diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml
index 4fd1feb6fa..2c4c642252 100644
--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@@ -1,6 +1,1259 @@
+
+ Release 9.4.6
+
+
+ Release Date
+ 2016-02-11
+
+
+
+ This release contains a variety of fixes from 9.4.5.
+ For information about new features in the 9.4 major release, see
+ .
+
+
+
+ Migration to Version 9.4.6
+
+
+ A dump/restore is not required for those running 9.4.X.
+
+
+
+ However, if you are upgrading an installation that contains any GIN
+ indexes that use the (non-default) jsonb_path_ops operator
+ class, see the first changelog entry below.
+
+
+
+ Also, if you are upgrading from a version earlier than 9.4.4,
+ see .
+
+
+
+
+ Changes
+
+
+
+
+
+
+
+ Fix inconsistent hash calculations in jsonb_path_ops GIN
+ indexes (Tom Lane)
+
+
+
+ When processing jsonb values that contain both scalars and
+ sub-objects at the same nesting level, for example an array containing
+ both scalars and sub-arrays, key hash values could be calculated
+ differently than they would be for the same key in a different context.
+ This could result in queries not finding entries that they should find.
+ Fixing this means that existing indexes may now be inconsistent with the
+ new hash calculation code. Users
+ should REINDEX jsonb_path_ops GIN indexes after
+ installing this update to make sure that all searches work as expected.
+
+
+
+
+
+
+
+ Perform an immediate shutdown if the postmaster.pid file
+ is removed (Tom Lane)
+
+
+
+ The postmaster now checks every minute or so
+ that postmaster.pid is still there and still contains its
+ own PID. If not, it performs an immediate shutdown, as though it had
+ received SIGQUIT. The main motivation for this change
+ is to ensure that failed buildfarm runs will get cleaned up without
+ manual intervention; but it also serves to limit the bad effects if a
+ DBA forcibly removes postmaster.pid and then starts a new
+ postmaster.
+
+
+
+
+
+
+
+ In SERIALIZABLE transaction isolation mode, serialization
+ anomalies could be missed due to race conditions during insertions
+ (Kevin Grittner, Thomas Munro)
+
+
+
+
+
+
+
+ Fix failure to emit appropriate WAL records when doing ALTER
+ TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier,
+ Andres Freund)
+
+
+
+ Even though the relation's data is unlogged, the move must be logged or
+ the relation will be inaccessible after a standby is promoted to master.
+
+
+
+
+
+
+
+ Fix possible misinitialization of unlogged relations at the end of
+ crash recovery (Andres Freund, Michael Paquier)
+
+
+
+
+
+
+
+ Ensure walsender slots are fully re-initialized when being re-used
+ (Magnus Hagander)
+
+
+
+
+
+
+
+ Fix ALTER COLUMN TYPE to reconstruct inherited check
+ constraints properly (Tom Lane)
+
+
+
+
+
+
+
+ Fix REASSIGN OWNED to change ownership of composite types
+ properly (Álvaro Herrera)
+
+
+
+
+
+
+
+ Fix REASSIGN OWNED and ALTER OWNER to correctly
+ update granted-permissions lists when changing owners of data types,
+ foreign data wrappers, or foreign servers (Bruce Momjian,
+ Álvaro Herrera)
+
+
+
+
+
+
+
+ Fix REASSIGN OWNED to ignore foreign user mappings,
+ rather than fail (Álvaro Herrera)
+
+
+
+
+
+
+
+ Fix possible crash after doing query rewrite for an updatable view
+ (Stephen Frost)
+
+
+
+
+
+
+
+ Fix planner's handling of LATERAL references (Tom
+ Lane)
+
+
+
+ This fixes some corner cases that led to failed to build any
+ N-way joins or could not devise a query plan planner
+ failures.
+
+
+
+
+
+
+
+ Add more defenses against bad planner cost estimates for GIN index
+ scans when the index's internal statistics are very out-of-date
+ (Tom Lane)
+
+
+
+
+
+
+
+ Make planner cope with hypothetical GIN indexes suggested by an index
+ advisor plug-in (Julien Rouhaud)
+
+
+
+
+
+
+
+ Speed up generation of unique table aliases in EXPLAIN and
+ rule dumping, and ensure that generated aliases do not
+ exceed NAMEDATALEN (Tom Lane)
+
+
+
+
+
+
+
+ Fix dumping of whole-row Vars in ROW()
+ and VALUES() lists (Tom Lane)
+
+
+
+
+
+
+
+ Translation of minus-infinity dates and timestamps to json
+ or jsonb incorrectly rendered them as plus-infinity (Tom Lane)
+
+
+
+
+
+
+
+ Fix possible internal overflow in numeric division
+ (Dean Rasheed)
+
+
+
+
+
+
+
+ Fix enforcement of restrictions inside parentheses within regular
+ expression lookahead constraints (Tom Lane)
+
+
+
+ Lookahead constraints aren't allowed to contain backrefs, and
+ parentheses within them are always considered non-capturing, according
+ to the manual. However, the code failed to handle these cases properly
+ inside a parenthesized subexpression, and would give unexpected
+ results.
+
+
+
+
+
+
+
+ Conversion of regular expressions to indexscan bounds could produce
+ incorrect bounds from regexps containing lookahead constraints
+ (Tom Lane)
+
+
+
+
+
+
+
+ Fix regular-expression compiler to handle loops of constraint arcs
+ (Tom Lane)
+
+
+
+ The code added for CVE-2007-4772 was both incomplete, in that it didn't
+ handle loops involving more than one state, and incorrect, in that it
+ could cause assertion failures (though there seem to be no bad
+ consequences of that in a non-assert build). Multi-state loops would
+ cause the compiler to run until the query was canceled or it reached
+ the too-many-states error condition.
+
+
+
+
+
+
+
+ Improve memory-usage accounting in regular-expression compiler
+ (Tom Lane)
+
+
+
+ This causes the code to emit regular expression is too
+ complex errors in some cases that previously used unreasonable
+ amounts of time and memory.
+
+
+
+
+
+
+
+ Improve performance of regular-expression compiler (Tom Lane)
+
+
+
+
+
+
+
+ Make %h and %r escapes
+ in log_line_prefix work for messages emitted due
+ to log_connections (Tom Lane)
+
+
+
+ Previously, %h/%r started to work just after a
+ new session had emitted the connection received log message;
+ now they work for that message too.
+
+
+
+
+
+
+
+ On Windows, ensure the shared-memory mapping handle gets closed in
+ child processes that don't need it (Tom Lane, Amit Kapila)
+
+
+
+ This oversight resulted in failure to recover from crashes
+ whenever logging_collector is turned on.
+
+
+
+
+
+
+
+ Fix possible failure to detect socket EOF in non-blocking mode on
+ Windows (Tom Lane)
+
+
+
+ It's not entirely clear whether this problem can happen in pre-9.5
+ branches, but if it did, the symptom would be that a walsender process
+ would wait indefinitely rather than noticing a loss of connection.
+
+
+
+
+
+
+
+ Avoid leaking a token handle during SSPI authentication
+ (Christian Ullrich)
+
+
+
+
+
+
+
+ In psql, ensure that libreadline's idea
+ of the screen size is updated when the terminal window size changes
+ (Merlin Moncure)
+
+
+
+ Previously, libreadline did not notice if the window
+ was resized during query output, leading to strange behavior during
+ later input of multiline queries.
+
+
+
+
+
+
+
+ Fix psql's \det command to interpret its
+ pattern argument the same way as other \d commands with
+ potentially schema-qualified patterns do (Reece Hart)
+
+
+
+
+
+
+
+ Avoid possible crash in psql's \c command
+ when previous connection was via Unix socket and command specifies a
+ new hostname and same username (Tom Lane)
+
+
+
+
+
+
+
+ In pg_ctl start -w, test child process status directly
+ rather than relying on heuristics (Tom Lane, Michael Paquier)
+
+
+
+ Previously, pg_ctl relied on an assumption that the new
+ postmaster would always create postmaster.pid within five
+ seconds. But that can fail on heavily-loaded systems,
+ causing pg_ctl to report incorrectly that the
+ postmaster failed to start.
+
+
+
+ Except on Windows, this change also means that a pg_ctl start
+ -w done immediately after another such command will now reliably
+ fail, whereas previously it would report success if done within two
+ seconds of the first command.
+
+
+
+
+
+
+
+ In pg_ctl start -w, don't attempt to use a wildcard listen
+ address to connect to the postmaster (Kondo Yuta)
+
+
+
+ On Windows, pg_ctl would fail to detect postmaster
+ startup if listen_addresses is set to 0.0.0.0
+ or ::, because it would try to use that value verbatim as
+ the address to connect to, which doesn't work. Instead assume
+ that 127.0.0.1 or ::1, respectively, is the
+ right thing to use.
+
+
+
+
+
+
+
+ In pg_ctl on Windows, check service status to decide
+ where to send output, rather than checking if standard output is a
+ terminal (Michael Paquier)
+
+
+
+
+
+
+
+ In pg_dump and pg_basebackup, adopt
+ the GNU convention for handling tar-archive members exceeding 8GB
+ (Tom Lane)
+
+
+
+ The POSIX standard for tar file format does not allow
+ archive member files to exceed 8GB, but most modern implementations
+ of tar support an extension that fixes that. Adopt
+ this extension so that pg_dump with
+
+
+
+
+
+
+ Fix assorted corner-case bugs in pg_dump's processing
+ of extension member objects (Tom Lane)
+
+
+
+
+
+
+
+ Fix improper quoting of domain constraint names
+ in pg_dump (Elvis Pranskevichus)
+
+
+
+
+
+
+
+ Make pg_dump mark a view's triggers as needing to be
+ processed after its rule, to prevent possible failure during
+ parallel pg_restore (Tom Lane)
+
+
+
+
+
+
+
+ Ensure that relation option values are properly quoted
+ in pg_dump (Kouhei Sutou, Tom Lane)
+
+
+
+ A reloption value that isn't a simple identifier or number could lead
+ to dump/reload failures due to syntax errors in CREATE statements
+ issued by pg_dump. This is not an issue with any
+ reloption currently supported by core PostgreSQL, but
+ extensions could allow reloptions that cause the problem.
+
+
+
+
+
+
+
+ Avoid repeated password prompts during parallel pg_dump
+ (Zeus Kronion)
+
+
+
+
+
+
+
+ Fix pg_upgrade's file-copying code to handle errors
+ properly on Windows (Bruce Momjian)
+
+
+
+
+
+
+
+ Install guards in pgbench against corner-case overflow
+ conditions during evaluation of script-specified division or modulo
+ operators (Fabien Coelho, Michael Paquier)
+
+
+
+
+
+
+
+ Suppress useless warning message when pg_receivexlog
+ connects to a pre-9.4 server (Marco Nenciarini)
+
+
+
+
+
+
+
+ Fix failure to localize messages emitted
+ by pg_receivexlog and pg_recvlogical
+ (Ioseph Kim)
+
+
+
+
+
+
+
+ Avoid dump/reload problems when using both plpython2
+ and plpython3 (Tom Lane)
+
+
+
+ In principle, both versions of PL/Python can be used in the same
+ database, though not in the same session (because the two versions of
+ libpython cannot safely be used concurrently).
+ However, pg_restore and pg_upgrade both
+ do things that can fall foul of the same-session restriction. Work
+ around that by changing the timing of the check.
+
+
+
+
+
+
+
+
+
+ Fix PL/Python regression tests to pass with Python 3.5
+ (Peter Eisentraut)
+
+
+
+
+
+ Fix premature clearing of libpq's input buffer when
+ socket EOF is seen (Tom Lane)
+
+
+
+ This mistake caused libpq to sometimes not report the
+ backend's final error message before reporting server closed the
+ connection unexpectedly.
+
+
+
+
+
+
+
+ Improve libpq's handling of out-of-memory situations
+ (Michael Paquier, Amit Kapila, Heikki Linnakangas)
+
+
+
+
+
+
+
+ Fix order of arguments
+ in ecpg-generated typedef statements
+ (Michael Meskes)
+
+
+
+
+
+
+
+ Use %g not %f format
+ in ecpg's PGTYPESnumeric_from_double()
+ (Tom Lane)
+
+
+
+
+
+
+
+ Fix ecpg-supplied header files to not contain comments
+ continued from a preprocessor directive line onto the next line
+ (Michael Meskes)
+
+
+
+ Such a comment is rejected by ecpg. It's not yet clear
+ whether ecpg itself should be changed.
+
+
+
+
+
+
+
+ Fix hstore_to_json_loose()'s test for whether
+ an hstore value can be converted to a JSON number (Tom Lane)
+
+
+
+ Previously this function could be fooled by non-alphanumeric trailing
+ characters, leading to emitting syntactically-invalid JSON.
+
+
+
+
+
+
+
+ Ensure that contrib/pgcrypto's crypt()
+ function can be interrupted by query cancel (Andreas Karlsson)
+
+
+
+
+
+
+
+ In contrib/postgres_fdw, fix bugs triggered by use
+ of tableoid in data-modifying commands (Etsuro Fujita,
+ Robert Haas)
+
+
+
+
+
+
+
+ Accept flex versions later than 2.5.x
+ (Tom Lane, Michael Paquier)
+
+
+
+ Now that flex 2.6.0 has been released, the version checks in our build
+ scripts needed to be adjusted.
+
+
+
+
+
+
+
+ Fix ill-advised restriction of NAMEDATALEN to be less
+ than 256 (Robert Haas, Tom Lane)
+
+
+
+
+
+
+
+ Improve reproducibility of build output by ensuring filenames are given
+ to the linker in a fixed order (Christoph Berg)
+
+
+
+ This avoids possible bitwise differences in the produced executable
+ files from one build to the next.
+
+
+
+
+
+
+
+ Install our missing script where PGXS builds can find it
+ (Jim Nasby)
+
+
+
+ This allows sane behavior in a PGXS build done on a machine where build
+ tools such as bison are missing.
+
+
+
+
+
+
+
+ Ensure that dynloader.h is included in the installed
+ header files in MSVC builds (Michael Paquier)
+
+
+
+
+
+
+
+ Add variant regression test expected-output file to match behavior of
+ current libxml2 (Tom Lane)
+
+
+
+ The fix for libxml2's CVE-2015-7499 causes it not to
+ output error context reports in some cases where it used to do so.
+ This seems to be a bug, but we'll probably have to live with it for
+ some time, so work around it.
+
+
+
+
+
+
+
+ Update time zone data files to tzdata release 2016a for
+ DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
+ Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
+
+
+
+
+
+
+
+
Release 9.4.5