E.43. Release 9.4.10

E.43.1. Migration to Version 9.4.10
E.43.2. Changes

Release date: 2016-10-27

This release contains a variety of fixes from 9.4.9. For information about new features in the 9.4 major release, see Section E.53.

E.43.1. Migration to Version 9.4.10

A dump/restore is not required for those running 9.4.X.

However, if your installation has been affected by the bug described in the first changelog entry below, then after updating you may need to take action to repair corrupted free space maps.

Also, if you are upgrading from a version earlier than 9.4.6, see Section E.47.

E.43.2. Changes

  • Fix WAL-logging of truncation of relation free space maps and visibility maps (Pavan Deolasee, Heikki Linnakangas)

    It was possible for these files to not be correctly restored during crash recovery, or to be written incorrectly on a standby server. Bogus entries in a free space map could lead to attempts to access pages that have been truncated away from the relation itself, typically producing errors like could not read block XXX: read only 0 of 8192 bytes. Checksum failures in the visibility map are also possible, if checksumming is enabled.

    Procedures for determining whether there is a problem and repairing it if so are discussed at https://wiki.postgresql.org/wiki/Free_Space_Map_Problems.

  • Fix incorrect creation of GIN index WAL records on big-endian machines (Tom Lane)

    The typical symptom was unexpected GIN leaf action errors during WAL replay.

  • Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction (Álvaro Herrera)

    In 9.5 and later, the SELECT would sometimes fail to return such tuples at all. A failure has not been proven to occur in earlier releases, but might be possible with concurrent updates.

  • Fix EvalPlanQual rechecks involving CTE scans (Tom Lane)

    The recheck would always see the CTE as returning no rows, typically leading to failure to update rows that were recently updated.

  • Fix improper repetition of previous results from hashed aggregation in a subquery (Andrew Gierth)

    The test to see if we can reuse a previously-computed hash table of the aggregate state values neglected the possibility of an outer query reference appearing in an aggregate argument expression. A change in the value of such a reference should lead to recalculating the hash table, but did not.

  • Fix query-lifespan memory leak in a bulk UPDATE on a table with a PRIMARY KEY or REPLICA IDENTITY index (Tom Lane)

  • Fix EXPLAIN to emit valid XML when track_io_timing is on (Markus Winand)

    Previously the XML output-format option produced syntactically invalid tags such as <I/O-Read-Time>. That is now rendered as <I-O-Read-Time>.

  • Suppress printing of zeroes for unmeasured times in EXPLAIN (Maksim Milyutin)

    Certain option combinations resulted in printing zero values for times that actually aren't ever measured in that combination. Our general policy in EXPLAIN is not to print such fields at all, so do that consistently in all cases.

  • Fix timeout length when VACUUM is waiting for exclusive table lock so that it can truncate the table (Simon Riggs)

    The timeout was meant to be 50 milliseconds, but it was actually only 50 microseconds, causing VACUUM to give up on truncation much more easily than intended. Set it to the intended value.

  • Fix bugs in merging inherited CHECK constraints while creating or altering a table (Tom Lane, Amit Langote)

    Allow identical CHECK constraints to be added to a parent and child table in either order. Prevent merging of a valid constraint from the parent table with a NOT VALID constraint on the child. Likewise, prevent merging of a NO INHERIT child constraint with an inherited constraint.

  • Remove artificial restrictions on the values accepted by numeric_in() and numeric_recv() (Tom Lane)

    We allow numeric values up to the limit of the storage format (more than 1e100000), so it seems fairly pointless that numeric_in() rejected scientific-notation exponents above 1000. Likewise, it was silly for numeric_recv() to reject more than 1000 digits in an input value.

  • Avoid very-low-probability data corruption due to testing tuple visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, Tom Lane)

  • Fix logical WAL decoding to work properly when a subtransaction's WAL output is large enough to spill to disk (Andres Freund)

  • Fix buffer overread in logical WAL decoding (Tom Lane)

    Logical decoding of a tuple update record read 23 bytes too many, which was usually harmless but with very bad luck could result in a crash.

  • Fix file descriptor leakage when truncating a temporary relation of more than 1GB (Andres Freund)

  • Disallow starting a standalone backend with standby_mode turned on (Michael Paquier)

    This can't do anything useful, since there will be no WAL receiver process to fetch more WAL data; and it could result in misbehavior in code that wasn't designed with this situation in mind.

  • Properly initialize replication slot state when recycling a previously-used slot (Michael Paquier)

    This failure to reset all of the fields of the slot could prevent VACUUM from removing dead tuples.

  • Round shared-memory allocation request to a multiple of the actual huge page size when attempting to use huge pages on Linux (Tom Lane)

    This avoids possible failures during munmap() on systems with atypical default huge page sizes. Except in crash-recovery cases, there were no ill effects other than a log message.

  • Use a more random value for the dynamic shared memory control segment's ID (Robert Haas, Tom Lane)

    Previously, the same value would be chosen every time, because it was derived from random() but srandom() had not yet been called. While relatively harmless, this was not the intended behavior.

  • On Windows, retry creation of the dynamic shared memory control segment after an access-denied error (Kyotaro Horiguchi, Amit Kapila)

    Windows sometimes returns ERROR_ACCESS_DENIED rather than ERROR_ALREADY_EXISTS when there is an existing segment. This led to postmaster startup failure due to believing that the former was an unrecoverable error.

  • Don't try to share SSL contexts across multiple connections in libpq (Heikki Linnakangas)

    This led to assorted corner-case bugs, particularly when trying to use different SSL parameters for different connections.

  • Avoid corner-case memory leak in libpq (Tom Lane)

    The reported problem involved leaking an error report during PQreset(), but there might be related cases.

  • Make ecpg's --help and --version options work consistently with our other executables (Haribabu Kommi)

  • Fix pgbench's calculation of average latency (Fabien Coelho)

    The calculation was incorrect when there were \sleep commands in the script, or when the test duration was specified in number of transactions rather than total time.

  • In pg_dump, never dump range constructor functions (Tom Lane)

    This oversight led to pg_upgrade failures with extensions containing range types, due to duplicate creation of the constructor functions.

  • In pg_xlogdump, retry opening new WAL segments when using --follow option (Magnus Hagander)

    This allows for a possible delay in the server's creation of the next segment.

  • Fix pg_xlogdump to cope with a WAL file that begins with a continuation record spanning more than one page (Pavan Deolasee)

  • Fix contrib/pg_buffercache to work when shared_buffers exceeds 256GB (KaiGai Kohei)

  • Fix contrib/intarray/bench/bench.pl to print the results of the EXPLAIN it does when given the -e option (Daniel Gustafsson)

  • Install TAP test infrastructure so that it's available for extension testing (Craig Ringer)

    When PostgreSQL has been configured with --enable-tap-tests, make install will now install the Perl support files for TAP testing where PGXS can find them. This allows non-core extensions to use $(prove_check) without extra tests.

  • In MSVC builds, include pg_recvlogical in a client-only installation (MauMau)

  • Update Windows time zone mapping to recognize some time zone names added in recent Windows versions (Michael Paquier)

  • Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane)

    If a dynamic time zone abbreviation does not match any entry in the referenced time zone, treat it as equivalent to the time zone name. This avoids unexpected failures when IANA removes abbreviations from their time zone database, as they did in tzdata release 2016f and seem likely to do again in the future. The consequences were not limited to not recognizing the individual abbreviation; any mismatch caused the pg_timezone_abbrevs view to fail altogether.

  • Update time zone data files to tzdata release 2016h for DST law changes in Palestine and Turkey, plus historical corrections for Turkey and some regions of Russia. Switch to numeric abbreviations for some time zones in Antarctica, the former Soviet Union, and Sri Lanka.

    The IANA time zone database previously provided textual abbreviations for all time zones, sometimes making up abbreviations that have little or no currency among the local population. They are in process of reversing that policy in favor of using numeric UTC offsets in zones where there is no evidence of real-world use of an English abbreviation. At least for the time being, PostgreSQL will continue to accept such removed abbreviations for timestamp input. But they will not be shown in the pg_timezone_names view nor used for output.

    In this update, AMT is no longer shown as being in use to mean Armenia Time. Therefore, we have changed the Default abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4.