Fix contrib/pgcrypto to detect and report
too-short crypt() salts (Josh Kupershmidt)
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of
attacks that arrange for presence of confidential information in the
disclosed bytes, but they seem unlikely. (CVE-2015-5288)
Fix subtransaction cleanup after a portal (cursor) belonging to an
outer subtransaction fails (Tom Lane, Michael Paquier)
A function executed in an outer-subtransaction cursor could cause an
assertion failure or crash by referencing a relation created within an
inner subtransaction.
Fix insertion of relations into the relation cache "init file"
(Tom Lane)
An oversight in a patch in the most recent minor releases
caused pg_trigger_tgrelid_tgname_index to be omitted
from the init file. Subsequent sessions detected this, then deemed the
init file to be broken and silently ignored it, resulting in a
significant degradation in session startup time. In addition to fixing
the bug, install some guards so that any similar future mistake will be
more obvious.
Avoid O(N^2) behavior when inserting many tuples into a SPI query
result (Neil Conway)
Improve LISTEN startup time when there are many unread
notifications (Matt Newell)
Disable SSL renegotiation by default (Michael Paquier, Andres Freund)
While use of SSL renegotiation is a good idea in theory, we have seen
too many bugs in practice, both in the underlying OpenSSL library and
in our usage of it. Renegotiation will be removed entirely in 9.5 and
later. In the older branches, just change the default value
of ssl_renegotiation_limit to zero (disabled).
Lower the minimum values of the *_freeze_max_age parameters
(Andres Freund)
This is mainly to make tests of related behavior less time-consuming,
but it may also be of value for installations with limited disk space.
Limit the maximum value of wal_buffers to 2GB to avoid
server crashes (Josh Berkus)
Fix rare internal overflow in multiplication of numeric values
(Dean Rasheed)
Guard against hard-to-reach stack overflows involving record types,
range types, json, jsonb, tsquery,
ltxtquery and query_int (Noah Misch)
Fix handling of DOW and DOY in datetime input
(Greg Stark)
These tokens aren't meant to be used in datetime values, but previously
they resulted in opaque internal error messages rather
than "invalid input syntax".
Add more query-cancel checks to regular expression matching (Tom Lane)
Add recursion depth protections to regular expression, SIMILAR
TO, and LIKE matching (Tom Lane)
Suitable search patterns and a low stack depth limit could lead to
stack-overrun crashes.
Fix potential infinite loop in regular expression execution (Tom Lane)
A search pattern that can apparently match a zero-length string, but
actually doesn't match because of a back reference, could lead to an
infinite loop.
Fix low-memory failures in regular expression compilation
(Andreas Seltenreich)
Fix low-probability memory leak during regular expression execution
(Tom Lane)
Fix rare low-memory failure in lock cleanup during transaction abort
(Tom Lane)
Fix "unexpected out-of-memory situation during sort" errors
when using tuplestores with small work_mem settings (Tom
Lane)
Fix very-low-probability stack overrun in qsort (Tom Lane)
Fix "invalid memory alloc request size" failure in hash joins
with large work_mem settings (Tomas Vondra, Tom Lane)
Fix assorted planner bugs (Tom Lane)
These mistakes could lead to incorrect query plans that would give wrong
answers, or to assertion failures in assert-enabled builds, or to odd
planner errors such as "could not devise a query plan for the
given query", "could not find pathkey item to
sort", "plan should not reference subplan's variable",
or "failed to assign all NestLoopParams to plan nodes".
Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz
testing that exposed these problems.
Use fuzzy path cost tiebreaking rule in all supported branches (Tom Lane)
This change is meant to avoid platform-specific behavior when
alternative plan choices have effectively-identical estimated costs.
During postmaster shutdown, ensure that per-socket lock files are
removed and listen sockets are closed before we remove
the postmaster.pid file (Tom Lane)
This avoids race-condition failures if an external script attempts to
start a new postmaster as soon as pg_ctl stop returns.
Fix postmaster's handling of a startup-process crash during crash
recovery (Tom Lane)
If, during a crash recovery cycle, the startup process crashes without
having restored database consistency, we'd try to launch a new startup
process, which typically would just crash again, leading to an infinite
loop.
Do not print a WARNING when an autovacuum worker is already
gone when we attempt to signal it, and reduce log verbosity for such
signals (Tom Lane)
Prevent autovacuum launcher from sleeping unduly long if the server
clock is moved backwards a large amount (Álvaro Herrera)
Ensure that cleanup of a GIN index's pending-insertions list is
interruptable by cancel requests (Jeff Janes)
Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas)
Such a page might be left behind after a crash.
Fix off-by-one error that led to otherwise-harmless warnings
about "apparent wraparound" in subtrans/multixact truncation
(Thomas Munro)
Fix misreporting of CONTINUE and MOVE statement
types in PL/pgSQL's error context messages
(Pavel Stehule, Tom Lane)
Fix some places in PL/Tcl that neglected to check for
failure of malloc() calls (Michael Paquier, Álvaro
Herrera)
Improve libpq's handling of out-of-memory conditions
(Michael Paquier, Heikki Linnakangas)
Fix memory leaks and missing out-of-memory checks
in ecpg (Michael Paquier)
Fix psql's code for locale-aware formatting of numeric
output (Tom Lane)
The formatting code invoked by \pset numericlocale on
did the wrong thing for some uncommon cases such as numbers with an
exponent but no decimal point. It could also mangle already-localized
output from the money data type.
Prevent crash in psql's \c command when
there is no current connection (Noah Misch)
Ensure that temporary files created during a pg_dump
run with tar-format output are not world-readable (Michael
Paquier)
Fix pg_dump and pg_upgrade to support
cases where the postgres or template1 database
is in a non-default tablespace (Marti Raudsepp, Bruce Momjian)
Fix pg_dump to handle object privileges sanely when
dumping from a server too old to have a particular privilege type
(Tom Lane)
When dumping functions or procedural languages from pre-7.3
servers, pg_dump would
produce GRANT/REVOKE commands that revoked the
owner's grantable privileges and instead granted all privileges
to PUBLIC. Since the privileges involved are
just USAGE and EXECUTE, this isn't a security
problem, but it's certainly a surprising representation of the older
systems' behavior. Fix it to leave the default privilege state alone
in these cases.
Fix pg_dump to dump shell types (Tom Lane)
Shell types (that is, not-yet-fully-defined types) aren't useful for
much, but nonetheless pg_dump should dump them.
Fix spinlock assembly code for PPC hardware to be compatible
with AIX's native assembler (Tom Lane)
Building with gcc didn't work if gcc
had been configured to use the native assembler, which is becoming more
common.
On AIX, test the -qlonglong compiler option
rather than just assuming it's safe to use (Noah Misch)
On AIX, use -Wl,-brtllib link option to allow
symbols to be resolved at runtime (Noah Misch)
Perl relies on this ability in 5.8.0 and later.
Avoid use of inline functions when compiling with
32-bit xlc, due to compiler bugs (Noah Misch)
Use librt for sched_yield() when necessary,
which it is on some Solaris versions (Oskari Saarenmaa)
Fix Windows install.bat script to handle target directory
names that contain spaces (Heikki Linnakangas)
Make the numeric form of the PostgreSQL version number
(e.g., 90405) readily available to extension Makefiles,
as a variable named VERSION_NUM (Michael Paquier)
Update time zone data files to tzdata release 2015g for
DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk
Island, North Korea, Turkey, and Uruguay. There is a new zone name
America/Fort_Nelson for the Canadian Northern Rockies.