Fix possible mis-evaluation of
nested CASE-WHEN expressions (Heikki
Linnakangas, Michael Paquier, Tom Lane)
A CASE expression appearing within the test value
subexpression of another CASE could become confused about
whether its own test value was null or not. Also, inlining of a SQL
function implementing the equality operator used by
a CASE expression could result in passing the wrong test
value to functions called within a CASE expression in the
SQL function's body. If the test values were of different data
types, a crash might result; moreover such situations could be abused
to allow disclosure of portions of server memory. (CVE-2016-5423)
Fix client programs' handling of special characters in database and
role names (Noah Misch, Nathan Bossart, Michael Paquier)
Numerous places in vacuumdb and other client programs
could become confused by database and role names containing double
quotes or backslashes. Tighten up quoting rules to make that safe.
Also, ensure that when a conninfo string is used as a database name
parameter to these programs, it is correctly treated as such throughout.
Fix handling of paired double quotes
in psql's \connect
and \password commands to match the documentation.
Introduce a new -reuse-previous option
in psql's \connect command to allow
explicit control of whether to re-use connection parameters from a
previous connection. (Without this, the choice is based on whether
the database name looks like a conninfo string, as before.) This
allows secure handling of database names containing special
characters in pg_dumpall scripts.
pg_dumpall now refuses to deal with database and role
names containing carriage returns or newlines, as it seems impractical
to quote those characters safely on Windows. In future we may reject
such names on the server side, but that step has not been taken yet.
These are considered security fixes because crafted object names
containing special characters could have been used to execute
commands with superuser privileges the next time a superuser
executes pg_dumpall or other routine maintenance
operations. (CVE-2016-5424)
Fix corner-case misbehaviors for IS NULL/IS NOT
NULL applied to nested composite values (Andrew Gierth, Tom Lane)
The SQL standard specifies that IS NULL should return
TRUE for a row of all null values (thus ROW(NULL,NULL) IS
NULL yields TRUE), but this is not meant to apply recursively
(thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE).
The core executor got this right, but certain planner optimizations
treated the test as recursive (thus producing TRUE in both cases),
and contrib/postgres_fdw could produce remote queries
that misbehaved similarly.
Make the inet and cidr data types properly reject
IPv6 addresses with too many colon-separated fields (Tom Lane)
Prevent crash in close_ps()
(the point ## lseg operator)
for NaN input coordinates (Tom Lane)
Make it return NULL instead of crashing.
Fix several one-byte buffer over-reads in to_number()
(Peter Eisentraut)
In several cases the to_number() function would read one
more character than it should from the input string. There is a
small chance of a crash, if the input happens to be adjacent to the
end of memory.
Avoid unsafe intermediate state during expensive paths
through heap_update() (Masahiko Sawada, Andres Freund)
Previously, these cases locked the target tuple (by setting its XMAX)
but did not WAL-log that action, thus risking data integrity problems
if the page were spilled to disk and then a database crash occurred
before the tuple update could be completed.
Avoid consuming a transaction ID during VACUUM
(Alexander Korotkov)
Some cases in VACUUM unnecessarily caused an XID to be
assigned to the current transaction. Normally this is negligible,
but if one is up against the XID wraparound limit, consuming more
XIDs during anti-wraparound vacuums is a very bad thing.
Avoid canceling hot-standby queries during VACUUM FREEZE
(Simon Riggs, Álvaro Herrera)
VACUUM FREEZE on an otherwise-idle master server could
result in unnecessary cancellations of queries on its standby
servers.
When a manual ANALYZE specifies a column list, don't
reset the table's changes_since_analyze counter
(Tom Lane)
If we're only analyzing some columns, we should not prevent routine
auto-analyze from happening for the other columns.
Fix ANALYZE's overestimation of n_distinct
for a unique or nearly-unique column with many null entries (Tom
Lane)
The nulls could get counted as though they were themselves distinct
values, leading to serious planner misestimates in some types of
queries.
Prevent autovacuum from starting multiple workers for the same shared
catalog (Álvaro Herrera)
Normally this isn't much of a problem because the vacuum doesn't take
long anyway; but in the case of a severely bloated catalog, it could
result in all but one worker uselessly waiting instead of doing
useful work on other tables.
Fix contrib/btree_gin to handle the smallest
possible bigint value correctly (Peter Eisentraut)
Teach libpq to correctly decode server version from future servers
(Peter Eisentraut)
It's planned to switch to two-part instead of three-part server
version numbers for releases after 9.6. Make sure
that PQserverVersion() returns the correct value for
such cases.
Fix ecpg's code for unsigned long long
array elements (Michael Meskes)
Make pg_basebackup accept -Z 0 as
specifying no compression (Fujii Masao)
Revert to the old heuristic timeout for pg_ctl start -w
(Tom Lane)
The new method adopted as of release 9.1.20 does not work
when silent_mode is enabled, so go back to the old way.
Fix makefiles' rule for building AIX shared libraries to be safe for
parallel make (Noah Misch)
Fix TAP tests and MSVC scripts to work when build directory's path
name contains spaces (Michael Paquier, Kyotaro Horiguchi)
Make regression tests safe for Danish and Welsh locales (Jeff Janes,
Tom Lane)
Change some test data that triggered the unusual sorting rules of
these locales.
Update our copy of the timezone code to match
IANA's tzcode release 2016c (Tom Lane)
This is needed to cope with anticipated future changes in the time
zone data files. It also fixes some corner-case bugs in coping with
unusual time zones.
Update time zone data files to tzdata release 2016f
for DST law changes in Kemerovo and Novosibirsk, plus historical
corrections for Azerbaijan, Belarus, and Morocco.