Release date: 2016-02-11
This release contains a variety of fixes from 9.4.5. For information about new features in the 9.4 major release, see Section E.58.
A dump/restore is not required for those running 9.4.X.
However, if you are upgrading an installation that contains
any GIN indexes that use the (non-default)
jsonb_path_ops operator class, see the first
changelog entry below.
Also, if you are upgrading from a version earlier than 9.4.4, see Section E.54.
Fix inconsistent hash calculations in
jsonb_path_ops GIN indexes (Tom
that contain both scalars and sub-objects at the same
nesting level, for example an array containing both
scalars and sub-arrays, key hash values could be
calculated differently than they would be for the same
key in a different context. This could result in queries
not finding entries that they should find. Fixing this
means that existing indexes may now be inconsistent with
the new hash calculation code. Users should
jsonb_path_ops GIN indexes after
installing this update to make sure that all searches
work as expected.
Fix infinite loops and buffer-overrun problems in regular expressions (Tom Lane)
Very large character ranges in bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. (CVE-2016-0773)
Perform an immediate shutdown if the
postmaster.pid file is removed (Tom
The postmaster now checks every minute or so that
postmaster.pid is still
there and still contains its own PID. If not, it performs
an immediate shutdown, as though it had received
SIGQUIT. The main
motivation for this change is to ensure that failed
buildfarm runs will get cleaned up without manual
intervention; but it also serves to limit the bad effects
if a DBA forcibly removes
postmaster.pid and then starts a new
transaction isolation mode, serialization anomalies could
be missed due to race conditions during insertions (Kevin
Grittner, Thomas Munro)
Fix failure to emit appropriate WAL records when doing
ALTER TABLE ... SET
TABLESPACE for unlogged relations (Michael
Paquier, Andres Freund)
Even though the relation's data is unlogged, the move must be logged or the relation will be inaccessible after a standby is promoted to master.
Fix possible misinitialization of unlogged relations at the end of crash recovery (Andres Freund, Michael Paquier)
Ensure walsender slots are fully re-initialized when being re-used (Magnus Hagander)
ALTER COLUMN TYPE to
reconstruct inherited check constraints properly (Tom
REASSIGN OWNED to
change ownership of composite types properly (Álvaro
REASSIGN OWNED and
ALTER OWNER to correctly
update granted-permissions lists when changing owners of
data types, foreign data wrappers, or foreign servers
(Bruce Momjian, Álvaro Herrera)
REASSIGN OWNED to
ignore foreign user mappings, rather than fail (Álvaro
Fix possible crash after doing query rewrite for an updatable view (Stephen Frost)
Fix planner's handling of
LATERAL references (Tom Lane)
This fixes some corner cases that led to “failed to build any N-way joins” or “could not devise a query plan” planner failures.
Add more defenses against bad planner cost estimates for GIN index scans when the index's internal statistics are very out-of-date (Tom Lane)
Make planner cope with hypothetical GIN indexes suggested by an index advisor plug-in (Julien Rouhaud)
Speed up generation of unique table aliases in
EXPLAIN and rule dumping,
and ensure that generated aliases do not exceed
NAMEDATALEN (Tom Lane)
Fix dumping of whole-row Vars in
VALUES() lists (Tom Lane)
Translation of minus-infinity dates and timestamps to
jsonb incorrectly rendered them as
plus-infinity (Tom Lane)
Fix possible internal overflow in
numeric division (Dean Rasheed)
Fix enforcement of restrictions inside parentheses within regular expression lookahead constraints (Tom Lane)
Lookahead constraints aren't allowed to contain backrefs, and parentheses within them are always considered non-capturing, according to the manual. However, the code failed to handle these cases properly inside a parenthesized subexpression, and would give unexpected results.
Conversion of regular expressions to indexscan bounds could produce incorrect bounds from regexps containing lookahead constraints (Tom Lane)
Fix regular-expression compiler to handle loops of constraint arcs (Tom Lane)
The code added for CVE-2007-4772 was both incomplete, in that it didn't handle loops involving more than one state, and incorrect, in that it could cause assertion failures (though there seem to be no bad consequences of that in a non-assert build). Multi-state loops would cause the compiler to run until the query was canceled or it reached the too-many-states error condition.
Improve memory-usage accounting in regular-expression compiler (Tom Lane)
This causes the code to emit “regular expression is too complex” errors in some cases that previously used unreasonable amounts of time and memory.
Improve performance of regular-expression compiler (Tom Lane)
%r escapes in
log_line_prefix work for messages
emitted due to
log_connections (Tom Lane)
started to work just after a new session had emitted the
received” log message; now they work for
that message too.
On Windows, ensure the shared-memory mapping handle gets closed in child processes that don't need it (Tom Lane, Amit Kapila)
This oversight resulted in failure to recover from
logging_collector is turned on.
Fix possible failure to detect socket EOF in non-blocking mode on Windows (Tom Lane)
It's not entirely clear whether this problem can happen in pre-9.5 branches, but if it did, the symptom would be that a walsender process would wait indefinitely rather than noticing a loss of connection.
Avoid leaking a token handle during SSPI authentication (Christian Ullrich)
In psql, ensure that libreadline's idea of the screen size is updated when the terminal window size changes (Merlin Moncure)
Previously, libreadline did not notice if the window was resized during query output, leading to strange behavior during later input of multiline queries.
\det command to interpret
its pattern argument the same way as other
\d commands with potentially
schema-qualified patterns do (Reece Hart)
Avoid possible crash in psql's
\c command when previous connection was
via Unix socket and command specifies a new hostname and
same username (Tom Lane)
pg_ctl start -w, test
child process status directly rather than relying on
heuristics (Tom Lane, Michael Paquier)
relied on an assumption that the new postmaster would
postmaster.pid within five seconds. But
that can fail on heavily-loaded systems, causing
pg_ctl to report
incorrectly that the postmaster failed to start.
Except on Windows, this change also means that a
pg_ctl start -w done
immediately after another such command will now reliably
fail, whereas previously it would report success if done
within two seconds of the first command.
pg_ctl start -w, don't
attempt to use a wildcard listen address to connect to
the postmaster (Kondo Yuta)
On Windows, pg_ctl
would fail to detect postmaster startup if
listen_addresses is set to
::, because it would try to use that
value verbatim as the address to connect to, which
doesn't work. Instead assume that
::1, respectively, is the right thing to
In pg_ctl on Windows, check service status to decide where to send output, rather than checking if standard output is a terminal (Michael Paquier)
In pg_dump and pg_basebackup, adopt the GNU convention for handling tar-archive members exceeding 8GB (Tom Lane)
The POSIX standard for
tar file format does not allow archive
member files to exceed 8GB, but most modern
implementations of tar
support an extension that fixes that. Adopt this
extension so that pg_dump with
-Ft no longer fails on tables with more
than 8GB of data, and so that pg_basebackup can handle files
larger than 8GB. In addition, fix some portability issues
that could cause failures for members between 4GB and 8GB
on some platforms. Potentially these problems could cause
unrecoverable data loss due to unreadable backup
Fix assorted corner-case bugs in pg_dump's processing of extension member objects (Tom Lane)
Make pg_dump mark a view's triggers as needing to be processed after its rule, to prevent possible failure during parallel pg_restore (Tom Lane)
Ensure that relation option values are properly quoted in pg_dump (Kouhei Sutou, Tom Lane)
A reloption value that isn't a simple identifier or number could lead to dump/reload failures due to syntax errors in CREATE statements issued by pg_dump. This is not an issue with any reloption currently supported by core PostgreSQL, but extensions could allow reloptions that cause the problem.
Avoid repeated password prompts during parallel pg_dump (Zeus Kronion)
Fix pg_upgrade's file-copying code to handle errors properly on Windows (Bruce Momjian)
Install guards in pgbench against corner-case overflow conditions during evaluation of script-specified division or modulo operators (Fabien Coelho, Michael Paquier)
Fix failure to localize messages emitted by pg_receivexlog and pg_recvlogical (Ioseph Kim)
Avoid dump/reload problems when using both plpython2 and plpython3 (Tom Lane)
In principle, both versions of PL/Python can be used in the same database, though not in the same session (because the two versions of libpython cannot safely be used concurrently). However, pg_restore and pg_upgrade both do things that can fall foul of the same-session restriction. Work around that by changing the timing of the check.
Fix PL/Python regression tests to pass with Python 3.5 (Peter Eisentraut)
Fix premature clearing of libpq's input buffer when socket EOF is seen (Tom Lane)
This mistake caused libpq to sometimes not report the backend's final error message before reporting “server closed the connection unexpectedly”.
Prevent certain PL/Java parameters from being set by non-superusers (Noah Misch)
This change mitigates a PL/Java security bug (CVE-2016-0766), which was fixed in PL/Java by marking these parameters as superuser-only. To fix the security hazard for sites that update PostgreSQL more frequently than PL/Java, make the core code aware of them also.
Improve libpq's handling of out-of-memory situations (Michael Paquier, Amit Kapila, Heikki Linnakangas)
Fix order of arguments in ecpg-generated
typedef statements (Michael Meskes)
%f format in ecpg's
Fix ecpg-supplied header files to not contain comments continued from a preprocessor directive line onto the next line (Michael Meskes)
Such a comment is rejected by ecpg. It's not yet clear whether ecpg itself should be changed.
hstore_to_json_loose()'s test for
hstore value can be
converted to a JSON number (Tom Lane)
Previously this function could be fooled by non-alphanumeric trailing characters, leading to emitting syntactically-invalid JSON.
crypt() function can be interrupted by
query cancel (Andreas Karlsson)
fix bugs triggered by use of
tableoid in data-modifying commands
(Etsuro Fujita, Robert Haas)
Accept flex versions later than 2.5.x (Tom Lane, Michael Paquier)
Now that flex 2.6.0 has been released, the version checks in our build scripts needed to be adjusted.
Improve reproducibility of build output by ensuring filenames are given to the linker in a fixed order (Christoph Berg)
This avoids possible bitwise differences in the produced executable files from one build to the next.
script where PGXS builds can find it (Jim Nasby)
This allows sane behavior in a PGXS build done on a machine where build tools such as bison are missing.
is included in the installed header files in MSVC builds
(Bruce Momjian, Michael Paquier)
Add variant regression test expected-output file to match behavior of current libxml2 (Tom Lane)
The fix for libxml2's CVE-2015-7499 causes it not to output error context reports in some cases where it used to do so. This seems to be a bug, but we'll probably have to live with it for some time, so work around it.
Update time zone data files to tzdata release 2016a for DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.