Release Date: 2014-07-24
This release contains a variety of fixes from 9.1.13. For information about new features in the 9.1 major release, see Section E.25.
A dump/restore is not required for those running 9.1.X.
However, this release corrects an index corruption problem in some GiST indexes. See the first changelog entry below to find out whether your installation has been affected and what steps you should take if so.
Also, if you are upgrading from a version earlier than 9.1.11, see Section E.14.
Correctly initialize padding bytes in contrib/btree_gist indexes on bit columns (Heikki Linnakangas)
This error could result in incorrect query results due to values that should compare equal not being seen as equal. Users with GiST indexes on bit or bit varying columns should REINDEX those indexes after installing this update.
Protect against torn pages when deleting GIN list pages (Heikki Linnakangas)
This fix prevents possible index corruption if a system crash occurs while the page update is being written to disk.
Don't clear the right-link of a GiST index page while replaying updates from WAL (Heikki Linnakangas)
This error could lead to transiently wrong answers from GiST index scans performed in Hot Standby.
Fix feedback status when hot_standby_feedback is turned off on-the-fly (Simon Riggs)
Fix possibly-incorrect cache invalidation during nested
Fix "could not find pathkey item to sort" planner failures with UNION ALL over subqueries reading from tables with inheritance children (Tom Lane)
Don't assume a subquery's output is unique if there's a set-returning function in its targetlist (David Rowley)
This oversight could lead to misoptimization of constructs like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP BY y).
Fix failure to detoast fields in composite elements of structured types (Tom Lane)
This corrects cases where TOAST pointers could be copied into other tables without being dereferenced. If the original data is later deleted, it would lead to errors like "missing chunk number 0 for toast value ..." when the now-dangling pointer is used.
Fix "record type has not been registered" failures with whole-row references to the output of Append plan nodes (Tom Lane)
Fix possible crash when invoking a user-defined function while rewinding a cursor (Tom Lane)
Fix query-lifespan memory leak while evaluating the arguments for a function in FROM (Tom Lane)
Fix session-lifespan memory leaks in regular-expression processing (Tom Lane, Arthur O'Dwyer, Greg Stark)
Fix data encoding error in hungarian.stop (Tom Lane)
Prevent foreign tables from being created with OIDS when default_with_oids is true (Etsuro Fujita)
Fix liveness checks for rows that were inserted in the current transaction and then deleted by a now-rolled-back subtransaction (Andres Freund)
This could cause problems (at least spurious warnings, and at worst an infinite loop) if CREATE INDEX or CLUSTER were done later in the same transaction.
Clear pg_stat_activity.xact_start during PREPARE TRANSACTION (Andres Freund)
After the PREPARE, the originating session is no longer in a transaction, so it should not continue to display a transaction start time.
Fix REASSIGN OWNED to not fail for text search objects (Álvaro Herrera)
Block signals during postmaster startup (Tom Lane)
This ensures that the postmaster will properly clean up after itself if, for example, it receives SIGINT while still starting up.
Fix client host name lookup when processing pg_hba.conf entries that specify host names instead of IP addresses (Tom Lane)
Ensure that reverse-DNS lookup failures are reported, instead of just silently not matching such entries. Also ensure that we make only one reverse-DNS lookup attempt per connection, not one per host name entry, which is what previously happened if the lookup attempts failed.
Secure Unix-domain sockets of temporary postmasters started during make check (Noah Misch)
Any local user able to access the socket file could connect as the server's bootstrap superuser, then proceed to execute arbitrary code as the operating-system user running the test, as we previously noted in CVE-2014-0067. This change defends against that risk by placing the server's socket in a temporary, mode 0700 subdirectory of /tmp. The hazard remains however on platforms where Unix sockets are not supported, notably Windows, because then the temporary postmaster must accept local TCP connections.
A useful side effect of this change is to simplify make check testing in builds that override DEFAULT_PGSOCKET_DIR. Popular non-default values like /var/run/postgresql are often not writable by the build user, requiring workarounds that will no longer be necessary.
Fix tablespace creation WAL replay to work on Windows (MauMau)
Fix detection of socket creation failures on Windows (Bruce Momjian)
On Windows, allow new sessions to absorb values of PGC_BACKEND parameters (such as log_connections) from the configuration file (Amit Kapila)
Previously, if such a parameter were changed in the file post-startup, the change would have no effect.
Properly quote executable path names on Windows (Nikhil Deshpande)
This oversight could cause initdb and pg_upgrade to fail on Windows, if the installation path contained both spaces and @ signs.
Fix linking of libpython on macOS (Tom Lane)
The method we previously used can fail with the Python library supplied by Xcode 5.0 and later.
Avoid buffer bloat in libpq when the server consistently sends data faster than the client can absorb it (Shin-ichi Morita, Tom Lane)
libpq could be coerced
into enlarging its input buffer until it runs out of memory
(which would be reported misleadingly as "lost synchronization with server"). Under
ordinary circumstances it's quite far-fetched that data
could be continuously transmitted more quickly than the
recv() loop can absorb it,
but this has been observed when the client is artificially
slowed by scheduler constraints.
Ensure that LDAP lookup attempts in libpq time out as intended (Laurenz Albe)
Fix ecpg to do the right thing when an array of char * is the target for a FETCH statement returning more than one row, as well as some other array-handling fixes (Ashutosh Bapat)
Fix pg_restore's processing of old-style large object comments (Tom Lane)
A direct-to-database restore from an archive file generated by a pre-9.0 version of pg_dump would usually fail if the archive contained more than a few comments for large objects.
In contrib/pgcrypto functions, ensure sensitive information is cleared from stack variables before returning (Marko Kreen)
In contrib/uuid-ossp, cache the state of the OSSP UUID library across calls (Tom Lane)
This improves the efficiency of UUID generation and reduces the amount of entropy drawn from /dev/urandom, on platforms that have that.
Update time zone data files to tzdata release 2014e for DST law changes in Crimea, Egypt, and Morocco.