Release date: 2018-02-08
This release contains a variety of fixes from 9.5.10. For information about new features in the 9.5 major release, see Section E.33.
A dump/restore is not required for those running 9.5.X.
However, if you are upgrading from a version earlier than 9.5.10, see Section E.23.
Ensure that all temporary files made by pg_upgrade are non-world-readable (Tom Lane, Noah Misch)
restricts its temporary files to be readable and writable
only by the calling user. But the temporary file
output would be group- or world-readable, or even
writable, if the user's
umask setting allows. In typical usage
on multi-user machines, the
umask and/or the working directory's
permissions would be tight enough to prevent problems;
but there may be people using pg_upgrade in scenarios where this
oversight would permit disclosure of database passwords
to unfriendly eyes. (CVE-2018-1053)
Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera)
In some cases
would fail to remove such tuples even though they are now
dead, leading to assorted data corruption scenarios.
Fix inadequate buffer locking in some LSN fetches (Jacob Champion, Asim Praveen, Ashwin Agrawal)
These errors could result in misbehavior under concurrent load. The potential consequences have not been characterized fully.
Fix incorrect query results from cases involving
flattening of subqueries whose outputs are used in
GROUPING SETS (Heikki
Avoid unnecessary failure in a query on an inheritance
tree that occurs concurrently with some child table being
removed from the tree by
TABLE NO INHERIT (Tom Lane)
Fix spurious deadlock failures when multiple sessions
CONCURRENTLY (Jeff Janes)
Fix failures when an inheritance tree contains foreign child tables (Etsuro Fujita)
A mix of regular and foreign tables in an inheritance
tree resulted in creation of incorrect plans for
DELETE queries. This led to visible
failures in some cases, notably when there are row-level
triggers on a foreign child table.
Repair failure with correlated sub-
VALUES inside a
LATERAL subquery (Tom Lane)
Fix “could not
devise a query plan for the given query”
planner failure for some cases involving nested
UNION ALL inside a lateral
subquery (Tom Lane)
Fix logical decoding to correctly clean up disk files for crashed transactions (Atsushi Torikoshi)
Logical decoding may spill WAL records to disk for transactions generating many WAL records. Normally these files are cleaned up after the transaction's commit or abort record arrives; but if no such record is ever seen, the removal code misbehaved.
Fix walsender timeout failure and failure to respond to interrupts when processing a large transaction (Petr Jelinek)
has_sequence_privilege() to support
WITH GRANT OPTION tests, as
other privilege-testing functions do (Joe Conway)
In databases using UTF8 encoding, ignore any XML declaration that asserts a different encoding (Pavel Stehule, Noah Misch)
We always store XML strings in the database encoding,
so allowing libxml to act on a declaration of another
encoding gave wrong results. In encodings other than
UTF8, we don't promise to support non-ASCII XML data
anyway, so retain the previous behavior for bug
compatibility. This change affects only
xpath() and related functions; other
XML code paths already acted this way.
Provide for forward compatibility with future minor protocol versions (Robert Haas, Badrul Chowdhury)
Up to now, PostgreSQL servers simply rejected requests to use protocol versions newer than 3.0, so that there was no functional difference between the major and minor parts of the protocol version number. Allow clients to request versions 3.x without failing, sending back a message showing that the server only understands 3.0. This makes no difference at the moment, but back-patching this change should allow speedier introduction of future minor protocol upgrades.
Cope with failure to start a parallel worker process (Amit Kapila, Robert Haas)
Parallel query previously tended to hang indefinitely
if a worker could not be started, as the result of
fork() failure or other
Avoid unsafe alignment assumptions when working with
__int128 (Tom Lane)
Typically, compilers assume that
__int128 variables are aligned on 16-byte
boundaries, but our memory allocation infrastructure
isn't prepared to guarantee that, and increasing the
setting of MAXALIGN seems infeasible for multiple
reasons. Adjust the code to allow use of
__int128 only when we can tell the compiler
to assume lesser alignment. The only known symptom of
this problem so far is crashes in some parallel
Prevent stack-overflow crashes when planning extremely
deeply nested set operations (
EXCEPT) (Tom Lane)
Fix null-pointer crashes for some types of LDAP URLs
functions in the PL/pgSQL documentation (Yugo Nagata, Tom
These functions are stated to be Oracle® compatible, but they weren't exactly. In particular, there was a discrepancy in the interpretation of a negative third parameter: Oracle thinks that a negative value indicates the last place where the target substring can begin, whereas our functions took it as the last place where the target can end. Also, Oracle throws an error for a zero or negative fourth parameter, whereas our functions returned zero.
The sample code has been adjusted to match Oracle's behavior more precisely. Users who have copied this code into their applications may wish to update their copies.
Fix pg_dump to make ACL (permissions), comment, and security label entries reliably identifiable in archive output formats (Tom Lane)
The “tag” portion of an ACL archive
entry was usually just the name of the associated object.
Make it start with the object type instead, bringing ACLs
into line with the convention already used for comment
and security label archive entries. Also, fix the comment
and security label entries for the whole database, if
present, to make their tags start with
DATABASE so that they also follow this
convention. This prevents false matches in code that
tries to identify large-object-related entries by seeing
if the tag starts with
OBJECT. That could have resulted in misclassifying
entries as data rather than schema, with undesirable
results in a schema-only or data-only dump.
Note that this change has user-visible results in the
copy_file_range function to
avoid conflict with new Linux system call of that name
This change prevents build failures with newer glibc versions.
In ecpg, detect indicator arrays that do not have the correct length and report an error (David Rader)
Avoid triggering a libc assertion in
contrib/hstore, due to use of
memcpy() with equal source
and destination pointers (Tomas Vondra)
Provide modern examples of how to auto-start Postgres on macOS (Tom Lane)
The scripts in
infrastructure that's been deprecated for over a decade,
and which no longer works at all in macOS releases of the
last couple of years. Add a new subdirectory
scripts that use the newer launchd infrastructure.
Fix incorrect selection of configuration-specific libraries for OpenSSL on Windows (Andrew Dunstan)
Support linking to MinGW-built versions of libperl (Noah Misch)
This allows building PL/Perl with some common Perl distributions for Windows.
Fix MSVC build to test whether 32-bit libperl needs
Available Perl distributions are inconsistent about what they expect, and lack any reliable means of reporting it, so resort to a build-time test on what the library being used actually does.
On Windows, install the crash dump handler earlier in postmaster startup (Takayuki Tsunakawa)
This may allow collection of a core dump for some early-startup failures that did not produce a dump before.
On Windows, avoid encoding-conversion-related crashes when emitting messages very early in postmaster startup (Takayuki Tsunakawa)
Use our existing Motorola 68K spinlock code on OpenBSD as well as NetBSD (David Carlier)
Add support for spinlocks on Motorola 88K (David Carlier)
Update time zone data files to tzdata release 2018c for DST law
changes in Brazil, Sao Tome and Principe, plus historical
corrections for Bolivia, Japan, and South Sudan. The
US/Pacific-New zone has been
removed (it was only an alias for
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.