Release 9.5.10Release date:2017-11-09
This release contains a variety of fixes from 9.5.9.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.10
A dump/restore is not required for those running 9.5.X.
However, if you use BRIN indexes, see the fourth changelog entry below.
Also, if you are upgrading from a version earlier than 9.5.8,
see .
Changes
Ensure that INSERT ... ON CONFLICT DO UPDATE checks
table permissions and RLS policies in all cases (Dean Rasheed)
The update path of INSERT ... ON CONFLICT DO UPDATE
requires SELECT permission on the columns of the
arbiter index, but it failed to check for that in the case of an
arbiter specified by constraint name.
In addition, for a table with row level security enabled, it failed to
check updated rows against the table's SELECT
policies (regardless of how the arbiter index was specified).
(CVE-2017-15099)
Fix crash due to rowtype mismatch
in json{b}_populate_recordset()
(Michael Paquier, Tom Lane)
These functions used the result rowtype specified in the FROM
... AS clause without checking that it matched the actual
rowtype of the supplied tuple value. If it didn't, that would usually
result in a crash, though disclosure of server memory contents seems
possible as well.
(CVE-2017-15098)
Fix sample server-start scripts to become $PGUSER
before opening $PGLOG (Noah Misch)
Previously, the postmaster log file was opened while still running as
root. The database owner could therefore mount an attack against
another system user by making $PGLOG be a symbolic
link to some other file, which would then become corrupted by appending
log messages.
By default, these scripts are not installed anywhere. Users who have
made use of them will need to manually recopy them, or apply the same
changes to their modified versions. If the
existing $PGLOG file is root-owned, it will need to
be removed or renamed out of the way before restarting the server with
the corrected script.
(CVE-2017-12172)
Fix BRIN index summarization to handle concurrent table extension
correctly (Álvaro Herrera)
Previously, a race condition allowed some table rows to be omitted from
the index. It may be necessary to reindex existing BRIN indexes to
recover from past occurrences of this problem.
Fix possible failures during concurrent updates of a BRIN index
(Tom Lane)
These race conditions could result in errors like invalid index
offnum or inconsistent range map.
Fix crash when logical decoding is invoked from a SPI-using function,
in particular any function written in a PL language
(Tom Lane)
Fix json_build_array(),
json_build_object(), and their jsonb
equivalents to handle explicit VARIADIC arguments
correctly (Michael Paquier)
Properly reject attempts to convert infinite float values to
type numeric (Tom Lane, KaiGai Kohei)
Previously the behavior was platform-dependent.
Fix corner-case crashes when columns have been added to the end of a
view (Tom Lane)
Record proper dependencies when a view or rule
contains FieldSelect
or FieldStore expression nodes (Tom Lane)
Lack of these dependencies could allow a column or data
type DROP to go through when it ought to fail,
thereby causing later uses of the view or rule to get errors.
This patch does not do anything to protect existing views/rules,
only ones created in the future.
Correctly detect hashability of range data types (Tom Lane)
The planner mistakenly assumed that any range type could be hashed
for use in hash joins or hash aggregation, but actually it must check
whether the range's subtype has hash support. This does not affect any
of the built-in range types, since they're all hashable anyway.
Correctly ignore RelabelType expression nodes
when determining relation distinctness (David Rowley)
This allows the intended optimization to occur when a subquery has
a result column of type varchar.
Fix low-probability loss of NOTIFY messages due to
XID wraparound (Marko Tiikkaja, Tom Lane)
If a session executed no queries, but merely listened for
notifications, for more than 2 billion transactions, it started to miss
some notifications from concurrently-committing transactions.
Avoid SIGBUS crash on Linux when a DSM memory
request exceeds the space available in tmpfs
(Thomas Munro)
Prevent low-probability crash in processing of nested trigger firings
(Tom Lane)
Allow COPY's FREEZE option to
work when the transaction isolation level is REPEATABLE
READ or higher (Noah Misch)
This case was unintentionally broken by a previous bug fix.
Correctly restore the umask setting when file creation fails
in COPY or lo_export()
(Peter Eisentraut)
Give a better error message for duplicate column names
in ANALYZE (Nathan Bossart)
Fix mis-parsing of the last line in a
non-newline-terminated pg_hba.conf file
(Tom Lane)
Fix pg_basebackup's matching of tablespace
paths to canonicalize both paths before comparing (Michael Paquier)
This is particularly helpful on Windows.
Fix libpq to not require user's home
directory to exist (Tom Lane)
In v10, failure to find the home directory while trying to
read ~/.pgpass was treated as a hard error,
but it should just cause that file to not be found. Both v10 and
previous release branches made the same mistake when
reading ~/.pg_service.conf, though this was less
obvious since that file is not sought unless a service name is
specified.
Fix libpq to guard against integer
overflow in the row count of a PGresult
(Michael Paquier)
Fix ecpg's handling of out-of-scope cursor
declarations with pointer or array variables (Michael Meskes)
In ecpglib, correctly handle backslashes in string literals depending
on whether standard_conforming_strings is set
(Tsunakawa Takayuki)
Make ecpglib's Informix-compatibility mode ignore fractional digits in
integer input strings, as expected (Gao Zengqi, Michael Meskes)
Fix missing temp-install prerequisites
for check-like Make targets (Noah Misch)
Some non-default test procedures that are meant to work
like make check failed to ensure that the temporary
installation was up to date.
Sync our copy of the timezone library with IANA release tzcode2017c
(Tom Lane)
This fixes various issues; the only one likely to be user-visible
is that the default DST rules for a POSIX-style zone name, if
no posixrules file exists in the timezone data
directory, now match current US law rather than what it was a dozen
years ago.
Update time zone data files to tzdata
release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus,
Sudan, Tonga, and Turks & Caicos Islands, plus historical
corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland,
Namibia, and Pago Pago.
Release 9.5.9Release date:2017-08-31
This release contains a small number of fixes from 9.5.8.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.9
A dump/restore is not required for those running 9.5.X.
However, if you are upgrading from a version earlier than 9.5.8,
see .
Changes
Show foreign tables
in information_schema.table_privileges
view (Peter Eisentraut)
All other relevant information_schema views include
foreign tables, but this one ignored them.
Since this view definition is installed by initdb,
merely upgrading will not fix the problem. If you need to fix this
in an existing installation, you can, as a superuser, do this
in psql:
SET search_path TO information_schema;
CREATE OR REPLACE VIEW table_privileges AS
SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor,
CAST(grantee.rolname AS sql_identifier) AS grantee,
CAST(current_database() AS sql_identifier) AS table_catalog,
CAST(nc.nspname AS sql_identifier) AS table_schema,
CAST(c.relname AS sql_identifier) AS table_name,
CAST(c.prtype AS character_data) AS privilege_type,
CAST(
CASE WHEN
-- object owner always has grant options
pg_has_role(grantee.oid, c.relowner, 'USAGE')
OR c.grantable
THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable,
CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy
FROM (
SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class
) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable),
pg_namespace nc,
pg_authid u_grantor,
(
SELECT oid, rolname FROM pg_authid
UNION ALL
SELECT 0::oid, 'PUBLIC'
) AS grantee (oid, rolname)
WHERE c.relnamespace = nc.oid
AND c.relkind IN ('r', 'v', 'f')
AND c.grantee = grantee.oid
AND c.grantor = u_grantor.oid
AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER')
AND (pg_has_role(u_grantor.oid, 'USAGE')
OR pg_has_role(grantee.oid, 'USAGE')
OR grantee.rolname = 'PUBLIC');
This must be repeated in each database to be fixed,
including template0.
Clean up handling of a fatal exit (e.g., due to receipt
of SIGTERM) that occurs while trying to execute
a ROLLBACK of a failed transaction (Tom Lane)
This situation could result in an assertion failure. In production
builds, the exit would still occur, but it would log an unexpected
message about cannot drop active portal.
Remove assertion that could trigger during a fatal exit (Tom Lane)
Correctly identify columns that are of a range type or domain type over
a composite type or domain type being searched for (Tom Lane)
Certain ALTER commands that change the definition of a
composite type or domain type are supposed to fail if there are any
stored values of that type in the database, because they lack the
infrastructure needed to update or check such values. Previously,
these checks could miss relevant values that are wrapped inside range
types or sub-domains, possibly allowing the database to become
inconsistent.
Fix crash in pg_restore when using parallel mode and
using a list file to select a subset of items to restore
(Fabrízio de Royes Mello)
Change ecpg's parser to allow RETURNING
clauses without attached C variables (Michael Meskes)
This allows ecpg programs to contain SQL constructs
that use RETURNING internally (for example, inside a CTE)
rather than using it to define values to be returned to the client.
Improve selection of compiler flags for PL/Perl on Windows (Tom Lane)
This fix avoids possible crashes of PL/Perl due to inconsistent
assumptions about the width of time_t values.
A side-effect that may be visible to extension developers is
that _USE_32BIT_TIME_T is no longer defined globally
in PostgreSQL Windows builds. This is not expected
to cause problems, because type time_t is not used
in any PostgreSQL API definitions.
Fix make check to behave correctly when invoked via a
non-GNU make program (Thomas Munro)
Release 9.5.8Release date:2017-08-10
This release contains a variety of fixes from 9.5.7.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.8
A dump/restore is not required for those running 9.5.X.
However, if you use foreign data servers that make use of user
passwords for authentication, see the first changelog entry below.
Also, if you are upgrading from a version earlier than 9.5.7,
see .
Changes
Further restrict visibility
of pg_user_mappings.umoptions, to
protect passwords stored as user mapping options
(Noah Misch)
The fix for CVE-2017-7486 was incorrect: it allowed a user
to see the options in her own user mapping, even if she did not
have USAGE permission on the associated foreign server.
Such options might include a password that had been provided by the
server owner rather than the user herself.
Since information_schema.user_mapping_options does not
show the options in such cases, pg_user_mappings
should not either.
(CVE-2017-7547)
By itself, this patch will only fix the behavior in newly initdb'd
databases. If you wish to apply this change in an existing database,
you will need to do the following:
Restart the postmaster after adding allow_system_table_mods
= true to postgresql.conf. (In versions
supporting ALTER SYSTEM, you can use that to make the
configuration change, but you'll still need a restart.)
In each database of the cluster,
run the following commands as superuser:
SET search_path = pg_catalog;
CREATE OR REPLACE VIEW pg_user_mappings AS
SELECT
U.oid AS umid,
S.oid AS srvid,
S.srvname AS srvname,
U.umuser AS umuser,
CASE WHEN U.umuser = 0 THEN
'public'
ELSE
A.rolname
END AS usename,
CASE WHEN (U.umuser <> 0 AND A.rolname = current_user
AND (pg_has_role(S.srvowner, 'USAGE')
OR has_server_privilege(S.oid, 'USAGE')))
OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))
OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)
THEN U.umoptions
ELSE NULL END AS umoptions
FROM pg_user_mapping U
LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN
pg_foreign_server S ON (U.umserver = S.oid);
Do not forget to include the template0
and template1 databases, or the vulnerability will still
exist in databases you create later. To fix template0,
you'll need to temporarily make it accept connections.
In PostgreSQL 9.5 and later, you can use
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
and then after fixing template0, undo that with
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
In prior versions, instead use
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
Finally, remove the allow_system_table_mods configuration
setting, and again restart the postmaster.
Disallow empty passwords in all password-based authentication methods
(Heikki Linnakangas)
libpq ignores empty password specifications, and does
not transmit them to the server. So, if a user's password has been
set to the empty string, it's impossible to log in with that password
via psql or other libpq-based
clients. An administrator might therefore believe that setting the
password to empty is equivalent to disabling password login.
However, with a modified or non-libpq-based client,
logging in could be possible, depending on which authentication
method is configured. In particular the most common
method, md5, accepted empty passwords.
Change the server to reject empty passwords in all cases.
(CVE-2017-7546)
Make lo_put() check for UPDATE privilege on
the target large object (Tom Lane, Michael Paquier)
lo_put() should surely require the same permissions
as lowrite(), but the check was missing, allowing any
user to change the data in a large object.
(CVE-2017-7548)
Correct the documentation about the process for upgrading standby
servers with pg_upgrade (Bruce Momjian)
The previous documentation instructed users to start/stop the primary
server after running pg_upgrade but before syncing
the standby servers. This sequence is unsafe.
Fix concurrent locking of tuple update chains (Álvaro Herrera)
If several sessions concurrently lock a tuple update chain with
nonconflicting lock modes using an old snapshot, and they all
succeed, it was possible for some of them to nonetheless fail (and
conclude there is no live tuple version) due to a race condition.
This had consequences such as foreign-key checks failing to see a
tuple that definitely exists but is being updated concurrently.
Fix potential data corruption when freezing a tuple whose XMAX is a
multixact with exactly one still-interesting member (Teodor Sigaev)
Avoid integer overflow and ensuing crash when sorting more than one
billion tuples in-memory (Sergey Koposov)
On Windows, retry process creation if we fail to reserve the address
range for our shared memory in the new process (Tom Lane, Amit
Kapila)
This is expected to fix infrequent child-process-launch failures that
are probably due to interference from antivirus products.
Fix low-probability corruption of shared predicate-lock hash table
in Windows builds (Thomas Munro, Tom Lane)
Avoid logging clean closure of an SSL connection as though
it were a connection reset (Michael Paquier)
Prevent sending SSL session tickets to clients (Tom Lane)
This fix prevents reconnection failures with ticket-aware client-side
SSL code.
Fix code for setting on
Solaris (Tom Lane)
Fix statistics collector to honor inquiry messages issued just after
a postmaster shutdown and immediate restart (Tom Lane)
Statistics inquiries issued within half a second of the previous
postmaster shutdown were effectively ignored.
Ensure that the statistics collector's receive buffer size is at
least 100KB (Tom Lane)
This reduces the risk of dropped statistics data on older platforms
whose default receive buffer size is less than that.
Fix possible creation of an invalid WAL segment when a standby is
promoted just after it processes an XLOG_SWITCH WAL
record (Andres Freund)
Fix walsender to exit promptly when client requests
shutdown (Tom Lane)
Fix SIGHUP and SIGUSR1 handling in
walsender processes (Petr Jelinek, Andres Freund)
Prevent walsender-triggered panics during shutdown checkpoints
(Andres Freund, Michael Paquier)
Fix unnecessarily slow restarts of walreceiver
processes due to race condition in postmaster (Tom Lane)
Fix leakage of small subtransactions spilled to disk during logical
decoding (Andres Freund)
This resulted in temporary files consuming excessive disk space.
Reduce the work needed to build snapshots during creation of
logical-decoding slots (Andres Freund, Petr Jelinek)
The previous algorithm was infeasibly expensive on a server with a
lot of open transactions.
Fix race condition that could indefinitely delay creation of
logical-decoding slots (Andres Freund, Petr Jelinek)
Reduce overhead in processing syscache invalidation events (Tom Lane)
This is particularly helpful for logical decoding, which triggers
frequent cache invalidation.
Fix cases where an INSERT or UPDATE assigns
to more than one element of a column that is of domain-over-array
type (Tom Lane)
Allow window functions to be used in sub-SELECTs that
are within the arguments of an aggregate function (Tom Lane)
Move autogenerated array types out of the way during
ALTER ... RENAME (Vik Fearing)
Previously, we would rename a conflicting autogenerated array type
out of the way during CREATE; this fix extends that
behavior to renaming operations.
Fix dangling pointer in ALTER TABLE when there is a
comment on a constraint belonging to the table (David Rowley)
Re-applying the comment to the reconstructed constraint could fail
with a weird error message, or even crash.
Ensure that ALTER USER ... SET accepts all the syntax
variants that ALTER ROLE ... SET does (Peter Eisentraut)
Properly update dependency info when changing a datatype I/O
function's argument or return type from opaque to the
correct type (Heikki Linnakangas)
CREATE TYPE updates I/O functions declared in this
long-obsolete style, but it forgot to record a dependency on the
type, allowing a subsequent DROP TYPE to leave broken
function definitions behind.
Reduce memory usage when ANALYZE processes
a tsvector column (Heikki Linnakangas)
Fix unnecessary precision loss and sloppy rounding when multiplying
or dividing money values by integers or floats (Tom Lane)
Tighten checks for whitespace in functions that parse identifiers,
such as regprocedurein() (Tom Lane)
Depending on the prevailing locale, these functions could
misinterpret fragments of multibyte characters as whitespace.
Use relevant #define symbols from Perl while
compiling PL/Perl (Ashutosh Sharma, Tom Lane)
This avoids portability problems, typically manifesting as
a handshake mismatch during library load, when working with
recent Perl versions.
In libpq, reset GSS/SASL and SSPI authentication
state properly after a failed connection attempt (Michael Paquier)
Failure to do this meant that when falling back from SSL to non-SSL
connections, a GSS/SASL failure in the SSL attempt would always cause
the non-SSL attempt to fail. SSPI did not fail, but it leaked memory.
In psql, fix failure when COPY FROM STDIN
is ended with a keyboard EOF signal and then another COPY
FROM STDIN is attempted (Thomas Munro)
This misbehavior was observed on BSD-derived platforms (including
macOS), but not on most others.
Fix pg_dump and pg_restore to
emit REFRESH MATERIALIZED VIEW commands last (Tom Lane)
This prevents errors during dump/restore when a materialized view
refers to tables owned by a different user.
Improve pg_dump/pg_restore's
reporting of error conditions originating in zlib
(Vladimir Kunschikov, Álvaro Herrera)
Fix pg_dump with the option to
drop event triggers as expected (Tom Lane)
It also now correctly assigns ownership of event triggers; before,
they were restored as being owned by the superuser running the
restore script.
Fix pg_dump to not emit invalid SQL for an empty
operator class (Daniel Gustafsson)
Fix pg_dump output to stdout on Windows (Kuntal Ghosh)
A compressed plain-text dump written to stdout would contain corrupt
data due to failure to put the file descriptor into binary mode.
Fix pg_get_ruledef() to print correct output for
the ON SELECT rule of a view whose columns have been
renamed (Tom Lane)
In some corner cases, pg_dump relies
on pg_get_ruledef() to dump views, so that this error
could result in dump/reload failures.
Fix dumping of outer joins with empty constraints, such as the result
of a NATURAL LEFT JOIN with no common columns (Tom Lane)
Fix dumping of function expressions in the FROM clause in
cases where the expression does not deparse into something that looks
like a function call (Tom Lane)
Fix pg_basebackup output to stdout on Windows
(Haribabu Kommi)
A backup written to stdout would contain corrupt data due to failure
to put the file descriptor into binary mode.
Fix pg_rewind to correctly handle files exceeding 2GB
(Kuntal Ghosh, Michael Paquier)
Ordinarily such files won't appear in PostgreSQL data
directories, but they could be present in some cases.
Fix pg_upgrade to ensure that the ending WAL record
does not have = minimum
(Bruce Momjian)
This condition could prevent upgraded standby servers from
reconnecting.
Fix pg_xlogdump's computation of WAL record length
(Andres Freund)
In postgres_fdw, re-establish connections to remote
servers after ALTER SERVER or ALTER USER
MAPPING commands (Kyotaro Horiguchi)
This ensures that option changes affecting connection parameters will
be applied promptly.
In postgres_fdw, allow cancellation of remote
transaction control commands (Robert Haas, Rafia Sabih)
This change allows us to quickly escape a wait for an unresponsive
remote server in many more cases than previously.
Increase MAX_SYSCACHE_CALLBACKS to provide more room for
extensions (Tom Lane)
Always use , not , when building
shared libraries with gcc (Tom Lane)
This supports larger extension libraries on platforms where it makes
a difference.
Fix unescaped-braces issue in our build scripts for Microsoft MSVC,
to avoid a warning or error from recent Perl versions (Andrew
Dunstan)
In MSVC builds, handle the case where the openssl
library is not within a VC subdirectory (Andrew Dunstan)
In MSVC builds, add proper include path for libxml2
header files (Andrew Dunstan)
This fixes a former need to move things around in standard Windows
installations of libxml2.
In MSVC builds, recognize a Tcl library that is
named tcl86.lib (Noah Misch)
In MSVC builds, honor PROVE_FLAGS settings
on vcregress.pl's command line (Andrew Dunstan)
Release 9.5.7Release date:2017-05-11
This release contains a variety of fixes from 9.5.6.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.7
A dump/restore is not required for those running 9.5.X.
However, if you use foreign data servers that make use of user
passwords for authentication, see the first changelog entry below.
Also, if you are using third-party replication tools that depend
on logical decoding, see the fourth changelog entry below.
Also, if you are upgrading from a version earlier than 9.5.6,
see .
Changes
Restrict visibility
of pg_user_mappings.umoptions, to
protect passwords stored as user mapping options
(Michael Paquier, Feike Steenbergen)
The previous coding allowed the owner of a foreign server object,
or anyone he has granted server USAGE permission to,
to see the options for all user mappings associated with that server.
This might well include passwords for other users.
Adjust the view definition to match the behavior of
information_schema.user_mapping_options, namely that
these options are visible to the user being mapped, or if the mapping
is for PUBLIC and the current user is the server
owner, or if the current user is a superuser.
(CVE-2017-7486)
By itself, this patch will only fix the behavior in newly initdb'd
databases. If you wish to apply this change in an existing database,
follow the corrected procedure shown in the changelog entry for
CVE-2017-7547, in .
Prevent exposure of statistical information via leaky operators
(Peter Eisentraut)
Some selectivity estimation functions in the planner will apply
user-defined operators to values obtained
from pg_statistic, such as most common values and
histogram entries. This occurs before table permissions are checked,
so a nefarious user could exploit the behavior to obtain these values
for table columns he does not have permission to read. To fix,
fall back to a default estimate if the operator's implementation
function is not certified leak-proof and the calling user does not have
permission to read the table column whose statistics are needed.
At least one of these criteria is satisfied in most cases in practice.
(CVE-2017-7484)
Restore libpq's recognition of
the PGREQUIRESSL environment variable (Daniel Gustafsson)
Processing of this environment variable was unintentionally dropped
in PostgreSQL 9.3, but its documentation remained.
This creates a security hazard, since users might be relying on the
environment variable to force SSL-encrypted connections, but that
would no longer be guaranteed. Restore handling of the variable,
but give it lower priority than PGSSLMODE, to avoid
breaking configurations that work correctly with post-9.3 code.
(CVE-2017-7485)
Fix possibly-invalid initial snapshot during logical decoding
(Petr Jelinek, Andres Freund)
The initial snapshot created for a logical decoding replication slot
was potentially incorrect. This could cause third-party tools that
use logical decoding to copy incomplete/inconsistent initial data.
This was more likely to happen if the source server was busy at the
time of slot creation, or if another logical slot already existed.
If you are using a replication tool that depends on logical decoding,
and it should have copied a nonempty data set at the start of
replication, it is advisable to recreate the replica after
installing this update, or to verify its contents against the source
server.
Fix possible corruption of init forks of unlogged indexes
(Robert Haas, Michael Paquier)
This could result in an unlogged index being set to an invalid state
after a crash and restart. Such a problem would persist until the
index was dropped and rebuilt.
Fix incorrect reconstruction of pg_subtrans entries
when a standby server replays a prepared but uncommitted two-phase
transaction (Tom Lane)
In most cases this turned out to have no visible ill effects, but in
corner cases it could result in circular references
in pg_subtrans, potentially causing infinite loops
in queries that examine rows modified by the two-phase transaction.
Avoid possible crash in walsender due to failure
to initialize a string buffer (Stas Kelvich, Fujii Masao)
Fix possible crash when rescanning a nearest-neighbor index-only scan
on a GiST index (Tom Lane)
Fix postmaster's handling of fork() failure for a
background worker process (Tom Lane)
Previously, the postmaster updated portions of its state as though
the process had been launched successfully, resulting in subsequent
confusion.
Fix crash or wrong answers when a GROUPING SETS column's
data type is hashable but not sortable (Pavan Deolasee)
Avoid applying physical targetlist optimization to custom
scans (Dmitry Ivanov, Tom Lane)
This optimization supposed that retrieving all columns of a tuple
is inexpensive, which is true for ordinary Postgres tuples; but it
might not be the case for a custom scan provider.
Use the correct sub-expression when applying a FOR ALL
row-level-security policy (Stephen Frost)
In some cases the WITH CHECK restriction would be applied
when the USING restriction is more appropriate.
Ensure parsing of queries in extension scripts sees the results of
immediately-preceding DDL (Julien Rouhaud, Tom Lane)
Due to lack of a cache flush step between commands in an extension
script file, non-utility queries might not see the effects of an
immediately preceding catalog change, such as ALTER TABLE
... RENAME.
Skip tablespace privilege checks when ALTER TABLE ... ALTER
COLUMN TYPE rebuilds an existing index (Noah Misch)
The command failed if the calling user did not currently have
CREATE privilege for the tablespace containing the index.
That behavior seems unhelpful, so skip the check, allowing the
index to be rebuilt where it is.
Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse
to child tables when the constraint is marked NO INHERIT
(Amit Langote)
This fix prevents unwanted constraint does not exist failures
when no matching constraint is present in the child tables.
Avoid dangling pointer in COPY ... TO when row-level
security is active for the source table (Tom Lane)
Usually this had no ill effects, but sometimes it would cause
unexpected errors or crashes.
Avoid accessing an already-closed relcache entry in CLUSTER
and VACUUM FULL (Tom Lane)
With some bad luck, this could lead to indexes on the target
relation getting rebuilt with the wrong persistence setting.
Fix VACUUM to account properly for pages that could not
be scanned due to conflicting page pins (Andrew Gierth)
This tended to lead to underestimation of the number of tuples in
the table. In the worst case of a small heavily-contended
table, VACUUM could incorrectly report that the table
contained no tuples, leading to very bad planning choices.
Ensure that bulk-tuple-transfer loops within a hash join are
interruptible by query cancel requests (Tom Lane, Thomas Munro)
Fix integer-overflow problems in interval comparison (Kyotaro
Horiguchi, Tom Lane)
The comparison operators for type interval could yield wrong
answers for intervals larger than about 296000 years. Indexes on
columns containing such large values should be reindexed, since they
may be corrupt.
Fix cursor_to_xml() to produce valid output
with tableforest = false
(Thomas Munro, Peter Eisentraut)
Previously it failed to produce a wrapping <table>
element.
Fix roundoff problems in float8_timestamptz()
and make_interval() (Tom Lane)
These functions truncated, rather than rounded, when converting a
floating-point value to integer microseconds; that could cause
unexpectedly off-by-one results.
Fix pg_get_object_address() to handle members of operator
families correctly (Álvaro Herrera)
Improve performance of pg_timezone_names view
(Tom Lane, David Rowley)
Reduce memory management overhead for contexts containing many large
blocks (Tom Lane)
Fix sloppy handling of corner-case errors from lseek()
and close() (Tom Lane)
Neither of these system calls are likely to fail in typical situations,
but if they did, fd.c could get quite confused.
Fix incorrect check for whether postmaster is running as a Windows
service (Michael Paquier)
This could result in attempting to write to the event log when that
isn't accessible, so that no logging happens at all.
Fix ecpg to support COMMIT PREPARED
and ROLLBACK PREPARED (Masahiko Sawada)
Fix a double-free error when processing dollar-quoted string literals
in ecpg (Michael Meskes)
In pg_dump, fix incorrect schema and owner marking for
comments and security labels of some types of database objects
(Giuseppe Broccolo, Tom Lane)
In simple cases this caused no ill effects; but for example, a
schema-selective restore might omit comments it should include, because
they were not marked as belonging to the schema of their associated
object.
Avoid emitting an invalid list file in pg_restore -l
when SQL object names contain newlines (Tom Lane)
Replace newlines by spaces, which is sufficient to make the output
valid for pg_restore -L's purposes.
Fix pg_upgrade to transfer comments and security labels
attached to large objects (blobs) (Stephen Frost)
Previously, blobs were correctly transferred to the new database, but
any comments or security labels attached to them were lost.
Improve error handling
in contrib/adminpack's pg_file_write()
function (Noah Misch)
Notably, it failed to detect errors reported
by fclose().
In contrib/dblink, avoid leaking the previous unnamed
connection when establishing a new unnamed connection (Joe Conway)
Fix contrib/pg_trgm's extraction of trigrams from regular
expressions (Tom Lane)
In some cases it would produce a broken data structure that could never
match anything, leading to GIN or GiST indexscans that use a trigram
index not finding any matches to the regular expression.
In contrib/postgres_fdw,
transmit query cancellation requests to the remote server
(Michael Paquier, Etsuro Fujita)
Previously, a local query cancellation request did not cause an
already-sent remote query to terminate early. This is a back-patch
of work originally done for 9.6.
Support Tcl 8.6 in MSVC builds (Álvaro Herrera)
Sync our copy of the timezone library with IANA release tzcode2017b
(Tom Lane)
This fixes a bug affecting some DST transitions in January 2038.
Update time zone data files to tzdata release 2017b
for DST law changes in Chile, Haiti, and Mongolia, plus historical
corrections for Ecuador, Kazakhstan, Liberia, and Spain.
Switch to numeric abbreviations for numerous time zones in South
America, the Pacific and Indian oceans, and some Asian and Middle
Eastern countries.
The IANA time zone database previously provided textual abbreviations
for all time zones, sometimes making up abbreviations that have little
or no currency among the local population. They are in process of
reversing that policy in favor of using numeric UTC offsets in zones
where there is no evidence of real-world use of an English
abbreviation. At least for the time being, PostgreSQL
will continue to accept such removed abbreviations for timestamp input.
But they will not be shown in the pg_timezone_names
view nor used for output.
Use correct daylight-savings rules for POSIX-style time zone names
in MSVC builds (David Rowley)
The Microsoft MSVC build scripts neglected to install
the posixrules file in the timezone directory tree.
This resulted in the timezone code falling back to its built-in
rule about what DST behavior to assume for a POSIX-style time zone
name. For historical reasons that still corresponds to the DST rules
the USA was using before 2007 (i.e., change on first Sunday in April
and last Sunday in October). With this fix, a POSIX-style zone name
will use the current and historical DST transition dates of
the US/Eastern zone. If you don't want that, remove
the posixrules file, or replace it with a copy of some
other zone file (see ). Note that
due to caching, you may need to restart the server to get such changes
to take effect.
Release 9.5.6Release date:2017-02-09
This release contains a variety of fixes from 9.5.5.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.6
A dump/restore is not required for those running 9.5.X.
However, if your installation has been affected by the bug described in
the first changelog entry below, then after updating you may need
to take action to repair corrupted indexes.
Also, if you are upgrading from a version earlier than 9.5.5,
see .
Changes
Fix a race condition that could cause indexes built
with CREATE INDEX CONCURRENTLY to be corrupt
(Pavan Deolasee, Tom Lane)
If CREATE INDEX CONCURRENTLY was used to build an index
that depends on a column not previously indexed, then rows
updated by transactions that ran concurrently with
the CREATE INDEX command could have received incorrect
index entries. If you suspect this may have happened, the most
reliable solution is to rebuild affected indexes after installing
this update.
Ensure that the special snapshot used for catalog scans is not
invalidated by premature data pruning (Tom Lane)
Backends failed to account for this snapshot when advertising their
oldest xmin, potentially allowing concurrent vacuuming operations to
remove data that was still needed. This led to transient failures
along the lines of cache lookup failed for relation 1255.
Fix incorrect WAL logging for BRIN indexes (Kuntal Ghosh)
The WAL record emitted for a BRIN revmap page when moving an
index tuple to a different page was incorrect. Replay would make the
related portion of the index useless, forcing it to be recomputed.
Unconditionally WAL-log creation of the init fork for an
unlogged table (Michael Paquier)
Previously, this was skipped when
= minimal, but actually it's necessary even in that case
to ensure that the unlogged table is properly reset to empty after a
crash.
Reduce interlocking on standby servers during the replay of btree
index vacuuming operations (Simon Riggs)
This change avoids substantial replication delays that sometimes
occurred while replaying such operations.
If the stats collector dies during hot standby, restart it (Takayuki
Tsunakawa)
Ensure that hot standby feedback works correctly when it's enabled at
standby server start (Ants Aasma, Craig Ringer)
Check for interrupts while hot standby is waiting for a conflicting
query (Simon Riggs)
Avoid constantly respawning the autovacuum launcher in a corner case
(Amit Khandekar)
This fix avoids problems when autovacuum is nominally off and there
are some tables that require freezing, but all such tables are
already being processed by autovacuum workers.
Fix check for when an extension member object can be dropped (Tom Lane)
Extension upgrade scripts should be able to drop member objects,
but this was disallowed for serial-column sequences, and possibly
other cases.
Make sure ALTER TABLE preserves index tablespace
assignments when rebuilding indexes (Tom Lane, Michael Paquier)
Previously, non-default settings
of could result in broken
indexes.
Fix incorrect updating of trigger function properties when changing a
foreign-key constraint's deferrability properties with ALTER
TABLE ... ALTER CONSTRAINT (Tom Lane)
This led to odd failures during subsequent exercise of the foreign
key, as the triggers were fired at the wrong times.
Prevent dropping a foreign-key constraint if there are pending
trigger events for the referenced relation (Tom Lane)
This avoids could not find trigger NNN
or relation NNN has no triggers errors.
Fix ALTER TABLE ... SET DATA TYPE ... USING when child
table has different column ordering than the parent
(Álvaro Herrera)
Failure to adjust the column numbering in the USING
expression led to errors,
typically attribute N has wrong type.
Fix processing of OID column when a table with OIDs is associated to
a parent with OIDs via ALTER TABLE ... INHERIT (Amit
Langote)
The OID column should be treated the same as regular user columns in
this case, but it wasn't, leading to odd behavior in later
inheritance changes.
Fix CREATE OR REPLACE VIEW to update the view query
before attempting to apply the new view options (Dean Rasheed)
Previously the command would fail if the new options were
inconsistent with the old view definition.
Report correct object identity during ALTER TEXT SEARCH
CONFIGURATION (Artur Zakirov)
The wrong catalog OID was reported to extensions such as logical
decoding.
Fix commit timestamp mechanism to not fail when queried about
the special XIDs FrozenTransactionId
and BootstrapTransactionId (Craig Ringer)
Check for serializability conflicts before reporting
constraint-violation failures (Thomas Munro)
When using serializable transaction isolation, it is desirable
that any error due to concurrent transactions should manifest
as a serialization failure, thereby cueing the application that
a retry might succeed. Unfortunately, this does not reliably
happen for duplicate-key failures caused by concurrent insertions.
This change ensures that such an error will be reported as a
serialization error if the application explicitly checked for
the presence of a conflicting key (and did not find it) earlier
in the transaction.
Fix incorrect use of view reloptions as regular table reloptions (Tom
Lane)
The symptom was spurious ON CONFLICT is not supported on table
... used as a catalog table errors when the target
of INSERT ... ON CONFLICT is a view with cascade option.
Fix incorrect target lists can have at most N
entries complaint when using ON CONFLICT with
wide tables (Tom Lane)
Prevent multicolumn expansion of foo.* in
an UPDATE source expression (Tom Lane)
This led to UPDATE target count mismatch --- internal
error. Now the syntax is understood as a whole-row variable,
as it would be in other contexts.
Ensure that column typmods are determined accurately for
multi-row VALUES constructs (Tom Lane)
This fixes problems occurring when the first value in a column has a
determinable typmod (e.g., length for a varchar value) but
later values don't share the same limit.
Throw error for an unfinished Unicode surrogate pair at the end of a
Unicode string (Tom Lane)
Normally, a Unicode surrogate leading character must be followed by a
Unicode surrogate trailing character, but the check for this was
missed if the leading character was the last character in a Unicode
string literal (U&'...') or Unicode identifier
(U&"...").
Ensure that a purely negative text search query, such
as !foo, matches empty tsvectors (Tom Dunstan)
Such matches were found by GIN index searches, but not by sequential
scans or GiST index searches.
Prevent crash when ts_rewrite() replaces a non-top-level
subtree with an empty query (Artur Zakirov)
Fix performance problems in ts_rewrite() (Tom Lane)
Fix ts_rewrite()'s handling of nested NOT operators
(Tom Lane)
Improve speed of user-defined aggregates that
use array_append() as transition function (Tom Lane)
Fix array_fill() to handle empty arrays properly (Tom Lane)
Fix possible crash in array_position()
or array_positions() when processing arrays of records
(Junseok Yang)
Fix one-byte buffer overrun in quote_literal_cstr()
(Heikki Linnakangas)
The overrun occurred only if the input consisted entirely of single
quotes and/or backslashes.
Prevent multiple calls of pg_start_backup()
and pg_stop_backup() from running concurrently (Michael
Paquier)
This avoids an assertion failure, and possibly worse things, if
someone tries to run these functions in parallel.
Disable transform that attempted to remove no-op AT TIME
ZONE conversions (Tom Lane)
This resulted in wrong answers when the simplified expression was
used in an index condition.
Avoid discarding interval-to-interval casts
that aren't really no-ops (Tom Lane)
In some cases, a cast that should result in zeroing out
low-order interval fields was mistakenly deemed to be a
no-op and discarded. An example is that casting from INTERVAL
MONTH to INTERVAL YEAR failed to clear the months field.
Fix bugs in transmitting GUC parameter values to parallel workers
(Michael Paquier, Tom Lane)
Ensure that cached plans are invalidated by changes in foreign-table
options (Amit Langote, Etsuro Fujita, Ashutosh Bapat)
Fix pg_dump to dump user-defined casts and transforms
that use built-in functions (Stephen Frost)
Fix pg_restore with
to behave more sanely if an archive contains
unrecognized DROP commands (Tom Lane)
This doesn't fix any live bug, but it may improve the behavior in
future if pg_restore is used with an archive
generated by a later pg_dump version.
Fix pg_basebackup's rate limiting in the presence of
slow I/O (Antonin Houska)
If disk I/O was transiently much slower than the specified rate
limit, the calculation overflowed, effectively disabling the rate
limit for the rest of the run.
Fix pg_basebackup's handling of
symlinked pg_stat_tmp and pg_replslot
subdirectories (Magnus Hagander, Michael Paquier)
Fix possible pg_basebackup failure on standby
server when including WAL files (Amit Kapila, Robert Haas)
Fix possible mishandling of expanded arrays in domain check
constraints and CASE execution (Tom Lane)
It was possible for a PL/pgSQL function invoked in these contexts to
modify or even delete an array value that needs to be preserved for
additional operations.
Fix nested uses of PL/pgSQL functions in contexts such as domain
check constraints evaluated during assignment to a PL/pgSQL variable
(Tom Lane)
Ensure that the Python exception objects we create for PL/Python are
properly reference-counted (Rafa de la Torre, Tom Lane)
This avoids failures if the objects are used after a Python garbage
collection cycle has occurred.
Fix PL/Tcl to support triggers on tables that have .tupno
as a column name (Tom Lane)
This matches the (previously undocumented) behavior of
PL/Tcl's spi_exec and spi_execp commands,
namely that a magic .tupno column is inserted only if
there isn't a real column named that.
Allow DOS-style line endings in ~/.pgpass files,
even on Unix (Vik Fearing)
This change simplifies use of the same password file across Unix and
Windows machines.
Fix one-byte buffer overrun if ecpg is given a file
name that ends with a dot (Takayuki Tsunakawa)
Fix psql's tab completion for ALTER DEFAULT
PRIVILEGES (Gilles Darold, Stephen Frost)
In psql, treat an empty or all-blank setting of
the PAGER environment variable as meaning no
pager (Tom Lane)
Previously, such a setting caused output intended for the pager to
vanish entirely.
Improve contrib/dblink's reporting of
low-level libpq errors, such as out-of-memory
(Joe Conway)
Teach contrib/dblink to ignore irrelevant server options
when it uses a contrib/postgres_fdw foreign server as
the source of connection options (Corey Huinker)
Previously, if the foreign server object had options that were not
also libpq connection options, an error occurred.
Fix portability problems in contrib/pageinspect's
functions for GIN indexes (Peter Eisentraut, Tom Lane)
On Windows, ensure that environment variable changes are propagated
to DLLs built with debug options (Christian Ullrich)
Sync our copy of the timezone library with IANA release tzcode2016j
(Tom Lane)
This fixes various issues, most notably that timezone data
installation failed if the target directory didn't support hard
links.
Update time zone data files to tzdata release 2016j
for DST law changes in northern Cyprus (adding a new zone
Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga,
and Antarctica/Casey.
Historical corrections for Italy, Kazakhstan, Malta, and Palestine.
Switch to preferring numeric zone abbreviations for Tonga.
Release 9.5.5Release date:2016-10-27
This release contains a variety of fixes from 9.5.4.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.5
A dump/restore is not required for those running 9.5.X.
However, if your installation has been affected by the bug described in
the first changelog entry below, then after updating you may need
to take action to repair corrupted free space maps.
Also, if you are upgrading from a version earlier than 9.5.2,
see .
Changes
Fix WAL-logging of truncation of relation free space maps and
visibility maps (Pavan Deolasee, Heikki Linnakangas)
It was possible for these files to not be correctly restored during
crash recovery, or to be written incorrectly on a standby server.
Bogus entries in a free space map could lead to attempts to access
pages that have been truncated away from the relation itself, typically
producing errors like could not read block XXX:
read only 0 of 8192 bytes. Checksum failures in the
visibility map are also possible, if checksumming is enabled.
Procedures for determining whether there is a problem and repairing it
if so are discussed at
.
Fix incorrect creation of GIN index WAL records on big-endian machines
(Tom Lane)
The typical symptom was unexpected GIN leaf action errors
during WAL replay.
Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that
have been updated by a subsequently-aborted transaction
(Álvaro Herrera)
In 9.5 and later, the SELECT would sometimes fail to
return such tuples at all. A failure has not been proven to occur in
earlier releases, but might be possible with concurrent updates.
Fix EvalPlanQual rechecks involving CTE scans (Tom Lane)
The recheck would always see the CTE as returning no rows, typically
leading to failure to update rows that were recently updated.
Fix deletion of speculatively inserted TOAST tuples when backing out
of INSERT ... ON CONFLICT (Oskari Saarenmaa)
In the race condition where two transactions try to insert conflicting
tuples at about the same time, the loser would fail with
an attempted to delete invisible tuple error if its
insertion included any TOAST'ed fields.
Don't throw serialization errors for self-conflicting insertions
in INSERT ... ON CONFLICT (Thomas Munro, Peter Geoghegan)
Fix improper repetition of previous results from hashed aggregation in
a subquery (Andrew Gierth)
The test to see if we can reuse a previously-computed hash table of
the aggregate state values neglected the possibility of an outer query
reference appearing in an aggregate argument expression. A change in
the value of such a reference should lead to recalculating the hash
table, but did not.
Fix query-lifespan memory leak in a bulk UPDATE on a table
with a PRIMARY KEY or REPLICA IDENTITY index
(Tom Lane)
Fix COPY with a column name list from a table that has
row-level security enabled (Adam Brightwell)
Fix EXPLAIN to emit valid XML when
is on (Markus Winand)
Previously the XML output-format option produced syntactically invalid
tags such as <I/O-Read-Time>. That is now
rendered as <I-O-Read-Time>.
Suppress printing of zeroes for unmeasured times
in EXPLAIN (Maksim Milyutin)
Certain option combinations resulted in printing zero values for times
that actually aren't ever measured in that combination. Our general
policy in EXPLAIN is not to print such fields at all, so
do that consistently in all cases.
Fix statistics update for TRUNCATE in a prepared
transaction (Stas Kelvich)
Fix timeout length when VACUUM is waiting for exclusive
table lock so that it can truncate the table (Simon Riggs)
The timeout was meant to be 50 milliseconds, but it was actually only
50 microseconds, causing VACUUM to give up on truncation
much more easily than intended. Set it to the intended value.
Fix bugs in merging inherited CHECK constraints while
creating or altering a table (Tom Lane, Amit Langote)
Allow identical CHECK constraints to be added to a parent
and child table in either order. Prevent merging of a valid
constraint from the parent table with a NOT VALID
constraint on the child. Likewise, prevent merging of a NO
INHERIT child constraint with an inherited constraint.
Show a sensible value
in pg_settings.unit
for min_wal_size and max_wal_size (Tom Lane)
Remove artificial restrictions on the values accepted
by numeric_in() and numeric_recv()
(Tom Lane)
We allow numeric values up to the limit of the storage format (more
than 1e100000), so it seems fairly pointless
that numeric_in() rejected scientific-notation exponents
above 1000. Likewise, it was silly for numeric_recv() to
reject more than 1000 digits in an input value.
Avoid very-low-probability data corruption due to testing tuple
visibility without holding buffer lock (Thomas Munro, Peter Geoghegan,
Tom Lane)
Preserve commit timestamps across server restart
(Julien Rouhaud, Craig Ringer)
With turned on, old
commit timestamps became inaccessible after a clean server restart.
Fix logical WAL decoding to work properly when a subtransaction's WAL
output is large enough to spill to disk (Andres Freund)
Fix possible sorting error when aborting use of abbreviated keys
(Peter Geoghegan)
In the worst case, this could result in a corrupt btree index, which
would need to be rebuilt using REINDEX. However, the
situation is believed to be rare.
Fix file descriptor leakage when truncating a temporary relation of
more than 1GB (Andres Freund)
Disallow starting a standalone backend with standby_mode
turned on (Michael Paquier)
This can't do anything useful, since there will be no WAL receiver
process to fetch more WAL data; and it could result in misbehavior
in code that wasn't designed with this situation in mind.
Properly initialize replication slot state when recycling a
previously-used slot (Michael Paquier)
This failure to reset all of the fields of the slot could
prevent VACUUM from removing dead tuples.
Round shared-memory allocation request to a multiple of the actual
huge page size when attempting to use huge pages on Linux (Tom Lane)
This avoids possible failures during munmap() on systems
with atypical default huge page sizes. Except in crash-recovery
cases, there were no ill effects other than a log message.
Use a more random value for the dynamic shared memory control
segment's ID (Robert Haas, Tom Lane)
Previously, the same value would be chosen every time, because it was
derived from random() but srandom() had not
yet been called. While relatively harmless, this was not the intended
behavior.
On Windows, retry creation of the dynamic shared memory control
segment after an access-denied error (Kyotaro Horiguchi, Amit Kapila)
Windows sometimes returns ERROR_ACCESS_DENIED rather
than ERROR_ALREADY_EXISTS when there is an existing
segment. This led to postmaster startup failure due to believing that
the former was an unrecoverable error.
Fix PL/pgSQL to not misbehave with parameters and
local variables of type int2vector or oidvector
(Tom Lane)
Don't try to share SSL contexts across multiple connections
in libpq (Heikki Linnakangas)
This led to assorted corner-case bugs, particularly when trying to use
different SSL parameters for different connections.
Avoid corner-case memory leak in libpq (Tom Lane)
The reported problem involved leaking an error report
during PQreset(), but there might be related cases.
Make ecpg's and
options work consistently with our other executables (Haribabu Kommi)
Fix pgbench's calculation of average latency
(Fabien Coelho)
The calculation was incorrect when there were \sleep
commands in the script, or when the test duration was specified in
number of transactions rather than total time.
In pg_upgrade, check library loadability in name order
(Tom Lane)
This is a workaround to deal with cross-extension dependencies from
language transform modules to their base language and data type
modules.
In pg_dump, never dump range constructor functions
(Tom Lane)
This oversight led to pg_upgrade failures with
extensions containing range types, due to duplicate creation of the
constructor functions.
In pg_dump with ,
suppress TABLESPACE clause of CREATE DATABASE
if is specified (Tom Lane)
Make pg_receivexlog work correctly
with without slots (Gabriele Bartolini)
Disallow specifying both
and options to pg_rewind
(Michael Banck)
Make pg_rewind turn off synchronous_commit
in its session on the source server (Michael Banck, Michael Paquier)
This allows pg_rewind to work even when the source
server is using synchronous replication that is not working for some
reason.
In pg_xlogdump, retry opening new WAL segments when
using option (Magnus Hagander)
This allows for a possible delay in the server's creation of the next
segment.
Fix pg_xlogdump to cope with a WAL file that begins
with a continuation record spanning more than one page (Pavan
Deolasee)
Fix contrib/pg_buffercache to work
when shared_buffers exceeds 256GB (KaiGai Kohei)
Fix contrib/intarray/bench/bench.pl to print the results
of the EXPLAIN it does when given the option
(Daniel Gustafsson)
Support OpenSSL 1.1.0 (Heikki Linnakangas)
Install TAP test infrastructure so that it's available for extension
testing (Craig Ringer)
When PostgreSQL has been configured
with , make install will now
install the Perl support files for TAP testing where PGXS can find
them. This allows non-core extensions to
use $(prove_check) without extra tests.
In MSVC builds, include pg_recvlogical in a
client-only installation (MauMau)
Update Windows time zone mapping to recognize some time zone names
added in recent Windows versions (Michael Paquier)
Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane)
If a dynamic time zone abbreviation does not match any entry in the
referenced time zone, treat it as equivalent to the time zone name.
This avoids unexpected failures when IANA removes abbreviations from
their time zone database, as they did in tzdata
release 2016f and seem likely to do again in the future. The
consequences were not limited to not recognizing the individual
abbreviation; any mismatch caused
the pg_timezone_abbrevs view to fail altogether.
Update time zone data files to tzdata release 2016h
for DST law changes in Palestine and Turkey, plus historical
corrections for Turkey and some regions of Russia.
Switch to numeric abbreviations for some time zones in Antarctica,
the former Soviet Union, and Sri Lanka.
The IANA time zone database previously provided textual abbreviations
for all time zones, sometimes making up abbreviations that have little
or no currency among the local population. They are in process of
reversing that policy in favor of using numeric UTC offsets in zones
where there is no evidence of real-world use of an English
abbreviation. At least for the time being, PostgreSQL
will continue to accept such removed abbreviations for timestamp input.
But they will not be shown in the pg_timezone_names
view nor used for output.
In this update, AMT is no longer shown as being in use to
mean Armenia Time. Therefore, we have changed the Default
abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4.
Release 9.5.4Release date:2016-08-11
This release contains a variety of fixes from 9.5.3.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.4
A dump/restore is not required for those running 9.5.X.
However, if you are upgrading from a version earlier than 9.5.2,
see .
Changes
Fix possible mis-evaluation of
nested CASE-WHEN expressions (Heikki
Linnakangas, Michael Paquier, Tom Lane)
A CASE expression appearing within the test value
subexpression of another CASE could become confused about
whether its own test value was null or not. Also, inlining of a SQL
function implementing the equality operator used by
a CASE expression could result in passing the wrong test
value to functions called within a CASE expression in the
SQL function's body. If the test values were of different data
types, a crash might result; moreover such situations could be abused
to allow disclosure of portions of server memory. (CVE-2016-5423)
Fix client programs' handling of special characters in database and
role names (Noah Misch, Nathan Bossart, Michael Paquier)
Numerous places in vacuumdb and other client programs
could become confused by database and role names containing double
quotes or backslashes. Tighten up quoting rules to make that safe.
Also, ensure that when a conninfo string is used as a database name
parameter to these programs, it is correctly treated as such throughout.
Fix handling of paired double quotes
in psql's \connect
and \password commands to match the documentation.
Introduce a new option
in psql's \connect command to allow
explicit control of whether to re-use connection parameters from a
previous connection. (Without this, the choice is based on whether
the database name looks like a conninfo string, as before.) This
allows secure handling of database names containing special
characters in pg_dumpall scripts.
pg_dumpall now refuses to deal with database and role
names containing carriage returns or newlines, as it seems impractical
to quote those characters safely on Windows. In future we may reject
such names on the server side, but that step has not been taken yet.
These are considered security fixes because crafted object names
containing special characters could have been used to execute
commands with superuser privileges the next time a superuser
executes pg_dumpall or other routine maintenance
operations. (CVE-2016-5424)
Fix corner-case misbehaviors for IS NULL/IS NOT
NULL applied to nested composite values (Andrew Gierth, Tom Lane)
The SQL standard specifies that IS NULL should return
TRUE for a row of all null values (thus ROW(NULL,NULL) IS
NULL yields TRUE), but this is not meant to apply recursively
(thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE).
The core executor got this right, but certain planner optimizations
treated the test as recursive (thus producing TRUE in both cases),
and contrib/postgres_fdw could produce remote queries
that misbehaved similarly.
Fix unrecognized node type error for INSERT ... ON
CONFLICT within a recursive CTE (a WITH item) (Peter
Geoghegan)
Fix INSERT ... ON CONFLICT to successfully match index
expressions or index predicates that are simplified during the
planner's expression preprocessing phase (Tom Lane)
Correctly handle violations of exclusion constraints that apply to
the target table of an INSERT ... ON CONFLICT command,
but are not one of the selected arbiter indexes (Tom Lane)
Such a case should raise a normal constraint-violation error, but it
got into an infinite loop instead.
Fix INSERT ... ON CONFLICT to not fail if the target
table has a unique index on OID (Tom Lane)
Make the inet and cidr data types properly reject
IPv6 addresses with too many colon-separated fields (Tom Lane)
Prevent crash in close_ps()
(the point##lseg operator)
for NaN input coordinates (Tom Lane)
Make it return NULL instead of crashing.
Avoid possible crash in pg_get_expr() when inconsistent
values are passed to it (Michael Paquier, Thomas Munro)
Fix several one-byte buffer over-reads in to_number()
(Peter Eisentraut)
In several cases the to_number() function would read one
more character than it should from the input string. There is a
small chance of a crash, if the input happens to be adjacent to the
end of memory.
Do not run the planner on the query contained in CREATE
MATERIALIZED VIEW or CREATE TABLE AS
when WITH NO DATA is specified (Michael Paquier,
Tom Lane)
This avoids some unnecessary failure conditions, for example if a
stable function invoked by the materialized view depends on a table
that doesn't exist yet.
Avoid unsafe intermediate state during expensive paths
through heap_update() (Masahiko Sawada, Andres Freund)
Previously, these cases locked the target tuple (by setting its XMAX)
but did not WAL-log that action, thus risking data integrity problems
if the page were spilled to disk and then a database crash occurred
before the tuple update could be completed.
Fix hint bit update during WAL replay of row locking operations
(Andres Freund)
The only known consequence of this problem is that row locks held by
a prepared, but uncommitted, transaction might fail to be enforced
after a crash and restart.
Avoid unnecessary could not serialize access errors when
acquiring FOR KEY SHARE row locks in serializable mode
(Álvaro Herrera)
Make sure expanded datums returned by a plan node are
read-only (Tom Lane)
This avoids failures in some cases where the result of a lower plan
node is referenced in multiple places in upper nodes. So far as
core PostgreSQL is concerned, only array values
returned by PL/pgSQL functions are at risk; but extensions might
use expanded datums for other things.
Avoid crash in postgres -C when the specified variable
has a null string value (Michael Paquier)
Prevent unintended waits for the receiver in WAL sender processes
(Kyotaro Horiguchi)
Fix possible loss of large subtransactions in logical decoding
(Petru-Florin Mihancea)
Fix failure of logical decoding when a subtransaction contains no
actual changes (Marko Tiikkaja, Andrew Gierth)
Ensure that backends see up-to-date statistics for shared catalogs
(Tom Lane)
The statistics collector failed to update the statistics file for
shared catalogs after a request from a regular backend. This problem
was partially masked because the autovacuum launcher regularly makes
requests that did cause such updates; however, it became obvious with
autovacuum disabled.
Avoid redundant writes of the statistics files when multiple
backends request updates close together (Tom Lane, Tomas Vondra)
Avoid consuming a transaction ID during VACUUM
(Alexander Korotkov)
Some cases in VACUUM unnecessarily caused an XID to be
assigned to the current transaction. Normally this is negligible,
but if one is up against the XID wraparound limit, consuming more
XIDs during anti-wraparound vacuums is a very bad thing.
Prevent possible failure when vacuuming multixact IDs in an
installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth,
Álvaro Herrera)
The usual symptom of this bug is errors
like MultiXactId NNN has not been created
yet -- apparent wraparound.
When a manual ANALYZE specifies a column list, don't
reset the table's changes_since_analyze counter
(Tom Lane)
If we're only analyzing some columns, we should not prevent routine
auto-analyze from happening for the other columns.
Fix ANALYZE's overestimation of n_distinct
for a unique or nearly-unique column with many null entries (Tom
Lane)
The nulls could get counted as though they were themselves distinct
values, leading to serious planner misestimates in some types of
queries.
Prevent autovacuum from starting multiple workers for the same shared
catalog (Álvaro Herrera)
Normally this isn't much of a problem because the vacuum doesn't take
long anyway; but in the case of a severely bloated catalog, it could
result in all but one worker uselessly waiting instead of doing
useful work on other tables.
Fix bug in b-tree mark/restore processing (Kevin Grittner)
This error could lead to incorrect join results or assertion failures
in a merge join whose inner source node is a b-tree indexscan.
Avoid duplicate buffer lock release when abandoning a b-tree index
page deletion attempt (Tom Lane)
This mistake prevented VACUUM from completing in some
cases involving corrupt b-tree indexes.
Fix building of large (bigger than shared_buffers)
hash indexes (Tom Lane)
The code path used for large indexes contained a bug causing
incorrect hash values to be inserted into the index, so that
subsequent index searches always failed, except for tuples inserted
into the index after the initial build.
Prevent infinite loop in GiST index build for geometric columns
containing NaN component values (Tom Lane)
Fix possible crash during a nearest-neighbor (ORDER BY
distance) indexscan on a contrib/btree_gist index on
an interval column (Peter Geoghegan)
Fix PANIC: failed to add BRIN tuple error when attempting
to update a BRIN index entry (Álvaro Herrera)
Fix possible crash during background worker shutdown (Dmitry Ivanov)
Fix PL/pgSQL's handling of the INTO clause
within IMPORT FOREIGN SCHEMA commands (Tom Lane)
Fix contrib/btree_gin to handle the smallest
possible bigint value correctly (Peter Eisentraut)
Teach libpq to correctly decode server version from future servers
(Peter Eisentraut)
It's planned to switch to two-part instead of three-part server
version numbers for releases after 9.6. Make sure
that PQserverVersion() returns the correct value for
such cases.
Fix ecpg's code for unsigned long long
array elements (Michael Meskes)
In pg_dump with both and
options, avoid emitting an unwanted CREATE SCHEMA public
command (David Johnston, Tom Lane)
Improve handling of SIGTERM/control-C in
parallel pg_dump and pg_restore (Tom
Lane)
Make sure that the worker processes will exit promptly, and also arrange
to send query-cancel requests to the connected backends, in case they
are doing something long-running such as a CREATE INDEX.
Fix error reporting in parallel pg_dump
and pg_restore (Tom Lane)
Previously, errors reported by pg_dump
or pg_restore worker processes might never make it to
the user's console, because the messages went through the master
process, and there were various deadlock scenarios that would prevent
the master process from passing on the messages. Instead, just print
everything to stderr. In some cases this will result in
duplicate messages (for instance, if all the workers report a server
shutdown), but that seems better than no message.
Ensure that parallel pg_dump
or pg_restore on Windows will shut down properly
after an error (Kyotaro Horiguchi)
Previously, it would report the error, but then just sit until
manually stopped by the user.
Make parallel pg_dump fail cleanly when run against a
standby server (Magnus Hagander)
This usage is not supported
unless is specified, but the
error was not handled very well.
Make pg_dump behave better when built without zlib
support (Kyotaro Horiguchi)
It didn't work right for parallel dumps, and emitted some rather
pointless warnings in other cases.
Make pg_basebackup accept -Z 0 as
specifying no compression (Fujii Masao)
Fix makefiles' rule for building AIX shared libraries to be safe for
parallel make (Noah Misch)
Fix TAP tests and MSVC scripts to work when build directory's path
name contains spaces (Michael Paquier, Kyotaro Horiguchi)
Be more predictable about reporting statement timeout
versus lock timeout (Tom Lane)
On heavily loaded machines, the regression tests sometimes failed due
to reporting lock timeout even though the statement timeout
should have occurred first.
Make regression tests safe for Danish and Welsh locales (Jeff Janes,
Tom Lane)
Change some test data that triggered the unusual sorting rules of
these locales.
Update our copy of the timezone code to match
IANA's tzcode release 2016c (Tom Lane)
This is needed to cope with anticipated future changes in the time
zone data files. It also fixes some corner-case bugs in coping with
unusual time zones.
Update time zone data files to tzdata release 2016f
for DST law changes in Kemerovo and Novosibirsk, plus historical
corrections for Azerbaijan, Belarus, and Morocco.
Release 9.5.3Release date:2016-05-12
This release contains a variety of fixes from 9.5.2.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.3
A dump/restore is not required for those running 9.5.X.
However, if you are upgrading from a version earlier than 9.5.2,
see .
Changes
Clear the OpenSSL error queue before OpenSSL calls, rather than
assuming it's clear already; and make sure we leave it clear
afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut)
This change prevents problems when there are multiple connections
using OpenSSL within a single process and not all the code involved
follows the same rules for when to clear the error queue.
Failures have been reported specifically when a client application
uses SSL connections in libpq concurrently with
SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL.
It's possible for similar problems to arise within the server as well,
if an extension module establishes an outgoing SSL connection.
Fix failed to build any N-way joins
planner error with a full join enclosed in the right-hand side of a
left join (Tom Lane)
Fix incorrect handling of equivalence-class tests in multilevel
nestloop plans (Tom Lane)
Given a three-or-more-way equivalence class of variables, such
as X.X = Y.Y = Z.Z, it was possible for the planner to omit
some of the tests needed to enforce that all the variables are actually
equal, leading to join rows being output that didn't satisfy
the WHERE clauses. For various reasons, erroneous plans
were seldom selected in practice, so that this bug has gone undetected
for a long time.
Fix corner-case parser failures occurring
when is turned on
(Tom Lane)
An example is that SELECT (ARRAY[])::text[] gave an error,
though it worked without the parentheses.
Fix query-lifespan memory leak in GIN index scans (Julien Rouhaud)
Fix query-lifespan memory leak and potential index corruption hazard in
GIN index insertion (Tom Lane)
The memory leak would typically not amount to much in simple queries,
but it could be very substantial during a large GIN index build with
high maintenance_work_mem.
Fix possible misbehavior of TH, th,
and Y,YYY format codes in to_timestamp()
(Tom Lane)
These could advance off the end of the input string, causing subsequent
format codes to read garbage.
Fix dumping of rules and views in which the array
argument of a valueoperator
ANY (array) construct is a sub-SELECT
(Tom Lane)
Disallow newlines in ALTER SYSTEM parameter values
(Tom Lane)
The configuration-file parser doesn't support embedded newlines in
string literals, so we mustn't allow them in values to be inserted
by ALTER SYSTEM.
Fix ALTER TABLE ... REPLICA IDENTITY USING INDEX to
work properly if an index on OID is selected (David Rowley)
Avoid possible misbehavior after failing to remove a tablespace symlink
(Tom Lane)
Fix crash in logical decoding on alignment-picky platforms (Tom Lane,
Andres Freund)
The failure occurred only with a transaction large enough to spill to
disk and a primary-key change within that transaction.
Avoid repeated requests for feedback from receiver while shutting down
walsender (Nick Cleaton)
Make pg_regress use a startup timeout from the
PGCTLTIMEOUT environment variable, if that's set (Tom Lane)
This is for consistency with a behavior recently added
to pg_ctl; it eases automated testing on slow machines.
Fix pg_upgrade to correctly restore extension
membership for operator families containing only one operator class
(Tom Lane)
In such a case, the operator family was restored into the new database,
but it was no longer marked as part of the extension. This had no
immediate ill effects, but would cause later pg_dump
runs to emit output that would cause (harmless) errors on restore.
Fix pg_upgrade to not fail when new-cluster TOAST rules
differ from old (Tom Lane)
pg_upgrade had special-case code to handle the
situation where the new PostgreSQL version thinks that
a table should have a TOAST table while the old version did not. That
code was broken, so remove it, and instead do nothing in such cases;
there seems no reason to believe that we can't get along fine without
a TOAST table if that was okay according to the old version's rules.
Fix atomic operations for PPC when using IBM's XLC compiler (Noah Misch)
Reduce the number of SysV semaphores used by a build configured with
(Tom Lane)
Rename internal function strtoi()
to strtoint() to avoid conflict with a NetBSD library
function (Thomas Munro)
Fix reporting of errors from bind()
and listen() system calls on Windows (Tom Lane)
Reduce verbosity of compiler output when building with Microsoft Visual
Studio (Christian Ullrich)
Support building with Visual Studio 2015
(Michael Paquier, Petr Jelínek)
Note that builds made with VS2015 will not run on Windows versions
before Windows Vista.
Fix putenv() to work properly with Visual Studio 2013
(Michael Paquier)
Avoid possibly-unsafe use of Windows' FormatMessage()
function (Christian Ullrich)
Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where
appropriate. No live bug is known to exist here, but it seems like a
good idea to be careful.
Update time zone data files to tzdata release 2016d
for DST law changes in Russia and Venezuela. There are new zone
names Europe/Kirov and Asia/Tomsk to reflect
the fact that these regions now have different time zone histories from
adjacent regions.
Release 9.5.2Release date:2016-03-31
This release contains a variety of fixes from 9.5.1.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.2
A dump/restore is not required for those running 9.5.X.
However, you may need to REINDEX some indexes after applying
the update, as per the first changelog entry below.
Changes
Disable abbreviated keys for string sorting in non-C
locales (Robert Haas)
PostgreSQL 9.5 introduced logic for speeding up
comparisons of string data types by using the standard C library
function strxfrm() as a substitute
for strcoll(). It now emerges that most versions of
glibc (Linux's implementation of the C library) have buggy
implementations of strxfrm() that, in some locales,
can produce string comparison results that do not
match strcoll(). Until this problem can be better
characterized, disable the optimization in all non-C
locales. (C locale is safe since it uses
neither strcoll() nor strxfrm().)
Unfortunately, this problem affects not only sorting but also entry
ordering in B-tree indexes, which means that B-tree indexes
on text, varchar, or char columns may now
be corrupt if they sort according to an affected locale and were
built or modified under PostgreSQL 9.5.0 or 9.5.1.
Users should REINDEX indexes that might be affected.
It is not possible at this time to give an exhaustive list of
known-affected locales. C locale is known safe, and
there is no evidence of trouble in English-based locales such
as en_US, but some other popular locales such
as de_DE are affected in most glibc versions.
Maintain row-security status properly in cached plans (Stephen Frost)
In a session that performs queries as more than one role, the plan
cache might incorrectly re-use a plan that was generated for another
role ID, thus possibly applying the wrong set of policies when
row-level security (RLS) is in use.
(CVE-2016-2193)
Add must-be-superuser checks to some
new contrib/pageinspect functions (Andreas Seltenreich)
Most functions in the pageinspect extension that
inspect bytea values disallow calls by non-superusers,
but brin_page_type() and brin_metapage_info()
failed to do so. Passing contrived bytea values to them might
crash the server or disclose a few bytes of server memory. Add the
missing permissions checks to prevent misuse.
(CVE-2016-3065)
Fix incorrect handling of indexed ROW() comparisons
(Simon Riggs)
Flaws in a minor optimization introduced in 9.5 caused incorrect
results if the ROW() comparison matches the index ordering
partially but not exactly (for example, differing column order, or the
index contains both ASC and DESC columns).
Pending a better solution, the optimization has been removed.
Fix incorrect handling of NULL index entries in
indexed ROW() comparisons (Tom Lane)
An index search using a row comparison such as ROW(a, b) >
ROW('x', 'y') would stop upon reaching a NULL entry in
the b column, ignoring the fact that there might be
non-NULL b values associated with later values
of a.
Avoid unlikely data-loss scenarios due to renaming files without
adequate fsync() calls before and after (Michael Paquier,
Tomas Vondra, Andres Freund)
Fix incorrect behavior when rechecking a just-modified row in a query
that does SELECT FOR UPDATE/SHARE and contains some
relations that need not be locked (Tom Lane)
Rows from non-locked relations were incorrectly treated as containing
all NULLs during the recheck, which could result in incorrectly
deciding that the updated row no longer passes the WHERE
condition, or in incorrectly outputting NULLs.
Fix bug in json_to_record() when a field of its input
object contains a sub-object with a field name matching one of the
requested output column names (Tom Lane)
Fix nonsense result from two-argument form
of jsonb_object() when called with empty arrays
(Michael Paquier, Andrew Dunstan)
Fix misbehavior in jsonb_set() when converting a path
array element into an integer for use as an array subscript
(Michael Paquier)
Fix misformatting of negative time zone offsets
by to_char()'s OF format code
(Thomas Munro, Tom Lane)
Fix possible incorrect logging of waits done by
INSERT ... ON CONFLICT (Peter Geoghegan)
Log messages would sometimes claim that the wait was due to an
exclusion constraint although no such constraint was responsible.
Ignore parameter until
recovery has reached a consistent state (Michael Paquier)
Previously, standby servers would delay application of WAL records in
response to recovery_min_apply_delay even while replaying
the initial portion of WAL needed to make their database state valid.
Since the standby is useless until it's reached a consistent database
state, this was deemed unhelpful.
Correctly handle cases where pg_subtrans is close to XID
wraparound during server startup (Jeff Janes)
Fix assorted bugs in logical decoding (Andres Freund)
Trouble cases included tuples larger than one page when replica
identity is FULL, UPDATEs that change a
primary key within a transaction large enough to be spooled to disk,
incorrect reports of subxact logged without previous toplevel
record, and incorrect reporting of a transaction's commit time.
Fix planner error with nested security barrier views when the outer
view has a WHERE clause containing a correlated subquery
(Dean Rasheed)
Fix memory leak in GIN index searches (Tom Lane)
Fix corner-case crash due to trying to free localeconv()
output strings more than once (Tom Lane)
Fix parsing of affix files for ispell dictionaries
(Tom Lane)
The code could go wrong if the affix file contained any characters
whose byte length changes during case-folding, for
example I in Turkish UTF8 locales.
Avoid use of sscanf() to parse ispell
dictionary files (Artur Zakirov)
This dodges a portability problem on FreeBSD-derived platforms
(including macOS).
Fix atomic-operations code used on PPC with IBM's xlc compiler
(Noah Misch)
This error led to rare failures of concurrent operations on that
platform.
Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an
AVX2-capable CPU and a Postgres build done with Visual Studio 2013
(Christian Ullrich)
This is a workaround for a bug in Visual Studio 2013's runtime
library, which Microsoft have stated they will not fix in that
version.
Fix psql's tab completion logic to handle multibyte
characters properly (Kyotaro Horiguchi, Robert Haas)
Fix psql's tab completion for
SECURITY LABEL (Tom Lane)
Pressing TAB after SECURITY LABEL might cause a crash
or offering of inappropriate keywords.
Make pg_ctl accept a wait timeout from the
PGCTLTIMEOUT environment variable, if none is specified on
the command line (Noah Misch)
This eases testing of slower buildfarm members by allowing them
to globally specify a longer-than-normal timeout for postmaster
startup and shutdown.
Fix incorrect test for Windows service status
in pg_ctl (Manuel Mathar)
The previous set of minor releases attempted to
fix pg_ctl to properly determine whether to send log
messages to Window's Event Log, but got the test backwards.
Fix pgbench to correctly handle the combination
of -C and -M prepared options (Tom Lane)
In pg_upgrade, skip creating a deletion script when
the new data directory is inside the old data directory (Bruce
Momjian)
Blind application of the script in such cases would result in loss of
the new data directory.
In PL/Perl, properly translate empty Postgres arrays into empty Perl
arrays (Alex Hunsaker)
Make PL/Python cope with function names that aren't valid Python
identifiers (Jim Nasby)
Fix multiple mistakes in the statistics returned
by contrib/pgstattuple's pgstatindex()
function (Tom Lane)
Remove dependency on psed in MSVC builds, since it's no
longer provided by core Perl (Michael Paquier, Andrew Dunstan)
Update time zone data files to tzdata release 2016c
for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia
(Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus
historical corrections for Lithuania, Moldova, and Russia
(Kaliningrad, Samara, Volgograd).
Release 9.5.1Release date:2016-02-11
This release contains a variety of fixes from 9.5.0.
For information about new features in the 9.5 major release, see
.
Migration to Version 9.5.1
A dump/restore is not required for those running 9.5.X.
Changes
Fix infinite loops and buffer-overrun problems in regular expressions
(Tom Lane)
Very large character ranges in bracket expressions could cause
infinite loops in some cases, and memory overwrites in other cases.
(CVE-2016-0773)
Fix an oversight that caused hash joins to miss joining to some tuples
of the inner relation in rare cases (Tomas Vondra, Tom Lane)
Avoid pushdown of HAVING clauses when grouping sets are
used (Andrew Gierth)
Fix deparsing of ON CONFLICT arbiter WHERE
clauses (Peter Geoghegan)
Make %h and %r escapes
in log_line_prefix work for messages emitted due
to log_connections (Tom Lane)
Previously, %h/%r started to work just after a
new session had emitted the connection received log message;
now they work for that message too.
Avoid leaking a token handle during SSPI authentication
(Christian Ullrich)
Fix psql's \det command to interpret its
pattern argument the same way as other \d commands with
potentially schema-qualified patterns do (Reece Hart)
In pg_ctl on Windows, check service status to decide
where to send output, rather than checking if standard output is a
terminal (Michael Paquier)
Fix assorted corner-case bugs in pg_dump's processing
of extension member objects (Tom Lane)
Fix improper quoting of domain constraint names
in pg_dump (Elvis Pranskevichus)
Make pg_dump mark a view's triggers as needing to be
processed after its rule, to prevent possible failure during
parallel pg_restore (Tom Lane)
Install guards in pgbench against corner-case overflow
conditions during evaluation of script-specified division or modulo
operators (Fabien Coelho, Michael Paquier)
Suppress useless warning message when pg_receivexlog
connects to a pre-9.4 server (Marco Nenciarini)
Avoid dump/reload problems when using both plpython2
and plpython3 (Tom Lane)
In principle, both versions of PL/Python can be used in
the same database, though not in the same session (because the two
versions of libpython cannot safely be used concurrently).
However, pg_restore and pg_upgrade both
do things that can fall foul of the same-session restriction. Work
around that by changing the timing of the check.
Fix PL/Python regression tests to pass with Python 3.5
(Peter Eisentraut)
Prevent certain PL/Java parameters from being set by
non-superusers (Noah Misch)
This change mitigates a PL/Java security bug
(CVE-2016-0766), which was fixed in PL/Java by marking
these parameters as superuser-only. To fix the security hazard for
sites that update PostgreSQL more frequently
than PL/Java, make the core code aware of them also.
Fix ecpg-supplied header files to not contain comments
continued from a preprocessor directive line onto the next line
(Michael Meskes)
Such a comment is rejected by ecpg. It's not yet clear
whether ecpg itself should be changed.
Fix hstore_to_json_loose()'s test for whether
an hstore value can be converted to a JSON number (Tom Lane)
Previously this function could be fooled by non-alphanumeric trailing
characters, leading to emitting syntactically-invalid JSON.
In contrib/postgres_fdw, fix bugs triggered by use
of tableoid in data-modifying commands (Etsuro Fujita,
Robert Haas)
Fix ill-advised restriction of NAMEDATALEN to be less
than 256 (Robert Haas, Tom Lane)
Improve reproducibility of build output by ensuring filenames are given
to the linker in a fixed order (Christoph Berg)
This avoids possible bitwise differences in the produced executable
files from one build to the next.
Ensure that dynloader.h is included in the installed
header files in MSVC builds (Bruce Momjian, Michael Paquier)
Update time zone data files to tzdata release 2016a for
DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
Release 9.5Release date:2016-01-07Overview
Major enhancements in PostgreSQL 9.5 include:
Allow INSERTs
that would generate constraint conflicts to be turned into
UPDATEs or ignored
Add GROUP BY analysis features GROUPING SETS,
CUBE and
ROLLUP
Add row-level security control
Create mechanisms for tracking
the progress of replication,
including methods for identifying the origin of individual changes
during logical replication
Add Block Range Indexes (BRIN)
Substantial performance improvements for sorting
Substantial performance improvements for multi-CPU machines
The above items are explained in more detail in the sections below.
Migration to Version 9.5
A dump/restore using , or use
of , is required for those wishing to migrate
data from any previous release.
Version 9.5 contains a number of changes that may affect compatibility
with previous releases. Observe the following incompatibilities:
Adjust operator precedence
to match the SQL standard (Tom Lane)
The precedence of <=, >=
and <> has been reduced to match that of
<, >
and =. The precedence of IS tests
(e.g., xIS NULL) has been reduced to be
just below these six comparison operators.
Also, multi-keyword operators beginning with NOT now have
the precedence of their base operator (for example, NOT
BETWEEN now has the same precedence as BETWEEN) whereas
before they had inconsistent precedence, behaving like NOT
with respect to their left operand but like their base operator with
respect to their right operand. The new configuration
parameter can be
enabled to warn about queries in which these precedence changes result
in different parsing choices.
Change 's default shutdown mode from
smart to fast (Bruce Momjian)
This means the default behavior will be to forcibly cancel existing
database sessions, not simply wait for them to exit.
Use assignment cast behavior for data type conversions
in PL/pgSQL assignments, rather than converting to and
from text (Tom Lane)
This change causes conversions of Booleans to strings to
produce true or false, not t
or f. Other type conversions may succeed in more cases
than before; for example, assigning a numeric value 3.9 to
an integer variable will now assign 4 rather than failing. If no
assignment-grade cast is defined for the particular source and
destination types, PL/pgSQL will fall back to its old
I/O conversion behavior.
Allow characters in server
command-line options to be escaped with a backslash (Andres Freund)
Formerly, spaces in the options string always separated options, so
there was no way to include a space in an option value. Including
a backslash in an option value now requires writing \\.
Change the default value of the GSSAPI include_realm parameter to 1, so
that by default the realm is not removed from a GSS
or SSPI principal name (Stephen Frost)
Replace configuration parameter checkpoint_segments
with
and (Heikki Linnakangas)
If you previously adjusted checkpoint_segments, the
following formula will give you an approximately equivalent setting:
max_wal_size = (3 * checkpoint_segments) * 16MB
Note that the default setting for max_wal_size is
much higher than the default checkpoint_segments used
to be, so adjusting it might no longer be necessary.
Control the Linux OOM killer via new environment
variables PG_OOM_ADJUST_FILE
and PG_OOM_ADJUST_VALUE,
instead of compile-time options LINUX_OOM_SCORE_ADJ and
LINUX_OOM_ADJ
(Gurjeet Singh)
Decommission server configuration
parameter ssl_renegotiation_limit, which was deprecated
in earlier releases (Andres Freund)
While SSL renegotiation is a good idea in theory, it has caused enough
bugs to be considered a net negative in practice, and it is due to be
removed from future versions of the relevant standards. We have
therefore removed support for it from PostgreSQL.
The ssl_renegotiation_limit parameter still exists, but
cannot be set to anything but zero (disabled). It's not documented
anymore, either.
Remove server configuration parameter autocommit, which
was already deprecated and non-operational (Tom Lane)
Remove the pg_authid
catalog's rolcatupdate field, as it had no usefulness
(Adam Brightwell)
The pg_stat_replication
system view's sent field is now NULL, not zero, when
it has no valid value (Magnus Hagander)
Allow json and jsonb array extraction operators to
accept negative subscripts, which count from the end of JSON arrays
(Peter Geoghegan, Andrew Dunstan)
Previously, these operators returned NULL for negative
subscripts.
Changes
Below you will find a detailed account of the changes between
PostgreSQL 9.5 and the previous major
release.
ServerIndexes
Add Block Range Indexes (BRIN)
(Álvaro Herrera)
BRIN indexes store only summary data (such as minimum
and maximum values) for ranges of heap blocks. They are therefore
very compact and cheap to update; but if the data is naturally
clustered, they can still provide substantial speedup of searches.
Allow queries to perform accurate distance filtering of
bounding-box-indexed objects (polygons, circles) using GiST indexes (Alexander Korotkov, Heikki
Linnakangas)
Previously, to exploit such an index a subquery had to be used to
select a large number of rows ordered by bounding-box distance, and
the result then had to be filtered further with a more accurate
distance calculation.
Allow GiST indexes to perform index-only
scans (Anastasia Lubennikova, Heikki Linnakangas, Andreas Karlsson)
Add configuration parameter
to control the size of GIN pending lists (Fujii Masao)
This value can also be set on a per-index basis as an index storage
parameter. Previously the pending-list size was controlled
by , which was awkward because
appropriate values for work_mem are often much too large
for this purpose.
Issue a warning during the creation of hash indexes because they are not
crash-safe (Bruce Momjian)
General Performance
Improve the speed of sorting of varchar, text,
and numeric fields via abbreviated keys
(Peter Geoghegan, Andrew Gierth, Robert Haas)
Extend the infrastructure that allows sorting to be performed by
inlined, non-SQL-callable comparison functions to
cover CREATE INDEX, REINDEX, and
CLUSTER (Peter Geoghegan)
Improve performance of hash joins (Tomas Vondra, Robert Haas)
Improve concurrency of shared buffer replacement
(Robert Haas, Amit Kapila, Andres Freund)
Reduce the number of page locks and pins during index scans (Kevin Grittner)
The primary benefit of this is to allow index vacuums to be blocked
less often.
Make per-backend tracking of buffer pins more memory-efficient
(Andres Freund)
Improve lock scalability (Andres Freund)
This particularly addresses scalability problems when running on
systems with multiple CPU sockets.
Allow the optimizer to remove unnecessary references to left-joined
subqueries (David Rowley)
Allow pushdown of query restrictions into subqueries with window functions, where appropriate
(David Rowley)
Allow a non-leakproof function to be pushed down into a security
barrier view if the function does not receive any view output
columns (Dean Rasheed)
Teach the planner to use statistics obtained from an expression
index on a boolean-returning function, when a matching function call
appears in WHERE (Tom Lane)
Make ANALYZE compute basic statistics (null fraction and
average column width) even for columns whose data type lacks an
equality function (Oleksandr Shulgin)
Speed up CRC (cyclic redundancy check) computations
and switch to CRC-32C (Abhijit Menon-Sen, Heikki Linnakangas)
Improve bitmap index scan performance (Teodor Sigaev, Tom Lane)
Speed up CREATE INDEX by avoiding unnecessary memory
copies (Robert Haas)
Increase the number of buffer mapping partitions (Amit Kapila,
Andres Freund, Robert Haas)
This improves performance for highly concurrent workloads.
Monitoring
Add per-table autovacuum logging control via new
log_autovacuum_min_duration storage parameter
(Michael Paquier)
Add new configuration parameter
(Thomas Munro)
This string, typically set in postgresql.conf,
allows clients to identify the cluster. This name also appears
in the process title of all server processes, allowing for easier
identification of processes belonging to the same cluster.
Prevent non-superusers from changing on connection startup (Fujii Masao)
SSL
Check Subject Alternative
Names in SSL server certificates, if present
(Alexey Klyukin)
When they are present, this replaces checks against the certificate's
Common Name.
Add system view pg_stat_ssl to report
SSL connection information (Magnus Hagander)
Add libpq functions to return SSL
information in an implementation-independent way (Heikki Linnakangas)
While PQgetssl() can
still be used to call OpenSSL functions, it is now
considered deprecated because future versions
of libpq might support other SSL
implementations. When possible, use the new
functions PQsslAttribute(), PQsslAttributeNames(),
and PQsslInUse()
to obtain SSL information in
an SSL-implementation-independent way.
Make libpq honor any OpenSSL
thread callbacks (Jan Urbanski)
Previously they were overwritten.
Server Settings
Replace configuration parameter checkpoint_segments
with
and (Heikki Linnakangas)
This change allows the allocation of a large number of WAL
files without keeping them after they are no longer needed.
Therefore the default for max_wal_size has been set
to 1GB, much larger than the old default
for checkpoint_segments.
Also note that standby servers perform restartpoints to try to limit
their WAL space consumption to max_wal_size; previously
they did not pay any attention to checkpoint_segments.
Control the Linux OOM killer via new environment
variables PG_OOM_ADJUST_FILE
and PG_OOM_ADJUST_VALUE
(Gurjeet Singh)
The previous OOM control infrastructure involved
compile-time options LINUX_OOM_SCORE_ADJ and
LINUX_OOM_ADJ, which are no longer supported.
The new behavior is available in all builds.
Allow recording of transaction
commit time stamps when configuration parameter
is enabled (Álvaro Herrera, Petr Jelínek)
Time stamp information can be accessed using functions pg_xact_commit_timestamp()
and pg_last_committed_xact().
Allow to be set
by ALTER ROLE SET (Peter Eisentraut, Kyotaro Horiguchi)
Allow autovacuum workers
to respond to configuration parameter changes during a run
(Michael Paquier)
Make configuration parameter
read-only (Andres Freund)
This means that assertions can no longer be turned
off if they were enabled at compile time, allowing for more
efficient code optimization. This change also removes the postgres option.
Allow setting on
systems where it has no effect (Peter Eisentraut)
Add system view pg_file_settings
to show the contents of the server's configuration files
(Sawada Masahiko)
Add pending_restart to the system view pg_settings to
indicate a change has been made but will not take effect until a
database restart (Peter Eisentraut)
Allow ALTER SYSTEM
values to be reset with ALTER SYSTEM RESET (Vik
Fearing)
This command removes the specified setting
from postgresql.auto.conf.
Replication and Recovery
Create mechanisms for tracking
the progress of replication,
including methods for identifying the origin of individual changes
during logical replication (Andres Freund)
This is helpful when implementing replication solutions.
Rework truncation of the multixact commit log to be properly
WAL-logged (Andres Freund)
This makes things substantially simpler and more robust.
Add recovery.conf
parameter recovery_target_action
to control post-recovery activity (Petr Jelínek)
This replaces the old parameter pause_at_recovery_target.
Add new value
always to allow standbys to always archive received
WAL files (Fujii Masao)
Add configuration
parameter to
control WAL read retry after failure
(Alexey Vasiliev, Michael Paquier)
This is particularly helpful for warm standbys.
Allow compression of full-page images stored in WAL
(Rahila Syed, Michael Paquier)
This feature reduces WAL volume, at the cost of more CPU time spent
on WAL logging and WAL replay. It is controlled by a new
configuration parameter , which
currently is off by default.
Archive WAL files with suffix .partial
during standby promotion (Heikki Linnakangas)
Add configuration parameter
to log replication commands (Fujii Masao)
By default, replication commands, e.g. IDENTIFY_SYSTEM,
are not logged, even when is set
to all.
Report the processes holding replication slots in pg_replication_slots
(Craig Ringer)
The new output column is active_pid.
Allow recovery.conf's primary_conninfo setting to
use connection URIs, e.g. postgres://
(Alexander Shulgin)
Queries
Allow INSERTs
that would generate constraint conflicts to be turned into
UPDATEs or ignored (Peter Geoghegan, Heikki
Linnakangas, Andres Freund)
The syntax is INSERT ... ON CONFLICT DO NOTHING/UPDATE.
This is the Postgres implementation of the popular
UPSERT command.
Add GROUP BY analysis features GROUPING SETS,
CUBE and
ROLLUP
(Andrew Gierth, Atri Sharma)
Allow setting multiple target columns in
an UPDATE from the result of
a single sub-SELECT (Tom Lane)
This is accomplished using the syntax UPDATE tab SET
(col1, col2, ...) = (SELECT ...).
Add SELECT option
SKIP LOCKED to skip locked rows (Thomas Munro)
This does not throw an error for locked rows like
NOWAIT does.
Add SELECT option
TABLESAMPLE to return a subset of a table (Petr
Jelínek)
This feature supports the SQL-standard table sampling methods.
In addition, there are provisions
for user-defined
table sampling methods.
Suggest possible matches for mistyped column names (Peter
Geoghegan, Robert Haas)
Utility Commands
Add more details about sort ordering in EXPLAIN output (Marius Timmer,
Lukas Kreft, Arne Scheffer)
Details include COLLATE, DESC,
USING, and NULLS FIRST/LAST.
Make VACUUM log the
number of pages skipped due to pins (Jim Nasby)
Make TRUNCATE properly
update the pg_stat* tuple counters (Alexander Shulgin)
Allow REINDEX to reindex an entire schema using the
SCHEMA option (Sawada Masahiko)
Add VERBOSE option to REINDEX (Sawada
Masahiko)
Prevent REINDEX DATABASE and SCHEMA
from outputting object names, unless VERBOSE is used
(Simon Riggs)
Remove obsolete FORCE option from REINDEX
(Fujii Masao)
Object Manipulation
Add row-level security control
(Craig Ringer, KaiGai Kohei, Adam Brightwell, Dean Rasheed,
Stephen Frost)
This feature allows row-by-row control over which users can add,
modify, or even see rows in a table. This is controlled by new
commands CREATE/ALTER/DROP POLICY and ALTER TABLE ... ENABLE/DISABLE
ROW SECURITY.
Allow changing of the WAL
logging status of a table after creation with ALTER TABLE ... SET LOGGED /
UNLOGGED (Fabrízio de Royes Mello)
Add IF NOT EXISTS clause to CREATE TABLE AS,
CREATE INDEX,
CREATE SEQUENCE,
and CREATE
MATERIALIZED VIEW (Fabrízio de Royes Mello)
Add support for IF EXISTS to ALTER TABLE ... RENAME
CONSTRAINT (Bruce Momjian)
Allow some DDL commands to accept CURRENT_USER
or SESSION_USER, meaning the current user or session
user, in place of a specific user name (Kyotaro Horiguchi,
Álvaro Herrera)
This feature is now supported in
, ,
, ,
and ALTER object OWNER TO commands.
Support comments on domain
constraints (Álvaro Herrera)
Reduce lock levels of some create and alter trigger and foreign
key commands (Simon Riggs, Andreas Karlsson)
Allow LOCK TABLE ... ROW EXCLUSIVE
MODE for those with INSERT privileges on the
target table (Stephen Frost)
Previously this command required UPDATE, DELETE,
or TRUNCATE privileges.
Apply table and domain CHECK constraints in order by name
(Tom Lane)
The previous ordering was indeterminate.
Allow CREATE/ALTER DATABASE
to manipulate datistemplate and
datallowconn (Vik Fearing)
This allows these per-database settings to be
changed without manually modifying the pg_database
system catalog.
Foreign Tables
Add support for
(Ronan Dunklau, Michael Paquier, Tom Lane)
This command allows automatic creation of local foreign tables
that match the structure of existing tables on a remote server.
Allow CHECK constraints to be placed on foreign tables
(Shigeru Hanada, Etsuro Fujita)
Such constraints are assumed to be enforced on the remote server,
and are not enforced locally. However, they are assumed to hold for
purposes of query optimization, such
as constraint
exclusion.
Allow foreign tables to participate in inheritance (Shigeru Hanada,
Etsuro Fujita)
To let this work naturally, foreign tables are now allowed to have
check constraints marked as not valid, and to set storage
and OID characteristics, even though these operations are
effectively no-ops for a foreign table.
Allow foreign data wrappers and custom scans to implement join
pushdown (KaiGai Kohei)
Event Triggers
Whenever a ddl_command_end event trigger is installed,
capture details of DDL activity for it to inspect
(Álvaro Herrera)
This information is available through a set-returning function pg_event_trigger_ddl_commands(),
or by inspection of C data structures if that function doesn't
provide enough detail.
Allow event triggers on table rewrites caused by ALTER TABLE (Dimitri
Fontaine)
Add event trigger support for database-level COMMENT, SECURITY LABEL,
and GRANT/REVOKE (Álvaro Herrera)
Add columns to the output of pg_event_trigger_dropped_objects
(Álvaro Herrera)
This allows simpler processing of delete operations.
Data Types
Allow the xml data type
to accept empty or all-whitespace content values (Peter Eisentraut)
This is required by the SQL/XML
specification.
Allow macaddr input
using the format xxxx-xxxx-xxxx (Herwin Weststrate)
Disallow non-SQL-standard syntax for interval with
both precision and field specifications (Bruce Momjian)
Per the standard, such type specifications should be written as,
for example, INTERVAL MINUTE TO SECOND(2).
PostgreSQL formerly allowed this to be written as
INTERVAL(2) MINUTE TO SECOND, but it must now be
written in the standard way.
Add selectivity estimators for inet/cidr operators and improve
estimators for text search functions (Emre Hasegeli, Tom Lane)
Add data
types regrole
and regnamespace
to simplify entering and pretty-printing the OID of a role
or namespace (Kyotaro Horiguchi)
JSON
Add jsonb functions jsonb_set()
and jsonb_pretty()
(Dmitry Dolgov, Andrew Dunstan, Petr Jelínek)
Add jsonb generator functions to_jsonb(),
jsonb_object(),
jsonb_build_object(),
jsonb_build_array(),
jsonb_agg(),
and jsonb_object_agg()
(Andrew Dunstan)
Equivalent functions already existed for type json.
Reduce casting requirements to/from json and jsonb (Tom Lane)
Allow text, text array, and integer
values to be subtracted
from jsonb documents (Dmitry Dolgov, Andrew Dunstan)
Add jsonb|| operator
(Dmitry Dolgov, Andrew Dunstan)
Add json_strip_nulls()
and jsonb_strip_nulls()
functions to remove JSON null values from documents
(Andrew Dunstan)
Functions
Add generate_series()
for numeric values (Plato Malugin)
Allow array_agg() and
ARRAY() to take arrays as inputs (Ali Akbar, Tom Lane)
Add functions array_position()
and array_positions()
to return subscripts of array values (Pavel Stehule)
Add a point-to-polygon distance operator
<->
(Alexander Korotkov)
Allow multibyte characters as escapes in SIMILAR TO
and SUBSTRING
(Jeff Davis)
Previously, only a single-byte character was allowed as an escape.
Add a width_bucket()
variant that supports any sortable data type and non-uniform bucket
widths (Petr Jelínek)
Add an optional missing_ok argument to pg_read_file()
and related functions (Michael Paquier, Heikki Linnakangas)
Allow =>
to specify named parameters in function calls (Pavel Stehule)
Previously only := could be used. This requires removing
the possibility for => to be a user-defined operator.
Creation of user-defined => operators has been issuing
warnings since PostgreSQL 9.0.
Add POSIX-compliant rounding for platforms that use
PostgreSQL-supplied rounding functions (Pedro Gimeno Fortea)
System Information Functions and Views
Add function pg_get_object_address()
to return OIDs that uniquely
identify an object, and function pg_identify_object_as_address()
to return object information based on OIDs (Álvaro
Herrera)
Loosen security checks for viewing queries in pg_stat_activity,
executing pg_cancel_backend(),
and executing pg_terminate_backend()
(Stephen Frost)
Previously, only the specific role owning the target session could
perform these operations; now membership in that role is sufficient.
Add pg_stat_get_snapshot_timestamp()
to output the time stamp of the statistics snapshot (Matt Kelly)
This represents the last time the snapshot file was written to
the file system.
Add mxid_age()
to compute multi-xid age (Bruce Momjian)
Aggregates
Add min()/max() aggregates
for inet/cidr data types (Haribabu
Kommi)
Use 128-bit integers, where supported, as accumulators for some
aggregate functions (Andreas Karlsson)
Server-Side Languages
Improve support for composite types in PL/Python (Ed Behn, Ronan
Dunklau)
This allows PL/Python functions to return arrays
of composite types.
Reduce lossiness of PL/Python floating-point value
conversions (Marko Kreen)
Allow specification of conversion routines between SQL
data types and data types of procedural languages (Peter Eisentraut)
This change adds new commands CREATE/DROP TRANSFORM.
This also adds optional transformations between the hstore and ltree types to/from PL/Perl and PL/Python.
PL/pgSQL Server-Side Language
Improve PL/pgSQL array
performance (Tom Lane)
Add an ASSERT
statement in PL/pgSQL (Pavel Stehule)
Allow more PL/pgSQL
keywords to be used as identifiers (Tom Lane)
Client Applications
Move pg_archivecleanup,
pg_test_fsync,
pg_test_timing,
and pg_xlogdump
from contrib to src/bin (Peter Eisentraut)
This should result in these programs being installed by default in
most installations.
Add pg_rewind,
which allows re-synchronizing a master server after failback
(Heikki Linnakangas)
Allow pg_receivexlog
to manage physical replication slots (Michael Paquier)
This is controlled via new and
options.
Allow pg_receivexlog
to synchronously flush WAL to storage using new
option (Furuya Osamu, Fujii Masao)
Without this, WAL files are fsync'ed only on close.
Allow vacuumdb to
vacuum in parallel using new option (Dilip Kumar)
In vacuumdb, do not
prompt for the same password repeatedly when multiple connections
are necessary (Haribabu Kommi, Michael Paquier)
Add option to reindexdb (Sawada
Masahiko)
Make pg_basebackup
use a tablespace mapping file when using tar format,
to support symbolic links and file paths of 100+ characters in length
on MS Windows (Amit Kapila)
Add pg_xlogdump option
to display summary statistics (Abhijit Menon-Sen)
Allow psql to produce AsciiDoc output (Szymon Guz)
Add an errors mode that displays only failed commands
to psql's ECHO variable
(Pavel Stehule)
This behavior can also be selected with psql's
option.
Provide separate column, header, and border linestyle control
in psql's unicode linestyle (Pavel Stehule)
Single or double lines are supported; the default is
single.
Add new option %l in psql's PROMPT variables
to display the current multiline statement line number
(Sawada Masahiko)
Add \pset option pager_min_lines
to control pager invocation (Andrew Dunstan)
Improve psql line counting used when deciding
to invoke the pager (Andrew Dunstan)
psql now fails if the file specified by
an or switch cannot be
written (Tom Lane, Daniel Vérité)
Previously, it effectively ignored the switch in such cases.
Add psql tab completion when setting the
variable (Jeff Janes)
Currently only the first schema can be tab-completed.
Improve psql's tab completion for triggers and rules
(Andreas Karlsson)
Backslash Commands
Add psql\? help sections
variables and options (Pavel Stehule)
\? variables shows psql's special
variables and \? options shows the command-line options.
\? commands shows the meta-commands, which is the
traditional output and remains the default. These help displays
can also be obtained with the command-line
option --help=section.
Show tablespace size in psql's \db+
(Fabrízio de Royes Mello)
Show data type owners in psql's \dT+
(Magnus Hagander)
Allow psql's \watch to output
\timing information (Fujii Masao)
Also prevent from echoing
\watch queries, since that is generally unwanted.
Make psql's \sf and \ef
commands honor ECHO_HIDDEN (Andrew Dunstan)
Improve psql tab completion for \set,
\unset, and :variable names (Pavel
Stehule)
Allow tab completion of role names
in psql\c commands (Ian Barwick)
Allow pg_dump to share a snapshot taken by another
session using (Simon Riggs, Michael Paquier)
The remote snapshot must have been exported by
pg_export_snapshot() or logical replication slot
creation. This can be used to share a consistent snapshot
across multiple pg_dump processes.
Support table sizes exceeding 8GB in tar archive format (Tom Lane)
The POSIX standard for tar format does not allow elements of a tar
archive to exceed 8GB, but most modern implementations of tar
support an extension that does allow it. Use the extension format
when necessary, rather than failing.
Make pg_dump always print the server and
pg_dump versions (Jing Wang)
Previously, version information was only printed in
mode.
Remove the long-ignored /
option from pg_dump, pg_dumpall,
and pg_restore (Fujii Masao)
Support multiple pg_ctl options,
concatenating their values (Bruce Momjian)
Allow control of pg_ctl's event source logging
on MS Windows (MauMau)
This only controls pg_ctl, not the server, which
has separate settings in postgresql.conf.
If the server's listen address is set to a wildcard value
(0.0.0.0 in IPv4 or :: in IPv6), connect via
the loopback address rather than trying to use the wildcard address
literally (Kondo Yuta)
This fix primarily affects Windows, since on other platforms
pg_ctl will prefer to use a Unix-domain socket.
Move pg_upgrade from contrib to
src/bin (Peter Eisentraut)
In connection with this change, the functionality previously
provided by the pg_upgrade_support module has been
moved into the core server.
Support multiple pg_upgrade
/ options,
concatenating their values (Bruce Momjian)
Improve database collation comparisons in
pg_upgrade (Heikki Linnakangas)
Remove support for upgrading from 8.3 clusters (Bruce Momjian)
Move pgbench from contrib to src/bin
(Peter Eisentraut)
Fix calculation of TPS number excluding connections
establishing (Tatsuo Ishii, Fabien Coelho)
The overhead for connection establishment was miscalculated whenever
the number of pgbench threads was less than the number of client
connections. Although this is clearly a bug, we won't back-patch it
into pre-9.5 branches since it makes TPS numbers not comparable to
previous results.
Allow counting of pgbench transactions that take over a specified
amount of time (Fabien Coelho)
This is controlled by a new option.
Allow pgbench to generate Gaussian/exponential distributions
using \setrandom (Kondo Mitsumasa, Fabien Coelho)
Allow pgbench's \set command to handle
arithmetic expressions containing more than one operator, and add
% (modulo) to the set of operators it supports
(Robert Haas, Fabien Coelho)
Source Code
Simplify WAL record format
(Heikki Linnakangas)
This allows external tools to more easily track what blocks
are modified.
Improve the representation of transaction commit and abort WAL
records (Andres Freund)
Add atomic memory operations API (Andres Freund)
Allow custom path and scan methods (KaiGai Kohei, Tom Lane)
This allows extensions greater control over the optimizer and
executor.
Allow foreign data wrappers to do post-filter locking (Etsuro
Fujita)
Foreign tables can now take part in INSERT ... ON CONFLICT
DO NOTHING queries (Peter Geoghegan, Heikki Linnakangas,
Andres Freund)
Foreign data wrappers must be modified to handle this.
INSERT ... ON CONFLICT DO UPDATE is not supported on
foreign tables.
Improve hash_create()'s API for selecting
simple-binary-key hash functions (Teodor Sigaev, Tom Lane)
Improve parallel execution infrastructure (Robert Haas, Amit
Kapila, Noah Misch, Rushabh Lathia, Jeevan Chalke)
Remove Alpha (CPU) and Tru64 (OS) ports (Andres Freund)
Remove swap-byte-based spinlock implementation for
ARMv5 and earlier CPUs (Robert Haas)
ARMv5's weak memory ordering made this locking
implementation unsafe. Spinlock support is still possible on
newer gcc implementations with atomics support.
Generate an error when excessively long (100+ character) file
paths are written to tar files (Peter Eisentraut)
Tar does not support such overly-long paths.
Change index operator class for columns pg_seclabel.provider
and pg_shseclabel.provider
to be text_pattern_ops (Tom Lane)
This avoids possible problems with these indexes when different
databases of a cluster have different default collations.
Change the spinlock primitives to function as compiler barriers
(Robert Haas)
MS Windows
Allow higher-precision time stamp resolution on Windows 8, Windows
Server 2012, and later Windows systems (Craig Ringer)
Install shared libraries to bin in MS Windows (Peter Eisentraut, Michael Paquier)
Install src/test/modules together with
contrib on MSVC builds (Michael
Paquier)
Allow configure's
option to be honored by the
MSVC build (Michael Paquier)
Pass PGFILEDESC into MSVC contrib builds
(Michael Paquier)
Add icons to all MSVC-built binaries and version
information to all MS Windows
binaries (Noah Misch)
MinGW already had such icons.
Add optional-argument support to the internal
getopt_long() implementation (Michael Paquier,
Andres Freund)
This is used by the MSVC build.
Additional Modules
Add statistics for minimum, maximum,
mean, and standard deviation times to pg_stat_statements
(Mitsumasa Kondo, Andrew Dunstan)
Add pgcrypto function
pgp_armor_headers() to extract PGP
armor headers (Marko Tiikkaja, Heikki Linnakangas)
Allow empty replacement strings in unaccent (Mohammad Alhashash)
This is useful in languages where diacritic signs are represented
as separate characters.
Allow multicharacter source strings in unaccent (Tom Lane)
This could be useful in languages where diacritic signs are
represented as separate characters. It also allows more complex
unaccent dictionaries.
Add contrib modules tsm_system_rows and
tsm_system_time
to allow additional table sampling methods (Petr Jelínek)
Add GIN
index inspection functions to pageinspect (Heikki
Linnakangas, Peter Geoghegan, Michael Paquier)
Add information about buffer pins to pg_buffercache display
(Andres Freund)
Allow pgstattuple
to report approximate answers with less overhead using
pgstattuple_approx() (Abhijit Menon-Sen)
Move dummy_seclabel, test_shm_mq,
test_parser, and worker_spi
from contrib to src/test/modules
(Álvaro Herrera)
These modules are only meant for server testing, so they do not need
to be built or installed when packaging PostgreSQL.