+
+
+ Matching would often fail when the number of allowed iterations is
+ limited by a ? quantifier or a bound expression.
+
+
+
+
+
+
+ Reject out-of-range numeric timezone specifications (Tom Lane)
+
+
+ Simple numeric timezone specifications exceeding +/- 168 hours (one
+ week) would be accepted, but could then cause null-pointer dereference
+ crashes in certain operations. There's no use-case for such large UTC
+ offsets, so reject them.
+
+
+
+
+
+
+ Fix bugs in tsquery @> tsquery
+ operator (Heikki Linnakangas)
+
+
+ Two different terms would be considered to match if they had the same
+ CRC. Also, if the second operand had more terms than the first, it
+ would be assumed not to be contained in the first; which is wrong
+ since it might contain duplicate terms.
+
+
+
+
+
+
+ Improve ispell dictionary's defenses against bad affix files (Tom Lane)
+
+
+
+
+
+
+ Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
+
+
+ The previous coding could crash on an oversize dictionary, so this was
+ deemed a back-patchable bug fix rather than a feature addition.
+
+
+
+
+
+
+ Fix namespace handling in xpath() (Ali Akbar)
+
+
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
+
+
+
+
+
+
+ Ensure that whole-row variables expose nonempty column names
+ to functions that pay attention to column names within composite
+ arguments (Tom Lane)
+
+
+ In some contexts, constructs like row_to_json(tab.*) may
+ not produce the expected column names. This is fixed properly as of
+ 9.4; in older branches, just ensure that we produce some nonempty
+ name. (In some cases this will be the underlying table's column name
+ rather than the query-assigned alias that should theoretically be
+ visible.)
+
+
+
+
+
+
+ Fix mishandling of system columns,
+ particularly tableoid, in FDW queries (Etsuro Fujita)
+
+
+
+
+
+
+ Fix assorted oversights in range-operator selectivity estimation
+ (Emre Hasegeli)
+
+
+ This patch fixes corner-case unexpected operator NNNN planner
+ errors, and improves the selectivity estimates for some other cases.
+
+
+
+
+
+
+ Avoid doing indexed_column = ANY
+ (array) as an index qualifier if that leads
+ to an inferior plan (Andrew Gierth)
+
+
+ In some cases, = ANY conditions applied to non-first index
+ columns would be done as index conditions even though it would be
+ better to use them as simple filter conditions.
+
+
+
+
+
+
+ Fix variable not found in subplan target list planner
+ failure when an inline-able SQL function taking a composite argument
+ is used in a LATERAL subselect and the composite argument
+ is a lateral reference (Tom Lane)
+
+
+
+
+
+
+ Fix planner problems with nested append relations, such as inherited
+ tables within UNION ALL subqueries (Tom Lane)
+
+
+
+
+
+
+ Fail cleanly when a GiST index tuple doesn't fit on a page, rather
+ than going into infinite recursion (Andrew Gierth)
+
+
+
+
+
+
+ Exempt tables that have per-table cost_limit
+ and/or cost_delay settings from autovacuum's global cost
+ balancing rules (Álvaro Herrera)
+
+
+ The previous behavior resulted in basically ignoring these per-table
+ settings, which was unintended. Now, a table having such settings
+ will be vacuumed using those settings, independently of what is going
+ on in other autovacuum workers. This may result in heavier total I/O
+ load than before, so such settings should be re-examined for sanity.
+
+
+
+
+
+
+ Avoid wholesale autovacuuming when autovacuum is nominally off
+ (Tom Lane)
+
+
+ Even when autovacuum is nominally off, we will still launch autovacuum
+ worker processes to vacuum tables that are at risk of XID wraparound.
+ However, such a worker process then proceeded to vacuum all tables in
+ the target database, if they met the usual thresholds for
+ autovacuuming. This is at best pretty unexpected; at worst it delays
+ response to the wraparound threat. Fix it so that if autovacuum is
+ turned off, workers only do anti-wraparound vacuums and
+ not any other work.
+
+
+
+
+
+
+ During crash recovery, ensure that unlogged relations are rewritten as
+ empty and are synced to disk before recovery is considered complete
+ (Abhijit Menon-Sen, Andres Freund)
+
+
+ This prevents scenarios in which unlogged relations might contain
+ garbage data following database crash recovery.
+
+
+
+
+
+
+ Fix race condition between hot standby queries and replaying a
+ full-page image (Heikki Linnakangas)
+
+
+ This mistake could result in transient errors in queries being
+ executed in hot standby.
+
+
+
+
+
+
+ Fix several cases where recovery logic improperly ignored WAL records
+ for COMMIT/ABORT PREPARED (Heikki Linnakangas)
+
+
+ The most notable oversight was
+ that recovery_min_apply_delay failed to delay application
+ of a two-phase commit.
+
+
+
+
+
+
+ Prevent latest WAL file from being archived a second time at completion
+ of crash recovery (Fujii Masao)
+
+
+
+
+
+
+ Avoid creating unnecessary .ready marker files for
+ timeline history files (Fujii Masao)
+
+
+
+
+
+
+ Fix possible null pointer dereference when an empty prepared statement
+ is used and the log_statement setting is mod
+ or ddl (Fujii Masao)
+
+
+
+
+
+
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
+
+
+
+
+
+
+ Fix possible corruption of postmaster's list of dynamic background
+ workers (Andres Freund)
+
+
+
+
+
+
+ Fix SPARC spinlock implementation to ensure correctness if the CPU is
+ being run in a non-TSO coherency mode, as some non-Solaris kernels do
+ (Andres Freund)
+
+
+
+
+
+
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
+
+
+
+
+
+
+ Fix processing of repeated dbname parameters
+ in PQconnectdbParams() (Alex Shulgin)
+
+
+ Unexpected behavior ensued if the first occurrence
+ of dbname contained a connection string or URI to be
+ expanded.
+
+
+
+
+
+
+ Ensure that
libpq reports a suitable error message on+ unexpected socket EOF (Marko Tiikkaja, Tom Lane)
+
+
+ Depending on kernel behavior,
libpq might return an+ empty error string rather than something useful when the server
+ unexpectedly closed the socket.
+
+
+
+
+
+
+ Clear any old error message during PQreset()
+ (Heikki Linnakangas)
+
+
+ If PQreset() is called repeatedly, and the connection
+ cannot be re-established, error messages from the failed connection
+ attempts kept accumulating in the PGconn's error
+ string.
+
+
+
+
+
+
+ Properly handle out-of-memory conditions while parsing connection
+ options in
libpq (Alex Shulgin, Heikki Linnakangas)+
+
+
+
+
+
+ Fix array overrun in
ecpg's version+ of ParseDateTime() (Michael Paquier)
+
+
+
+
+
+
+ In
initdb, give a clearer error message if a password+ file is specified but is empty (Mats Erik Andersson)
+
+
+
+
+
+
+ Fix
psql's \s command to work nicely with+ libedit, and add pager support (Stepan Rutz, Tom Lane)
+
+
+ When using libedit rather than readline, \s printed the
+ command history in a fairly unreadable encoded format, and on recent
+ libedit versions might fail altogether. Fix that by printing the
+ history ourselves rather than having the library do it. A pleasant
+ side-effect is that the pager is used if appropriate.
+
+
+ This patch also fixes a bug that caused newline encoding to be applied
+ inconsistently when saving the command history with libedit.
+ Multiline history entries written by older
psql+ versions will be read cleanly with this patch, but perhaps not
+ vice versa, depending on the exact libedit versions involved.
+
+
+
+
+
+
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
+
+
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
+
+
+
+
+
+
+ Make
psql's \watch command display+ nulls as specified by \pset null (Fujii Masao)
+
+
+
+
+
+
+ Fix
psql's expanded-mode display to work+ consistently when using border = 3
+ and linestyle = ascii or unicode
+ (Stephen Frost)
+
+
+
+
+
+
+ Fix
pg_dump to handle comments on event triggers+ without failing (Tom Lane)
+
+
+
+
+
+
+ Allow parallel
pg_dump to+ use
+
+
+
+
+
+
+ Improve performance of
pg_dump when the database+ contains many instances of multiple dependency paths between the same
+ two objects (Tom Lane)
+
+
+
+
+
+
+ Fix
pg_dumpall to restore its ability to dump from+ pre-8.1 servers (Gilles Darold)
+
+
+
+
+
+
+ Fix possible deadlock during parallel restore of a schema-only dump
+ (Robert Haas, Tom Lane)
+
+
+
+
+
+
+ Fix core dump in pg_dump --binary-upgrade on zero-column
+ composite type (Rushabh Lathia)
+
+
+
+
+
+
+ Fix failure to fsync tables in nondefault tablespaces
+ during
pg_upgrade (Abhijit Menon-Sen, Andres Freund)+
+
+ With an operating system crash and some bad luck, this could result in
+ data loss during an upgrade.
+
+
+
+
+
+
+ In
pg_upgrade, cope with cases where the new cluster+ creates a TOAST table for a table that didn't previously have one
+ (Bruce Momjian)
+
+
+ Previously this could result in failures due to OID conflicts.
+
+
+
+
+
+
+ In
pg_upgrade, don't try to+ set autovacuum_multixact_freeze_max_age for the old cluster
+ (Bruce Momjian)
+
+
+ This could result in failure because not all 9.3.X versions have that
+ parameter. Fortunately, we don't actually need to set it at all.
+
+
+
+
+
+
+ In
pg_upgrade, preserve the transaction ID epoch+ (Bruce Momjian)
+
+
+ This oversight did not bother
PostgreSQL proper,+ but could confuse some external replication tools.
+
+
+
+
+
+
+ Prevent WAL files created by pg_basebackup -x/-X from
+ being archived again when the standby is promoted (Andres Freund)
+
+
+
+
+
+
+ Fix memory leak in
pg_receivexlog (Fujii Masao)+
+
+
+
+
+
+ Fix unintended suppression of
pg_receivexlog verbose+ messages (Fujii Masao)
+
+
+
+
+
+
+ Fix failure of contrib/auto_explain to print per-node
+ timing information when doing EXPLAIN ANALYZE (Tom Lane)
+
+
+
+
+
+
+ Fix upgrade-from-unpackaged script for contrib/citext
+ (Tom Lane)
+
+
+
+
+
+
+ Avoid integer overflow and buffer overrun
+ in contrib/hstore's hstore_to_json()
+ (Heikki Linnakangas)
+
+
+
+
+
+
+ Fix recognition of numbers in hstore_to_json_loose(),
+ so that JSON numbers and strings are correctly distinguished
+ (Andrew Dunstan)
+
+
+
+
+
+
+ Fix block number checking
+ in contrib/pageinspect's get_raw_page()
+ (Tom Lane)
+
+
+ The incorrect checking logic could prevent access to some pages in
+ non-main relation forks.
+
+
+
+
+
+
+ Fix contrib/pgcrypto's pgp_sym_decrypt()
+ to not fail on messages whose length is 6 less than a power of 2
+ (Marko Tiikkaja)
+
+
+
+
+
+
+ Fix file descriptor leak in contrib/pg_test_fsync
+ (Jeff Janes)
+
+
+ This could cause failure to remove temporary files on Windows.
+
+
+
+
+
+
+ Handle unexpected query results, especially NULLs, safely in
+ contrib/tablefunc's connectby()
+ (Michael Paquier)
+
+
+ connectby() previously crashed if it encountered a NULL
+ key value. It now prints that row but doesn't recurse further.
+
+
+
+
+
+
+ Avoid a possible crash in contrib/xml2's
+ xslt_process() (Mark Simonetti)
+
+
+
libxslt seems to have an undocumented dependency on+ the order in which resources are freed; reorder our calls to avoid a
+ crash.
+
+
+
+
+
+
+ Mark some contrib I/O functions with correct volatility
+ properties (Tom Lane)
+
+
+ The previous over-conservative marking was immaterial in normal use,
+ but could cause optimization problems or rejection of valid index
+ expression definitions. Since the consequences are not large, we've
+ just adjusted the function definitions in the extension modules'
+ scripts, without changing version numbers.
+
+
+
+
+
+
+ Numerous cleanups of warnings from Coverity static code analyzer
+ (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
+
+
+ These changes are mostly cosmetic but in some cases fix corner-case
+ bugs, for example a crash rather than a proper error report after an
+ out-of-memory failure. None are believed to represent security
+ issues.
+
+
+
+
+
+
+ Fix setup of background workers in EXEC_BACKEND builds, eg Windows
+ (Robert Haas)
+
+
+
+
+
+
+ Detect incompatible OpenLDAP versions during build (Noah Misch)
+
+
+ With OpenLDAP versions 2.4.24 through 2.4.31,
+ inclusive,
PostgreSQL backends can crash at exit.+ Raise a warning during
configure based on the+ compile-time OpenLDAP version number, and test the crashing scenario
+ in the contrib/dblink regression test.
+
+
+
+
+
+
+ In non-MSVC Windows builds, ensure libpq.dll is installed
+ with execute permissions (Noah Misch)
+
+
+
+
+
+
+ Make
pg_regress remove any temporary installation it+ created upon successful exit (Tom Lane)
+
+
+ This results in a very substantial reduction in disk space usage
+ during make check-world, since that sequence involves
+ creation of numerous temporary installations.
+
+
+
+
+
+
+ Support time zone abbreviations that change UTC offset from time to
+ time (Tom Lane)
+
+
+ Previously,
PostgreSQL assumed that the UTC offset+ associated with a time zone abbreviation (such as EST)
+ never changes in the usage of any particular locale. However this
+ assumption fails in the real world, so introduce the ability for a
+ zone abbreviation to represent a UTC offset that sometimes changes.
+ Update the zone abbreviation definition files to make use of this
+ feature in timezone locales that have changed the UTC offset of their
+ abbreviations since 1970 (according to the IANA timezone database).
+ In such timezones,
PostgreSQL will now associate the+ correct UTC offset with the abbreviation depending on the given date.
+
+
+
+
+
+
+ Update time zone abbreviations lists (Tom Lane)
+
+
+ Add CST (China Standard Time) to our lists.
+ Remove references to ADT as Arabia Daylight Time, an
+ abbreviation that's been out of use since 2007; therefore, claiming
+ there is a conflict with Atlantic Daylight Time doesn't seem
+ especially helpful.
+ Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
+ (Fiji); we didn't even have them on the proper side of the date line.
+
+
+
+
+
+
+ Update time zone data files to
tzdata release 2015a.+
+
+ The IANA timezone database has adopted abbreviations of the form
+ AxST/AxDT
+ for all Australian time zones, reflecting what they believe to be
+ current majority practice Down Under. These names do not conflict
+ with usage elsewhere (other than ACST for Acre Summer Time, which has
+ been in disuse since 1994). Accordingly, adopt these names into
+ our Default timezone abbreviation set.
+ The Australia abbreviation set now contains only CST, EAST,
+ EST, SAST, SAT, and WST, all of which are thought to be mostly
+ historical usage. Note that SAST has also been changed to be South
+ Africa Standard Time in the Default abbreviation set.
+
+
+ Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
+ (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
+ DST law changes in Chile, Mexico, the Turks & Caicos Islands
+ (America/Grand_Turk), and Fiji. There is a new zone
+ Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
+ corrections for historical (pre-1970) time zone data.
+
+
+
+
+
+
+
+
Release 9.3.5
-
-
-
- Avoid possible data corruption if ALTER DATABASE SET
- TABLESPACE is used to move a database to a new tablespace and then
- shortly later move it back to its original tablespace (Tom Lane)
-
-
-
-
-
-
- Avoid corrupting tables when ANALYZE inside a transaction
- is rolled back (Andres Freund, Tom Lane, Michael Paquier)
-
-
- If the transaction had earlier removed the last index, rule, or
- trigger from the table, the table would be left in a corrupted state
- with the relevant pg_class flags not set though they
- should be.
-
-
-
-
-
-
- Ensure that unlogged tables are copied correctly
- during CREATE DATABASE or ALTER DATABASE SET
- TABLESPACE (Pavan Deolasee, Andres Freund)
-
-
-
-
-
-
- Fix incorrect processing
- of CreateEventTrigStmt.eventname (Petr
- Jelinek)
-
-
- This could result in misbehavior if CREATE EVENT TRIGGER
- were executed as a prepared query, or via extended query protocol.
-
-
-
-
-
-
- Fix DROP's dependency searching to correctly handle the
- case where a table column is recursively visited before its table
- (Petr Jelinek, Tom Lane)
-
-
- This case is only known to arise when an extension creates both a
- datatype and a table using that datatype. The faulty code might
- refuse a DROP EXTENSION unless CASCADE is
- specified, which should not be required.
-
-
-
-
-
- Fix planning of SELECT FOR UPDATE when using a partial
- index on a child table (Kyotaro Horiguchi)
-
-
- In READ COMMITTED mode, SELECT FOR UPDATE must
- also recheck the partial index's WHERE condition when
- rechecking a recently-updated row to see if it still satisfies the
- query's WHERE condition. This requirement was missed if the
- index belonged to an inheritance child table, so that it was possible
- to incorrectly return rows that no longer satisfy the query condition.
-
-
-
-
-
-
- Fix corner case wherein SELECT FOR UPDATE could return a row
- twice, and possibly miss returning other rows (Tom Lane)
-
-
- In READ COMMITTED mode, a SELECT FOR UPDATE
- that is scanning an inheritance tree could incorrectly return a row
- from a prior child table instead of the one it should return from a
- later child table.
-
-
-
-
-
- Reject duplicate column names in the referenced-columns list of
- a FOREIGN KEY declaration (David Rowley)
-
-
- This restriction is per SQL standard. Previously we did not reject
- the case explicitly, but instead the code would fail with
- bizarre-looking errors.
-
-
-
-
-
-
- Re-enable error for SELECT ... OFFSET -1 (Tom Lane)
-
-
- A negative offset value has been an error since 8.4, but an
- optimization added in 9.3 accidentally turned the case into a no-op.
- Restore the expected behavior.
-
-
-
-
-
- Restore previous behavior of conversion of domains to JSON
- (Tom Lane)
-
-
- This change causes domains over numeric and boolean to be treated
- like their base types for purposes of conversion to JSON. It worked
- like that before 9.3.5 and 9.2.9, but was unintentionally changed
- while fixing a related problem.
-
-
-
-
-
-
- Fix json_agg() to not return extra trailing right
- brackets in its result (Tom Lane)
-
-
-
-
-
-
- Fix bugs in raising a numeric value to a large integral power
- (Tom Lane)
-
-
- The previous code could get a wrong answer, or consume excessive
- amounts of time and memory before realizing that the answer must
- overflow.
-
-
-
-
-
-
- In numeric_recv(), truncate away any fractional digits
- that would be hidden according to the value's dscale field
- (Tom Lane)
-
-
- A numeric value's display scale (dscale) should
- never be less than the number of nonzero fractional digits; but
- apparently there's at least one broken client application that
- transmits binary numeric values in which that's true.
- This leads to strange behavior since the extra digits are taken into
- account by arithmetic operations even though they aren't printed.
- The least risky fix seems to be to truncate away such hidden
- digits on receipt, so that the value is indeed what it prints as.
-
-
-
-
-
-
- Fix incorrect search for shortest-first regular expression matches
- (Tom Lane)
-
-
- Matching would often fail when the number of allowed iterations is
- limited by a ? quantifier or a bound expression.
-
-
-
-
-
-
- Reject out-of-range numeric timezone specifications (Tom Lane)
-
-
- Simple numeric timezone specifications exceeding +/- 168 hours (one
- week) would be accepted, but could then cause null-pointer dereference
- crashes in certain operations. There's no use-case for such large UTC
- offsets, so reject them.
-
-
-
-
-
-
- Fix bugs in tsquery @> tsquery
- operator (Heikki Linnakangas)
-
-
- Two different terms would be considered to match if they had the same
- CRC. Also, if the second operand had more terms than the first, it
- would be assumed not to match; which is wrong since it might contain
- duplicate terms.
-
-
-
-
-
-
- Improve ispell dictionary's defenses against bad affix files (Tom Lane)
-
-
-
-
-
-
- Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
-
-
- The previous coding could crash on an oversize dictionary, so this was
- deemed a back-patchable bug fix rather than a feature addition.
-
-
-
-
-
-
- Fix namespace handling in xpath() (Ali Akbar)
-
-
- Previously, the xml value resulting from
- an xpath() call would not have namespace declarations if
- the namespace declarations were attached to an ancestor element in the
- input xml value, rather than to the specific element being
- returned. Propagate the ancestral declaration so that the result is
- correct by itself.
-
-
-
-
-
-
- Ensure that whole-row variables expose nonempty column names
- to functions that pay attention to column names within composite
- arguments (Tom Lane)
-
-
- In some contexts, constructs like row_to_json(tab.*) may
- not produce the expected column names. This is fixed properly as of
- 9.4; in older branches, just ensure that we produce some nonempty
- name. (In some cases this will be the underlying table's column name
- rather than the query-assigned alias that should theoretically be
- visible.)
-
-
-
-
-
-
- Fix mishandling of system columns,
- particularly tableoid, in FDW queries (Etsuro Fujita)
-
-
-
-
-
-
- Fix assorted oversights in range-operator selectivity estimation
- (Emre Hasegeli)
-
-
- This patch fixes corner-case unexpected operator NNNN planner
- errors, and improves the selectivity estimates for some other cases.
-
-
-
-
-
-
- Avoid doing indexed_column = ANY
- (array) as an index qualifier if that leads
- to an inferior plan (Andrew Gierth)
-
-
- In some cases, = ANY conditions applied to non-first index
- columns would be done as index conditions even though it would be
- better to use them as simple filter conditions.
-
-
-
-
-
-
- Fix variable not found in subplan target list planner
- failure when an inline-able SQL function taking a composite argument
- is used in a LATERAL subselect and the composite argument
- is a lateral reference (Tom Lane)
-
-
-
-
-
-
- Fix planner problems with nested append relations, such as inherited
- tables within UNION ALL subqueries (Tom Lane)
-
-
-
-
-
-
- Revert unintended reduction in maximum size of a GIN index item
- (Heikki Linnakangas)
-
-
- 9.4.0 could fail with index row size exceeds maximum errors
- for data that previous versions would accept.
-
-
-
-
-
-
- Fix query-duration memory leak during repeated GIN index rescans
- (Heikki Linnakangas)
-
-
-
-
-
-
- Fix possible crash when using
- nonzero gin_fuzzy_search_limit (Heikki Linnakangas)
-
-
-
-
-
-
- Fail cleanly when a GiST index tuple doesn't fit on a page, rather
- than going into infinite recursion (Andrew Gierth)
-
-
-
-
-
-
- Exempt tables that have per-table cost_limit
- and/or cost_delay settings from autovacuum's global cost
- balancing rules (Álvaro Herrera)
-
-
- The previous behavior resulted in basically ignoring these per-table
- settings, which was unintended. Now, a table having such settings
- will be vacuumed using those settings, independently of what is going
- on in other autovacuum workers. This may result in heavier total I/O
- load than before, so such settings should be re-examined for sanity.
-
-
-
-
-
-
- Avoid wholesale autovacuuming when autovacuum is nominally off
- (Tom Lane)
-
-
- Even when autovacuum is nominally off, we will still launch autovacuum
- worker processes to vacuum tables that are at risk of XID wraparound.
- However, such a worker process then proceeded to vacuum all tables in
- the target database, if they met the usual thresholds for
- autovacuuming. This is at best pretty unexpected; at worst it delays
- response to the wraparound threat. Fix it so that if autovacuum is
- turned off, workers only do anti-wraparound vacuums and
- not any other work.
-
-
-
-
-
-
- Assorted fixes for logical decoding (Andres Freund)
-
-
-
-
-
-
- During crash recovery, ensure that unlogged relations are rewritten as
- empty and are synced to disk before recovery is considered complete
- (Abhijit Menon-Sen, Andres Freund)
-
-
- This prevents scenarios in which unlogged relations might contain
- garbage data following database crash recovery.
-
-
-
-
-
-
- Fix race condition between hot standby queries and replaying a
- full-page image (Heikki Linnakangas)
-
-
- This mistake could result in transient errors in queries being
- executed in hot standby.
-
-
-
-
-
-
- Fix several cases where recovery logic improperly ignored WAL records
- for COMMIT/ABORT PREPARED (Heikki Linnakangas)
-
-
- The most notable oversight was
- that recovery_min_apply_delay failed to delay application
- of a two-phase commit.
-
-
-
-
-
-
- Fix incorrect replay of WAL parameter change records that report
- changes in the wal_log_hints setting (Petr Jalinek)
-
-
-
-
-
-
- Prevent latest WAL file from being archived a second time at completion
- of crash recovery (Fujii Masao)
-
-
-
-
-
-
- Avoid creating unnecessary .ready marker files for
- timeline history files (Fujii Masao)
-
-
-
-
-
-
- Fix possible null pointer dereference when an empty prepared statement
- is used and the log_statement setting is mod
- or ddl (Fujii Masao)
-
-
-
-
-
-
- Change pgstat wait timeout warning message to be LOG level,
- and rephrase it to be more understandable (Tom Lane)
-
-
- This message was originally thought to be essentially a can't-happen
- case, but it occurs often enough on our slower buildfarm members to be
- a nuisance. Reduce it to LOG level, and expend a bit more effort on
- the wording: it now reads using stale statistics instead of
- current ones because stats collector is not responding.
-
-
-
-
-
-
- Fix possible corruption of postmaster's list of dynamic background
- workers (Andres Freund)
-
-
-
-
-
-
- Fix SPARC spinlock implementation to ensure correctness if the CPU is
- not being run in TSO coherency mode, as some non-Solaris kernels do
- (Andres Freund)
-
-
-
-
-
-
- Warn if OS X's setlocale() starts an unwanted extra
- thread inside the postmaster (Noah Misch)
-
-
-
-
-
-
- Fix
libpq's behavior when /etc/passwd- isn't readable (Tom Lane)
-
-
- While doing
PQsetdbLogin(), libpq- attempts to ascertain the user's operating system name, which on most
- Unix platforms involves reading /etc/passwd. As of 9.4,
- failure to do that was treated as a hard error. Restore the previous
- behavior, which was to fail only if the application does not provide a
- database role name to connect as. This supports operation in chroot
- environments that lack an /etc/passwd file.
-
-
-
-
-
-
- Fix processing of repeated dbname parameters
- in PQconnectdbParams() (Alex Shulgin)
-
-
- Unexpected behavior ensued if the first occurrence
- of dbname contained a connection string or URI to be
- expanded.
-
-
-
-
-
-
- Ensure that
libpq reports a suitable error message on- unexpected socket EOF (Marko Tiikkaja, Tom Lane)
-
-
- Depending on kernel behavior,
libpq might return an- empty error string rather than something useful when the server
- unexpectedly closed the socket.
-
-
-
-
-
-
- Clear any old error message during PQreset()
- (Heikki Linnakangas)
-
-
- If PQreset() is called repeatedly, and the connection
- cannot be re-established, error messages from the failed connection
- attempts kept accumulating in the PGconn's error
- string.
-
-
-
-
-
-
- Properly handle out-of-memory conditions while parsing connection
- options in
libpq (Alex Shulgin, Heikki Linnakangas)-
-
-
-
-
-
- Fix array overrun in
ecpg's version- of ParseDateTime() (Michael Paquier)
-
-
-
-
-
-
- In
initdb, give a clearer error message if a password- file is specified but is empty (Mats Erik Andersson)
-
-
-
-
-
-
- Fix
psql's \s command to work nicely with- libedit, and add pager support (Stepan Rutz, Tom Lane)
-
-
- When using libedit rather than readline, \s printed the
- command history in a fairly unreadable encoded format, and on recent
- libedit versions might fail altogether. Fix that by printing the
- history ourselves rather than having the library do it. A pleasant
- side-effect is that the pager is used if appropriate.
-
-
- This patch also fixes a bug that caused newline encoding to be applied
- inconsistently when saving the command history with libedit.
- Multiline history entries written by older
psql- versions will be read cleanly with this patch, but perhaps not
- vice versa, depending on the exact libedit versions involved.
-
-
-
-
-
-
- Improve consistency of parsing of
psql's special- variables (Tom Lane)
-
-
- Allow variant spellings of on and off (such
- as 1/0) for ECHO_HIDDEN
- and ON_ERROR_ROLLBACK. Report a warning for unrecognized
- values for COMP_KEYWORD_CASE, ECHO,
- ECHO_HIDDEN, HISTCONTROL,
- ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
- all values for all these variables case-insensitively; previously
- there was a mishmash of case-sensitive and case-insensitive behaviors.
-
-
-
-
-
-
- Make
psql's \watch command display- nulls as specified by \pset null (Fujii Masao)
-
-
-
-
-
-
- Fix
psql's expanded-mode display to work- consistently when using border = 3 and ascii or unicode linestyle
- (Stephen Frost)
-
-
-
-
-
-
- Fix
pg_dump to handle comments on event triggers- without failing (Tom Lane)
-
-
-
-
-
-
- Allow parallel
pg_dump to- use
-
-
-
-
-
-
- Improve performance of
pg_dump when the database- contains many instances of multiple dependency paths between the same
- two objects (Tom Lane)
-
-
-
-
-
-
- Fix
pg_dumpall to restore its ability to dump from- pre-8.1 servers (Gilles Darold)
-
-
-
-
-
-
- Fix possible deadlock during parallel restore of a schema-only dump
- (Robert Haas, Tom Lane)
-
-
-
-
-
-
- Fix core dump in pg_dump --binary-upgrade on zero-column
- composite type (Rushabh Lathia)
+ The json type did not have the storage-ambiguity problem, but
+ it did have the problem of inconsistent de-escaped textual output.
+ Therefore \u0000 will now also be rejected
+ in json values when conversion to de-escaped form is
+ required. This change does not break the ability to
+ store \u0000 in json columns so long as no
+ processing is done on the values. This is exactly parallel to the
+ cases in which non-ASCII Unicode escapes are allowed when the database
+ encoding is not UTF8.
- Fix failure to fsync tables in nondefault tablespaces
- during
pg_upgrade (Abhijit Menon-Sen, Andres Freund)+ Fix namespace handling in xpath() (Ali Akbar)
- With an operating system crash and some bad luck, this could result in
- data loss during an upgrade.
+ Previously, the xml value resulting from
+ an xpath() call would not have namespace declarations if
+ the namespace declarations were attached to an ancestor element in the
+ input xml value, rather than to the specific element being
+ returned. Propagate the ancestral declaration so that the result is
+ correct when considered in isolation.
- In
pg_upgrade, cope with cases where the new cluster- creates a TOAST table for a table that didn't previously have one
- (Bruce Momjian)
+ Fix assorted oversights in range-operator selectivity estimation
+ (Emre Hasegeli)
- Previously this could result in failures due to OID conflicts.
+ This patch fixes corner-case unexpected operator NNNN planner
+ errors, and improves the selectivity estimates for some other cases.
- In
pg_upgrade, don't try to- set autovacuum_multixact_freeze_max_age for the old cluster
- (Bruce Momjian)
+ Revert unintended reduction in maximum size of a GIN index item
+ (Heikki Linnakangas)
- This could result in failure because not all 9.3.X versions have that
- parameter. Fortunately, we don't actually need to set it anyway.
+ 9.4.0 could fail with index row size exceeds maximum errors
+ for data that previous versions would accept.
- In
pg_upgrade, preserve the transaction ID epoch- (Bruce Momjian)
-
-
- This oversight did not bother
PostgreSQL proper,- but could confuse some external replication tools.
+ Fix query-duration memory leak during repeated GIN index rescans
+ (Heikki Linnakangas)
- Prevent WAL files created by pg_basebackup -x/-X from
- being archived again when the standby is promoted (Andres Freund)
+ Fix possible crash when using
+ nonzero gin_fuzzy_search_limit (Heikki Linnakangas)
-
Fix memory leak in pg_receivexlog (Fujii Masao)
+ Assorted fixes for logical decoding (Andres Freund)
- Fix
unintended suppression of pg_receivexlog verbose- messages (Fujii Masao)
+ Fix incorrect replay of WAL parameter change records that report
+ changes in the wal_log_hints setting (Petr Jalinek)
- Fix failure of contrib/auto_explain to print per-node
- timing information when doing EXPLAIN ANALYZE (Tom Lane)
+ Change pgstat wait timeout warning message to be LOG level,
+ and rephrase it to be more understandable (Tom Lane)
+
+
+ This message was originally thought to be essentially a can't-happen
+ case, but it occurs often enough on our slower buildfarm members to be
+ a nuisance. Reduce it to LOG level, and expend a bit more effort on
+ the wording: it now reads using stale statistics instead of
+ current ones because stats collector is not responding.
- Fix upgrade-from-unpackaged script for contrib/citext
- (Tom Lane)
+ Warn if OS X's setlocale() starts an unwanted extra
+ thread inside the postmaster (Noah Misch)
- Avoid integer overflow and buffer overrun
- in contrib/hstore's hstore_to_json()
- (Heikki Linnakangas)
+ Fix
libpq's behavior when /etc/passwd+ isn't readable (Tom Lane)
-
-
-
-
- Fix recognition of numbers in hstore_to_json_loose(),
- so that JSON numbers and strings are correctly distinguished
- (Andrew Dunstan)
+ While doing
PQsetdbLogin(), libpq+ attempts to ascertain the user's operating system name, which on most
+ Unix platforms involves reading /etc/passwd. As of 9.4,
+ failure to do that was treated as a hard error. Restore the previous
+ behavior, which was to fail only if the application does not provide a
+ database role name to connect as. This supports operation in chroot
+ environments that lack an /etc/passwd file.
- Fix block number checking
- in contrib/pageinspect's get_raw_page()
- (Tom Lane)
+ Improve consistency of parsing of
psql's special+ variables (Tom Lane)
- The incorrect checking logic could prevent access to some pages in
- non-main relation forks.
+ Allow variant spellings of on and off (such
+ as 1/0) for ECHO_HIDDEN
+ and ON_ERROR_ROLLBACK. Report a warning for unrecognized
+ values for COMP_KEYWORD_CASE, ECHO,
+ ECHO_HIDDEN, HISTCONTROL,
+ ON_ERROR_ROLLBACK, and VERBOSITY. Recognize
+ all values for all these variables case-insensitively; previously
+ there was a mishmash of case-sensitive and case-insensitive behaviors.
- Fix contrib/pgcrypto's pgp_sym_decrypt()
- to not fail on messages whose length is 6 less than a power of 2
- (Marko Tiikkaja)
+ Fix
pg_dump to handle comments on event triggers+ without failing (Tom Lane)
- Fix file descriptor leak in contrib/pg_test_fsync
- (Jeff Janes)
+ Allow parallel
pg_dump to+ use )
+
+
+
+
- This could cause failure to remove temporary files on Windows.
+ Prevent WAL files created by pg_basebackup -x/-X from
+ being archived again when the standby is promoted (Andres Freund)
-
-
-
- Avoid a possible crash in contrib/xml2's
- xslt_process() (Mark Simonetti)
-
-
-
libxslt seems to have an undocumented dependency on- the order in which resources are freed; reorder our calls to avoid a
- crash.
-
-
-
-
-
-
- Mark some contrib I/O functions with correct volatility
- properties (Tom Lane)
-
-
- The previous over-conservative marking was immaterial in normal use,
- but could cause optimization problems or rejection of valid index
- expression definitions. Since the consequences are not large, we've
- just adjusted the function definitions in the extension modules'
- scripts, without changing version numbers.
-
-
-
-
-
- Fix setup of background workers in EXEC_BACKEND builds, eg Windows
- (Robert Haas)
-
-
-
-
-
- Detect incompatible OpenLDAP versions during build (Noah Misch)
-
-
- With OpenLDAP versions 2.4.24 through 2.4.31,
- inclusive,
PostgreSQL backends can crash at exit.- Raise a warning during
configure based on the- compile-time OpenLDAP version number, and test the scenario in the
- dblink regression test.
-
-
-
-
-
-
- In non-MSVC Windows builds, ensure libpq.dll is installed
- with execute permissions (Noah Misch)
-
-
-
-
-
- Support time zone abbreviations that change UTC offset from time to
- time (Tom Lane)
-
-
- Previously,
PostgreSQL assumed that the UTC offset- associated with a time zone abbreviation (such as EST)
- never changes in the usage of any particular locale. However this
- assumption fails in the real world, so introduce the ability for a
- zone abbreviation to represent a UTC offset that sometimes changes.
- Update the zone abbreviation definition files to make use of this
- feature in timezone locales that have changed the UTC offset of their
- abbreviations since 1970 (according to the IANA timezone database).
- In such timezones,
PostgreSQL will now associate the- correct UTC offset with the abbreviation depending on the given date.
-
-
-
-
-
- Update time zone abbreviations lists (Tom Lane)
-
-
- Add CST (China Standard Time) to our lists.
- Remove references to ADT as Arabia Daylight Time, an
- abbreviation that's been out of use since 2007; therefore, claiming
- there is a conflict with Atlantic Daylight Time doesn't seem
- especially helpful.
- Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
- (Fiji); we didn't even have them on the proper side of the date line.
-
-
-
-
-
- Update time zone data files to
tzdata release 2015a.-
-
- The IANA timezone database has adopted abbreviations of the form
- AxST/AxDT
- for all Australian time zones, reflecting what they believe to be
- current majority practice Down Under. These names do not conflict
- with usage elsewhere (other than ACST for Acre Summer Time, which has
- been in disuse since 1994). Accordingly, adopt these names into
- our Default timezone abbreviation set.
- The Australia abbreviation set now contains only CST, EAST,
- EST, SAST, SAT, and WST, all of which are thought to be mostly
- historical usage. Note that SAST has also been changed to be South
- Africa Standard Time in the Default abbreviation set.
-
-
- Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
- (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
- DST law changes in Chile, Mexico, the Turks & Caicos Islands
- (America/Grand_Turk), and Fiji. There is a new zone
- Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
- corrections for historical (pre-1970) time zone data.
-
-
-
projects / postgresql.git / commitdiff