Release date: 2015-10-08
This release contains a variety of fixes from 9.2.13. For information about new features in the 9.2 major release, see Section E.103.
A dump/restore is not required for those running 9.2.X.
However, if you are upgrading from a version earlier than 9.2.11, see Section E.92.
Fix contrib/pgcrypto
to detect and report
too-short crypt()
salts (Josh Kupershmidt)
Certain invalid salt arguments crashed the server or disclosed a few bytes of server memory. We have not ruled out the viability of attacks that arrange for presence of confidential information in the disclosed bytes, but they seem unlikely. (CVE-2015-5288)
Fix subtransaction cleanup after a portal (cursor) belonging to an outer subtransaction fails (Tom Lane, Michael Paquier)
A function executed in an outer-subtransaction cursor could cause an assertion failure or crash by referencing a relation created within an inner subtransaction.
Fix insertion of relations into the relation cache “init file” (Tom Lane)
An oversight in a patch in the most recent minor releases
caused pg_trigger_tgrelid_tgname_index
to be omitted
from the init file. Subsequent sessions detected this, then deemed the
init file to be broken and silently ignored it, resulting in a
significant degradation in session startup time. In addition to fixing
the bug, install some guards so that any similar future mistake will be
more obvious.
Avoid O(N^2) behavior when inserting many tuples into a SPI query result (Neil Conway)
Improve LISTEN
startup time when there are many unread
notifications (Matt Newell)
Back-patch 9.3-era addition of per-resource-owner lock caches (Jeff Janes)
This substantially improves performance when pg_dump tries to dump a large number of tables.
Disable SSL renegotiation by default (Michael Paquier, Andres Freund)
While use of SSL renegotiation is a good idea in theory, we have seen
too many bugs in practice, both in the underlying OpenSSL library and
in our usage of it. Renegotiation will be removed entirely in 9.5 and
later. In the older branches, just change the default value
of ssl_renegotiation_limit
to zero (disabled).
Lower the minimum values of the *_freeze_max_age
parameters
(Andres Freund)
This is mainly to make tests of related behavior less time-consuming, but it may also be of value for installations with limited disk space.
Limit the maximum value of wal_buffers
to 2GB to avoid
server crashes (Josh Berkus)
Fix rare internal overflow in multiplication of numeric
values
(Dean Rasheed)
Guard against hard-to-reach stack overflows involving record types,
range types, json
, jsonb
, tsquery
,
ltxtquery
and query_int
(Noah Misch)
Fix handling of DOW
and DOY
in datetime input
(Greg Stark)
These tokens aren't meant to be used in datetime values, but previously they resulted in opaque internal error messages rather than “invalid input syntax”.
Add more query-cancel checks to regular expression matching (Tom Lane)
Add recursion depth protections to regular expression, SIMILAR
TO
, and LIKE
matching (Tom Lane)
Suitable search patterns and a low stack depth limit could lead to stack-overrun crashes.
Fix potential infinite loop in regular expression execution (Tom Lane)
A search pattern that can apparently match a zero-length string, but actually doesn't match because of a back reference, could lead to an infinite loop.
In regular expression execution, correctly record match data for capturing parentheses within a quantifier even when the match is zero-length (Tom Lane)
Fix low-memory failures in regular expression compilation (Andreas Seltenreich)
Fix low-probability memory leak during regular expression execution (Tom Lane)
Fix rare low-memory failure in lock cleanup during transaction abort (Tom Lane)
Fix “unexpected out-of-memory situation during sort” errors
when using tuplestores with small work_mem
settings (Tom
Lane)
Fix very-low-probability stack overrun in qsort
(Tom Lane)
Fix “invalid memory alloc request size” failure in hash joins
with large work_mem
settings (Tomas Vondra, Tom Lane)
Fix assorted planner bugs (Tom Lane)
These mistakes could lead to incorrect query plans that would give wrong answers, or to assertion failures in assert-enabled builds, or to odd planner errors such as “could not devise a query plan for the given query”, “could not find pathkey item to sort”, “plan should not reference subplan's variable”, or “failed to assign all NestLoopParams to plan nodes”. Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz testing that exposed these problems.
Improve planner's performance for UPDATE
/DELETE
on large inheritance sets (Tom Lane, Dean Rasheed)
Ensure standby promotion trigger files are removed at postmaster startup (Michael Paquier, Fujii Masao)
This prevents unwanted promotion from occurring if these files appear in a database backup that is used to initialize a new standby server.
During postmaster shutdown, ensure that per-socket lock files are
removed and listen sockets are closed before we remove
the postmaster.pid
file (Tom Lane)
This avoids race-condition failures if an external script attempts to
start a new postmaster as soon as pg_ctl stop
returns.
Fix postmaster's handling of a startup-process crash during crash recovery (Tom Lane)
If, during a crash recovery cycle, the startup process crashes without having restored database consistency, we'd try to launch a new startup process, which typically would just crash again, leading to an infinite loop.
Do not print a WARNING
when an autovacuum worker is already
gone when we attempt to signal it, and reduce log verbosity for such
signals (Tom Lane)
Prevent autovacuum launcher from sleeping unduly long if the server clock is moved backwards a large amount (Álvaro Herrera)
Ensure that cleanup of a GIN index's pending-insertions list is interruptable by cancel requests (Jeff Janes)
Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas)
Such a page might be left behind after a crash.
Fix handling of all-zeroes pages in SP-GiST indexes (Heikki Linnakangas)
VACUUM
attempted to recycle such pages, but did so in a
way that wasn't crash-safe.
Fix off-by-one error that led to otherwise-harmless warnings about “apparent wraparound” in subtrans/multixact truncation (Thomas Munro)
Fix misreporting of CONTINUE
and MOVE
statement
types in PL/pgSQL's error context messages
(Pavel Stehule, Tom Lane)
Fix PL/Perl to handle non-ASCII error message texts correctly (Alex Hunsaker)
Fix PL/Python crash when returning the string
representation of a record
result (Tom Lane)
Fix some places in PL/Tcl that neglected to check for
failure of malloc()
calls (Michael Paquier, Álvaro
Herrera)
In contrib/isn
, fix output of ISBN-13 numbers that begin
with 979 (Fabien Coelho)
EANs beginning with 979 (but not 9790) are considered ISBNs, but they must be printed in the new 13-digit format, not the 10-digit format.
Fix contrib/sepgsql
's handling of SELECT INTO
statements (Kohei KaiGai)
Improve libpq's handling of out-of-memory conditions (Michael Paquier, Heikki Linnakangas)
Fix memory leaks and missing out-of-memory checks in ecpg (Michael Paquier)
Fix psql's code for locale-aware formatting of numeric output (Tom Lane)
The formatting code invoked by \pset numericlocale on
did the wrong thing for some uncommon cases such as numbers with an
exponent but no decimal point. It could also mangle already-localized
output from the money
data type.
Prevent crash in psql's \c
command when
there is no current connection (Noah Misch)
Make pg_dump handle inherited NOT VALID
check constraints correctly (Tom Lane)
Fix selection of default zlib compression level in pg_dump's directory output format (Andrew Dunstan)
Ensure that temporary files created during a pg_dump run with tar-format output are not world-readable (Michael Paquier)
Fix pg_dump and pg_upgrade to support
cases where the postgres
or template1
database
is in a non-default tablespace (Marti Raudsepp, Bruce Momjian)
Fix pg_dump to handle object privileges sanely when dumping from a server too old to have a particular privilege type (Tom Lane)
When dumping data types from pre-9.2 servers, and when dumping
functions or procedural languages from pre-7.3
servers, pg_dump would
produce GRANT
/REVOKE
commands that revoked the
owner's grantable privileges and instead granted all privileges
to PUBLIC
. Since the privileges involved are
just USAGE
and EXECUTE
, this isn't a security
problem, but it's certainly a surprising representation of the older
systems' behavior. Fix it to leave the default privilege state alone
in these cases.
Fix pg_dump to dump shell types (Tom Lane)
Shell types (that is, not-yet-fully-defined types) aren't useful for much, but nonetheless pg_dump should dump them.
Fix assorted minor memory leaks in pg_dump and other client-side programs (Michael Paquier)
Fix spinlock assembly code for PPC hardware to be compatible with AIX's native assembler (Tom Lane)
Building with gcc didn't work if gcc had been configured to use the native assembler, which is becoming more common.
On AIX, test the -qlonglong
compiler option
rather than just assuming it's safe to use (Noah Misch)
On AIX, use -Wl,-brtllib
link option to allow
symbols to be resolved at runtime (Noah Misch)
Perl relies on this ability in 5.8.0 and later.
Avoid use of inline functions when compiling with 32-bit xlc, due to compiler bugs (Noah Misch)
Use librt
for sched_yield()
when necessary,
which it is on some Solaris versions (Oskari Saarenmaa)
Fix Windows install.bat
script to handle target directory
names that contain spaces (Heikki Linnakangas)
Make the numeric form of the PostgreSQL version number
(e.g., 90405
) readily available to extension Makefiles,
as a variable named VERSION_NUM
(Michael Paquier)
Update time zone data files to tzdata release 2015g for
DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk
Island, North Korea, Turkey, and Uruguay. There is a new zone name
America/Fort_Nelson
for the Canadian Northern Rockies.