96
Appendix E. Release Notes
•
Improve performance of regular-expression compiler (Tom Lane)
•
Make
%h
and
%r
escapes in
log_line_prefix
work for messages emitted due to
log_connections
(Tom Lane)
Previously,
%h
/
%r
started to work just after a new session had emitted the “connection received”
log message; now they work for that message too.
•
On Windows, ensure the shared-memory mapping handle gets closed in child processes that don’t
need it (Tom Lane, Amit Kapila)
This oversight resultedin failure to recover from crashes whenever
logging_collector
is turned
on.
•
Fix possible failure to detect socket EOF in non-blocking mode on Windows (Tom Lane)
It’s not entirely clear whether this problem can happen in pre-9.5 branches, but if it did, the symp-
tom would be that a walsender process would wait indefinitely rather than noticing a loss of con-
nection.
•
Avoid leaking a token handle during SSPI authentication (Christian Ullrich)
•
In psql, ensure that libreadline’s idea of the screen size is updated when the terminal window size
changes (Merlin Moncure)
Previously, libreadline did not notice if the window was resized during query output, leading to
strange behavior during later input of multiline queries.
•
Fix psql’s
\det
command to interpret its pattern argument the same way as other
\d
commands
with potentially schema-qualified patterns do (Reece Hart)
•
Avoid possible crash in psql’s
\c
command when previous connection was via Unix socket and
command specifies a new hostname and same username (Tom Lane)
•
In
pg_ctl start -w
, test child process status directly rather than relying on heuristics (Tom
Lane, Michael Paquier)
Previously, pg_ctl relied on an assumption that the new postmaster would always create
postmaster.pid
within five seconds. But that can fail on heavily-loaded systems, causing
pg_ctl to report incorrectly that the postmaster failed to start.
Except on Windows, this change also means that a
pg_ctl start -w
done immediately after
another such command will now reliably fail, whereas previously it would report success if done
within two seconds of the first command.
•
In
pg_ctl start -w
,don’t attempt to use a wildcard listen address to connect to the postmaster
(Kondo Yuta)
On Windows, pg_ctl would fail to detect postmaster startup if
listen_addresses
is set to
0.0.0.0
or
::
,because it wouldtryto use that value verbatim as the address to connect to, which
doesn’t work. Instead assume that
127.0.0.1
or
::1
,respectively, is the right thing to use.
•
In pg_ctl on Windows, check service status to decide where to send output, rather than checking if
standard output is a terminal (Michael Paquier)
•
In pg_dump and pg_basebackup, adopt the GNU convention for handling tar-archive members
exceeding 8GB (Tom Lane)
The POSIX standard for
tar
file format does not allow archive member files to exceed 8GB, but
most modern implementations of tar support an extension that fixes that. Adopt this extension
so that pg_dump with
-Ft
no longer fails on tables with more than 8GB of data, and so that
pg_basebackup can handle files larger than 8GB. In addition, fix some portability issues that could
2094
78
Appendix E. Release Notes
cause failures for members between 4GB and 8GB on some platforms. Potentially these problems
could cause unrecoverable data loss due to unreadable backup files.
•
Fix assorted corner-case bugs in pg_dump’s processing of extension member objects (Tom Lane)
•
Make pg_dumpmark a view’s triggers as needing to be processed after its rule, to prevent possible
failure during parallel pg_restore (Tom Lane)
•
Ensure that relation option values are properly quoted in pg_dump (Kouhei Sutou, Tom Lane)
Areloption value that isn’t a simple identifier or number could lead to dump/reload failures due
to syntax errors in CREATE statements issued by pg_dump. This is not an issue with any relop-
tion currently supported by core PostgreSQL, but extensions could allow reloptions that cause the
problem.
•
Avoid repeated password prompts during parallel pg_dump (Zeus Kronion)
•
Fix pg_upgrade’s file-copying code to handle errors properly on Windows (Bruce Momjian)
•
Install guards in pgbench against corner-case overflow conditions during evaluation of script-
specified division or modulo operators (Fabien Coelho, Michael Paquier)
•
Fix failure to localize messages emitted by pg_receivexlog and pg_recvlogical (Ioseph Kim)
•
Avoid dump/reload problems when using both plpython2 and plpython3 (Tom Lane)
In principle, both versions of PL/Python can be used in the same database, though not in the
same session (because the two versions of libpython cannot safely be used concurrently). How-
ever, pg_restore and pg_upgrade both do things that can fall foul of the same-session restriction.
Work around that by changing the timing of the check.
•
Fix PL/Python regression tests to pass with Python 3.5 (Peter Eisentraut)
•
Fix premature clearing of libpq’s input buffer when socket EOF is seen (Tom Lane)
This mistake caused libpq to sometimes not report the backend’s final error message before report-
ing “server closed the connection unexpectedly”.
•
Prevent certain PL/Java parameters from being set by non-superusers (Noah Misch)
This change mitigates a PL/Java security bug (CVE-2016-0766), which was fixed in PL/Java by
marking these parameters as superuser-only. To fix the security hazard for sites that update Post-
greSQL more frequently than PL/Java, make the core code aware of them also.
•
Improve libpq’s handling of out-of-memorysituations (Michael Paquier, Amit Kapila, Heikki Lin-
nakangas)
•
Fix order of arguments in ecpg-generated
typedef
statements (Michael Meskes)
•
Use
%g
not
%f
format in ecpg’s
PGTYPESnumeric_from_double()
(Tom Lane)
•
Fix ecpg-supplied header files to not contain comments continued from a preprocessor directive
line onto the next line (Michael Meskes)
Such a comment is rejected by ecpg. It’s not yet clear whether ecpg itself should be changed.
•
Fix
hstore_to_json_loose()
’s test for whether an
hstore
value can be converted to a JSON
number (Tom Lane)
Previously this function could be fooled by non-alphanumeric trailing characters, leading to emit-
ting syntactically-invalid JSON.
•
Ensurethat
contrib/pgcrypto
’s
crypt()
functioncan be interruptedbyquery cancel(Andreas
Karlsson)
•
Accept flex versions later than 2.5.x (Tom Lane, Michael Paquier)
2095
57
Appendix E. Release Notes
Nowthat flex 2.6.0 has been released, the version checks inour build scripts needed to be adjusted.
•
Improve reproducibility of build output by ensuring filenames are given to the linker in a fixed
order (Christoph Berg)
This avoids possible bitwise differences inthe produced executable files from one build to the next.
•
Install our
missing
script where PGXS builds can find it (Jim Nasby)
This allows sane behavior in a PGXS build done on a machine where build tools such as bison are
missing.
•
Ensure that
dynloader.h
is included in the installed header files in MSVC builds (Bruce
Momjian, Michael Paquier)
•
Add variant regressiontest expected-output file to match behavior of current libxml2 (Tom Lane)
The fix for libxml2’s CVE-2015-7499 causes it not to output error context reports in some cases
where itused to doso. This seems to be a bug, butwe’ll probably have to live withit for some time,
so work around it.
•
Update time zone data files to tzdata release 2016a for DST law changes in Cayman Islands, Met-
lakatla, and Trans-Baikal Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
E.11. Release 9.3.10
ReleaseDate: 2015-10-08
This release contains avariety of fixes from 9.3.9. For information about new features in the 9.3major
release, see Section E.21.
E.11.1. Migration to Version 9.3.10
Adump/restore is not required for those running 9.3.X.
However, if you are upgrading from a version earlier than 9.3.9, see Section E.12.
E.11.2. Changes
•
Guard against stack overflows in
json
parsing (Oskari Saarenmaa)
If an application constructs PostgreSQL
json
or
jsonb
values from arbitrary user input, the ap-
plication’s users can reliably crash the PostgreSQL server, causing momentary denial of service.
(CVE-2015-5289)
•
Fix
contrib/pgcrypto
todetect and report too-short
crypt()
salts (Josh Kupershmidt)
Certain invalid salt arguments crashed the server or disclosed a few bytes of server memory. We
have not ruled out the viability of attacks that arrange for presence of confidential information in
the disclosed bytes, but they seem unlikely. (CVE-2015-5288)
•
Fix subtransaction cleanup after a portal (cursor) belonging to an outer subtransaction fails (Tom
Lane, Michael Paquier)
2096
102
Appendix E. Release Notes
Afunction executed in an outer-subtransaction cursor could cause an assertion failure or crash by
referencinga relation created within an inner subtransaction.
•
Ensureallrelations referred to by anupdatableview are properlylockedduring anupdatestatement
(Dean Rasheed)
•
Fix insertion of relations into the relation cache “init file” (Tom Lane)
An
oversight in
a
patch
in
the
most recent
minor
releases
caused
pg_trigger_tgrelid_tgname_index
to be omitted from the init file. Subsequent sessions
detected this, then deemed the initfile to be broken and silently ignored it, resulting in a significant
degradation in session startup time. In addition to fixing the bug, install some guards so that any
similar future mistake will be more obvious.
•
Avoid O(N^2) behavior when inserting many tuples into a SPI query result (Neil Conway)
•
Improve
LISTEN
startup time whenthere are many unread notifications (Matt Newell)
•
Fix performance problem when a session alters large numbers of foreign key constraints (Jan
Wieck, Tom Lane)
This was seen primarily when restoring pg_dump output for databases with many thousands of
tables.
•
Disable SSL renegotiation by default (Michael Paquier, Andres Freund)
While use of SSL renegotiation is a good idea in theory, we have seen too many bugs in
practice, both in the underlying OpenSSL library and in our usage of it. Renegotiation will
be removed entirely in 9.5 and later. In the older branches, just change the default value of
ssl_renegotiation_limit
to zero (disabled).
•
Lower the minimum values of the
*
_freeze_max_age
parameters (Andres Freund)
This is mainly to make tests of related behavior less time-consuming, but it may also be of value
for installations with limited disk space.
•
Limit the maximum value of
wal_buffers
to 2GB to avoid server crashes (Josh Berkus)
•
Avoid logging complaints when a parameter that can only be set at server start appears multiple
times in
postgresql.conf
,and fix counting of line numbers after an
include_dir
directive
(Tom Lane)
•
Fix rare internal overflow in multiplication of
numeric
values (Dean Rasheed)
•
Guard against hard-to-reach stack overflows involving record types, range types,
json
,
jsonb
,
tsquery
,
ltxtquery
and
query_int
(Noah Misch)
•
Fix handling of
DOW
and
DOY
in datetime input (Greg Stark)
These tokens aren’t meant to be used in datetime values, but previously they resulted in opaque
internal error messages rather than “invalid input syntax”.
•
Add more query-cancel checks to regular expression matching (Tom Lane)
•
Add recursion depth protections to regular expression,
SIMILAR TO
,and
LIKE
matching (Tom
Lane)
Suitable search patterns and a low stack depth limit could lead to stack-overrun crashes.
•
Fix potential infinite loop in regular expression execution (Tom Lane)
Asearchpatternthatcan apparently matcha zero-length string, butactually doesn’t match because
of a back reference, could lead to an infinite loop.
•
In regular expression execution, correctly record match data for capturing parentheses within a
quantifier even when the match is zero-length (Tom Lane)
2097
Documents you may be interested
Documents you may be interested