Release date: 2018-02-08
This release contains a variety of fixes from 10.1. For information about new features in major release 10, see Section E.7.
A dump/restore is not required for those running 10.X.
However,
if you use contrib/cube
's ~>
operator, see the entry below about that.
Also, if you are upgrading from a version earlier than 10.1, see Section E.6.
Fix processing of partition keys containing multiple expressions (Álvaro Herrera, David Rowley)
This error led to crashes or, with carefully crafted input, disclosure of arbitrary backend memory. (CVE-2018-1052)
Ensure that all temporary files made by pg_upgrade are non-world-readable (Tom Lane, Noah Misch)
pg_upgrade normally restricts its
temporary files to be readable and writable only by the calling user.
But the temporary file containing pg_dumpall -g
output would be group- or world-readable, or even writable, if the
user's umask
setting allows. In typical usage on
multi-user machines, the umask
and/or the working
directory's permissions would be tight enough to prevent problems;
but there may be people using pg_upgrade
in scenarios where this oversight would permit disclosure of database
passwords to unfriendly eyes.
(CVE-2018-1053)
Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera)
In some cases VACUUM
would fail to remove such
tuples even though they are now dead, leading to assorted data
corruption scenarios.
Fix failure to mark a hash index's metapage dirty after adding a new overflow page, potentially leading to index corruption (Lixian Zou, Amit Kapila)
Ensure that vacuum will always clean up the pending-insertions list of a GIN index (Masahiko Sawada)
This is necessary to ensure that dead index entries get removed. The old code got it backwards, allowing vacuum to skip the cleanup if some other process were running cleanup concurrently, thus risking invalid entries being left behind in the index.
Fix inadequate buffer locking in some LSN fetches (Jacob Champion, Asim Praveen, Ashwin Agrawal)
These errors could result in misbehavior under concurrent load. The potential consequences have not been characterized fully.
Fix incorrect query results from cases involving flattening of
subqueries whose outputs are used in GROUPING SETS
(Heikki Linnakangas)
Fix handling of list partitioning constraints for partition keys of boolean or array types (Amit Langote)
Avoid unnecessary failure in a query on an inheritance tree that
occurs concurrently with some child table being removed from the tree
by ALTER TABLE NO INHERIT
(Tom Lane)
Fix spurious deadlock failures when multiple sessions are
running CREATE INDEX CONCURRENTLY
(Jeff Janes)
During VACUUM FULL
, update the table's size fields
in pg_class
sooner (Amit Kapila)
This prevents poor behavior when rebuilding hash indexes on the
table, since those use the pg_class
statistics to govern the initial hash size.
Fix
UNION
/INTERSECT
/EXCEPT
over zero columns (Tom Lane)
Disallow identity columns on typed tables and partitions (Michael Paquier)
These cases will be treated as unsupported features for now.
Fix assorted failures to apply the correct default value when inserting into an identity column (Michael Paquier, Peter Eisentraut)
In several contexts, notably COPY
and ALTER TABLE ADD COLUMN
, the expected default
value was not applied and instead a null value was inserted.
Fix failures when an inheritance tree contains foreign child tables (Etsuro Fujita)
A mix of regular and foreign tables in an inheritance tree resulted in
creation of incorrect plans for UPDATE
and DELETE
queries. This led to visible failures in
some cases, notably when there are row-level triggers on a foreign
child table.
Repair failure with correlated sub-SELECT
inside VALUES
inside a LATERAL
subquery (Tom Lane)
Fix “could not devise a query plan for the given query”
planner failure for some cases involving nested UNION
ALL
inside a lateral subquery (Tom Lane)
Allow functional dependency statistics to be used for boolean columns (Tom Lane)
Previously, although extended statistics could be declared and collected on boolean columns, the planner failed to apply them.
Avoid underestimating the number of groups emitted by subqueries containing set-returning functions in their grouping columns (Tom Lane)
Cases similar to SELECT DISTINCT unnest(foo)
got a
lower output rowcount estimate in 10.0 than they did in earlier
releases, possibly resulting in unfavorable plan choices. Restore the
prior estimation behavior.
Fix use of triggers in logical replication workers (Petr Jelinek)
Fix logical decoding to correctly clean up disk files for crashed transactions (Atsushi Torikoshi)
Logical decoding may spill WAL records to disk for transactions generating many WAL records. Normally these files are cleaned up after the transaction's commit or abort record arrives; but if no such record is ever seen, the removal code misbehaved.
Fix walsender timeout failure and failure to respond to interrupts when processing a large transaction (Petr Jelinek)
Fix race condition during replication origin drop that could allow the dropping process to wait indefinitely (Tom Lane)
Allow members of the pg_read_all_stats
role to see
walsender statistics in the pg_stat_replication
view (Feike Steenbergen)
Show walsenders that are sending base backups as active in
the pg_stat_activity
view (Magnus Hagander)
Fix reporting of scram-sha-256
authentication
method in the pg_hba_file_rules
view
(Michael Paquier)
Previously this was printed as scram-sha256
,
possibly confusing users as to the correct spelling.
Fix has_sequence_privilege()
to
support WITH GRANT OPTION
tests,
as other privilege-testing functions do (Joe Conway)
In databases using UTF8 encoding, ignore any XML declaration that asserts a different encoding (Pavel Stehule, Noah Misch)
We always store XML strings in the database encoding, so allowing
libxml to act on a declaration of another encoding gave wrong results.
In encodings other than UTF8, we don't promise to support non-ASCII
XML data anyway, so retain the previous behavior for bug compatibility.
This change affects only xpath()
and related
functions; other XML code paths already acted this way.
Provide for forward compatibility with future minor protocol versions (Robert Haas, Badrul Chowdhury)
Up to now, PostgreSQL servers simply rejected requests to use protocol versions newer than 3.0, so that there was no functional difference between the major and minor parts of the protocol version number. Allow clients to request versions 3.x without failing, sending back a message showing that the server only understands 3.0. This makes no difference at the moment, but back-patching this change should allow speedier introduction of future minor protocol upgrades.
Allow a client that supports SCRAM channel binding (such as v11 or later libpq) to connect to a v10 server (Michael Paquier)
v10 does not have this feature, and the connection-time negotiation about whether to use it was done incorrectly.
Avoid live-lock in ConditionVariableBroadcast()
(Tom Lane, Thomas Munro)
Given repeatedly-unlucky timing, a process attempting to awaken all waiters for a condition variable could loop indefinitely. Due to the limited usage of condition variables in v10, this affects only parallel index scans and some operations on replication slots.
Clean up waits for condition variables correctly during subtransaction abort (Robert Haas)
Ensure that child processes that are waiting for a condition variable will exit promptly if the postmaster process dies (Tom Lane)
Fix crashes in parallel queries using more than one Gather node (Thomas Munro)
Fix hang in parallel index scan when processing a deleted or half-dead index page (Amit Kapila)
Avoid crash if parallel bitmap heap scan is unable to allocate a shared memory segment (Robert Haas)
Cope with failure to start a parallel worker process (Amit Kapila, Robert Haas)
Parallel query previously tended to hang indefinitely if a worker
could not be started, as the result of fork()
failure or other low-probability problems.
Avoid unnecessary failure when no parallel workers can be obtained during parallel query startup (Robert Haas)
Fix collection of EXPLAIN
statistics from parallel
workers (Amit Kapila, Thomas Munro)
Ensure that query strings passed to parallel workers are correctly null-terminated (Thomas Munro)
This prevents emitting garbage in postmaster log output from such workers.
Avoid unsafe alignment assumptions when working
with __int128
(Tom Lane)
Typically, compilers assume that __int128
variables are
aligned on 16-byte boundaries, but our memory allocation
infrastructure isn't prepared to guarantee that, and increasing the
setting of MAXALIGN seems infeasible for multiple reasons. Adjust the
code to allow use of __int128
only when we can tell the
compiler to assume lesser alignment. The only known symptom of this
problem so far is crashes in some parallel aggregation queries.
Prevent stack-overflow crashes when planning extremely deeply
nested set operations
(UNION
/INTERSECT
/EXCEPT
)
(Tom Lane)
Avoid crash during an EvalPlanQual recheck of an indexscan that is the inner child of a merge join (Tom Lane)
This could only happen during an update or SELECT FOR
UPDATE
of a join, when there is a concurrent update of some
selected row.
Fix crash in autovacuum when extended statistics are defined for a table but can't be computed (Álvaro Herrera)
Fix null-pointer crashes for some types of LDAP URLs appearing
in pg_hba.conf
(Thomas Munro)
Prevent out-of-memory failures due to excessive growth of simple hash tables (Tomas Vondra, Andres Freund)
Fix sample INSTR()
functions in the PL/pgSQL
documentation (Yugo Nagata, Tom Lane)
These functions are stated to be Oracle® compatible, but they weren't exactly. In particular, there was a discrepancy in the interpretation of a negative third parameter: Oracle thinks that a negative value indicates the last place where the target substring can begin, whereas our functions took it as the last place where the target can end. Also, Oracle throws an error for a zero or negative fourth parameter, whereas our functions returned zero.
The sample code has been adjusted to match Oracle's behavior more precisely. Users who have copied this code into their applications may wish to update their copies.
Fix pg_dump to make ACL (permissions), comment, and security label entries reliably identifiable in archive output formats (Tom Lane)
The “tag” portion of an ACL archive entry was usually
just the name of the associated object. Make it start with the object
type instead, bringing ACLs into line with the convention already used
for comment and security label archive entries. Also, fix the
comment and security label entries for the whole database, if present,
to make their tags start with DATABASE
so that they
also follow this convention. This prevents false matches in code that
tries to identify large-object-related entries by seeing if the tag
starts with LARGE OBJECT
. That could have resulted
in misclassifying entries as data rather than schema, with undesirable
results in a schema-only or data-only dump.
Note that this change has user-visible results in the output
of pg_restore --list
.
Rename pg_rewind's
copy_file_range
function to avoid conflict
with new Linux system call of that name (Andres Freund)
This change prevents build failures with newer glibc versions.
In ecpg, detect indicator arrays that do not have the correct length and report an error (David Rader)
Change the behavior of contrib/cube
's
cube
~>
int
operator to make it compatible with KNN search (Alexander Korotkov)
The meaning of the second argument (the dimension selector) has been changed to make it predictable which value is selected even when dealing with cubes of varying dimensionalities.
This is an incompatible change, but since the point of the operator was to be used in KNN searches, it seems rather useless as-is. After installing this update, any expression indexes or materialized views using this operator will need to be reindexed/refreshed.
Avoid triggering a libc assertion
in contrib/hstore
, due to use
of memcpy()
with equal source and destination
pointers (Tomas Vondra)
Fix incorrect display of tuples' null bitmaps
in contrib/pageinspect
(Maksim Milyutin)
Fix incorrect output from contrib/pageinspect
's
hash_page_items()
function (Masahiko Sawada)
In contrib/postgres_fdw
, avoid
“outer pathkeys do not match mergeclauses”
planner error when constructing a plan involving a remote join
(Robert Haas)
In contrib/postgres_fdw
, avoid planner failure
when there are duplicate GROUP BY
entries
(Jeevan Chalke)
Provide modern examples of how to auto-start Postgres on macOS (Tom Lane)
The scripts in contrib/start-scripts/osx
use
infrastructure that's been deprecated for over a decade, and which no
longer works at all in macOS releases of the last couple of years.
Add a new subdirectory contrib/start-scripts/macos
containing scripts that use the newer launchd
infrastructure.
Fix incorrect selection of configuration-specific libraries for OpenSSL on Windows (Andrew Dunstan)
Support linking to MinGW-built versions of libperl (Noah Misch)
This allows building PL/Perl with some common Perl distributions for Windows.
Fix MSVC build to test whether 32-bit libperl
needs -D_USE_32BIT_TIME_T
(Noah Misch)
Available Perl distributions are inconsistent about what they expect, and lack any reliable means of reporting it, so resort to a build-time test on what the library being used actually does.
On Windows, install the crash dump handler earlier in postmaster startup (Takayuki Tsunakawa)
This may allow collection of a core dump for some early-startup failures that did not produce a dump before.
On Windows, avoid encoding-conversion-related crashes when emitting messages very early in postmaster startup (Takayuki Tsunakawa)
Use our existing Motorola 68K spinlock code on OpenBSD as well as NetBSD (David Carlier)
Add support for spinlocks on Motorola 88K (David Carlier)
Update time zone data files to tzdata
release 2018c for DST law changes in Brazil, Sao Tome and Principe,
plus historical corrections for Bolivia, Japan, and South Sudan.
The US/Pacific-New
zone has been removed (it was
only an alias for America/Los_Angeles
anyway).