Fix infinite loops and buffer-overrun problems in regular expressions
(Tom Lane)
Very large character ranges in bracket expressions could cause
infinite loops in some cases, and memory overwrites in other cases.
(CVE-2016-0773)
Perform an immediate shutdown if the postmaster.pid file
is removed (Tom Lane)
The postmaster now checks every minute or so
that postmaster.pid is still there and still contains its
own PID. If not, it performs an immediate shutdown, as though it had
received SIGQUIT. The main motivation for this change
is to ensure that failed buildfarm runs will get cleaned up without
manual intervention; but it also serves to limit the bad effects if a
DBA forcibly removes postmaster.pid and then starts a new
postmaster.
In SERIALIZABLE transaction isolation mode, serialization
anomalies could be missed due to race conditions during insertions
(Kevin Grittner, Thomas Munro)
Fix failure to emit appropriate WAL records when doing ALTER
TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier,
Andres Freund)
Even though the relation's data is unlogged, the move must be logged or
the relation will be inaccessible after a standby is promoted to master.
Fix possible misinitialization of unlogged relations at the end of
crash recovery (Andres Freund, Michael Paquier)
Fix ALTER COLUMN TYPE to reconstruct inherited check
constraints properly (Tom Lane)
Fix REASSIGN OWNED to change ownership of composite types
properly (Álvaro Herrera)
Fix REASSIGN OWNED and ALTER OWNER to correctly
update granted-permissions lists when changing owners of data types,
foreign data wrappers, or foreign servers (Bruce Momjian,
Álvaro Herrera)
Fix REASSIGN OWNED to ignore foreign user mappings,
rather than fail (Álvaro Herrera)
Add more defenses against bad planner cost estimates for GIN index
scans when the index's internal statistics are very out-of-date
(Tom Lane)
Make planner cope with hypothetical GIN indexes suggested by an index
advisor plug-in (Julien Rouhaud)
Fix dumping of whole-row Vars in ROW()
and VALUES() lists (Tom Lane)
Fix possible internal overflow in numeric division
(Dean Rasheed)
Fix enforcement of restrictions inside parentheses within regular
expression lookahead constraints (Tom Lane)
Lookahead constraints aren't allowed to contain backrefs, and
parentheses within them are always considered non-capturing, according
to the manual. However, the code failed to handle these cases properly
inside a parenthesized subexpression, and would give unexpected
results.
Conversion of regular expressions to indexscan bounds could produce
incorrect bounds from regexps containing lookahead constraints
(Tom Lane)
Fix regular-expression compiler to handle loops of constraint arcs
(Tom Lane)
The code added for CVE-2007-4772 was both incomplete, in that it didn't
handle loops involving more than one state, and incorrect, in that it
could cause assertion failures (though there seem to be no bad
consequences of that in a non-assert build). Multi-state loops would
cause the compiler to run until the query was canceled or it reached
the too-many-states error condition.
Improve memory-usage accounting in regular-expression compiler
(Tom Lane)
This causes the code to emit "regular expression is too
complex" errors in some cases that previously used unreasonable
amounts of time and memory.
Improve performance of regular-expression compiler (Tom Lane)
Make %h and %r escapes
in log_line_prefix work for messages emitted due
to log_connections (Tom Lane)
Previously, %h/%r started to work just after a
new session had emitted the "connection received" log message;
now they work for that message too.
On Windows, ensure the shared-memory mapping handle gets closed in
child processes that don't need it (Tom Lane, Amit Kapila)
This oversight resulted in failure to recover from crashes
whenever logging_collector is turned on.
Fix possible failure to detect socket EOF in non-blocking mode on
Windows (Tom Lane)
It's not entirely clear whether this problem can happen in pre-9.5
branches, but if it did, the symptom would be that a walsender process
would wait indefinitely rather than noticing a loss of connection.
Avoid leaking a token handle during SSPI authentication
(Christian Ullrich)
In psql, ensure that libreadline's idea
of the screen size is updated when the terminal window size changes
(Merlin Moncure)
Previously, libreadline did not notice if the window
was resized during query output, leading to strange behavior during
later input of multiline queries.
Fix psql's \det command to interpret its
pattern argument the same way as other \d commands with
potentially schema-qualified patterns do (Reece Hart)
Avoid possible crash in psql's \c command
when previous connection was via Unix socket and command specifies a
new hostname and same username (Tom Lane)
In pg_ctl start -w, test child process status directly
rather than relying on heuristics (Tom Lane, Michael Paquier)
Previously, pg_ctl relied on an assumption that the new
postmaster would always create postmaster.pid within five
seconds. But that can fail on heavily-loaded systems,
causing pg_ctl to report incorrectly that the
postmaster failed to start.
Except on Windows, this change also means that a pg_ctl start
-w done immediately after another such command will now reliably
fail, whereas previously it would report success if done within two
seconds of the first command.
In pg_ctl start -w, don't attempt to use a wildcard listen
address to connect to the postmaster (Kondo Yuta)
On Windows, pg_ctl would fail to detect postmaster
startup if listen_addresses is set to 0.0.0.0
or ::, because it would try to use that value verbatim as
the address to connect to, which doesn't work. Instead assume
that 127.0.0.1 or ::1, respectively, is the
right thing to use.
In pg_ctl on Windows, check service status to decide
where to send output, rather than checking if standard output is a
terminal (Michael Paquier)
In pg_dump and pg_basebackup, adopt
the GNU convention for handling tar-archive members exceeding 8GB
(Tom Lane)
The POSIX standard for tar file format does not allow
archive member files to exceed 8GB, but most modern implementations
of tar support an extension that fixes that. Adopt
this extension so that pg_dump with -Ft no
longer fails on tables with more than 8GB of data, and so
that pg_basebackup can handle files larger than 8GB.
In addition, fix some portability issues that could cause failures for
members between 4GB and 8GB on some platforms. Potentially these
problems could cause unrecoverable data loss due to unreadable backup
files.
Fix assorted corner-case bugs in pg_dump's processing
of extension member objects (Tom Lane)
Make pg_dump mark a view's triggers as needing to be
processed after its rule, to prevent possible failure during
parallel pg_restore (Tom Lane)
Ensure that relation option values are properly quoted
in pg_dump (Kouhei Sutou, Tom Lane)
A reloption value that isn't a simple identifier or number could lead
to dump/reload failures due to syntax errors in CREATE statements
issued by pg_dump. This is not an issue with any
reloption currently supported by core PostgreSQL, but
extensions could allow reloptions that cause the problem.
Fix pg_upgrade's file-copying code to handle errors
properly on Windows (Bruce Momjian)
Install guards in pgbench against corner-case overflow
conditions during evaluation of script-specified division or modulo
operators (Fabien Coelho, Michael Paquier)
Prevent certain PL/Java parameters from being set by
non-superusers (Noah Misch)
This change mitigates a PL/Java security bug
(CVE-2016-0766), which was fixed in PL/Java by marking
these parameters as superuser-only. To fix the security hazard for
sites that update PostgreSQL more frequently
than PL/Java, make the core code aware of them also.
Improve libpq's handling of out-of-memory situations
(Michael Paquier, Amit Kapila, Heikki Linnakangas)
Fix order of arguments
in ecpg-generated typedef statements
(Michael Meskes)
Use %g not %f format
in ecpg's PGTYPESnumeric_from_double()
(Tom Lane)
Fix ecpg-supplied header files to not contain comments
continued from a preprocessor directive line onto the next line
(Michael Meskes)
Such a comment is rejected by ecpg. It's not yet clear
whether ecpg itself should be changed.
Ensure that contrib/pgcrypto's crypt()
function can be interrupted by query cancel (Andreas Karlsson)
Accept flex versions later than 2.5.x
(Tom Lane, Michael Paquier)
Now that flex 2.6.0 has been released, the version checks in our build
scripts needed to be adjusted.
Install our missing script where PGXS builds can find it
(Jim Nasby)
This allows sane behavior in a PGXS build done on a machine where build
tools such as bison are missing.
Ensure that dynloader.h is included in the installed
header files in MSVC builds (Bruce Momjian, Michael Paquier)
Add variant regression test expected-output file to match behavior of
current libxml2 (Tom Lane)
The fix for libxml2's CVE-2015-7499 causes it not to
output error context reports in some cases where it used to do so.
This seems to be a bug, but we'll probably have to live with it for
some time, so work around it.
Update time zone data files to tzdata release 2016a for
DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.