Release date: 2018-02-08
This release contains a variety of fixes from 9.6.6. For information about new features in the 9.6 major release, see Section E.25.
A dump/restore is not required for those running 9.6.X.
However, if you use contrib/cube's ~> operator, see the entry below about that.
Also, if you are upgrading from a version earlier than 9.6.6, see Section E.19.
Ensure that all temporary files made by pg_upgrade are non-world-readable (Tom Lane, Noah Misch)
pg_upgrade normally restricts its temporary files to be readable and writable only by the calling user. But the temporary file containing pg_dumpall -g output would be group- or world-readable, or even writable, if the user's umask setting allows. In typical usage on multi-user machines, the umask and/or the working directory's permissions would be tight enough to prevent problems; but there may be people using pg_upgrade in scenarios where this oversight would permit disclosure of database passwords to unfriendly eyes. (CVE-2018-1053)
Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera)
In some cases VACUUM would fail to remove such tuples even though they are now dead, leading to assorted data corruption scenarios.
Ensure that vacuum will always clean up the pending-insertions list of a GIN index (Masahiko Sawada)
This is necessary to ensure that dead index entries get removed. The old code got it backwards, allowing vacuum to skip the cleanup if some other process were running cleanup concurrently, thus risking invalid entries being left behind in the index.
Fix inadequate buffer locking in some LSN fetches (Jacob Champion, Asim Praveen, Ashwin Agrawal)
These errors could result in misbehavior under concurrent load. The potential consequences have not been characterized fully.
Fix incorrect query results from cases involving flattening of subqueries whose outputs are used in GROUPING SETS (Heikki Linnakangas)
Avoid unnecessary failure in a query on an inheritance tree that occurs concurrently with some child table being removed from the tree by ALTER TABLE NO INHERIT (Tom Lane)
Fix spurious deadlock failures when multiple sessions are running CREATE INDEX CONCURRENTLY (Jeff Janes)
Fix failures when an inheritance tree contains foreign child tables (Etsuro Fujita)
A mix of regular and foreign tables in an inheritance tree resulted in creation of incorrect plans for UPDATE and DELETE queries. This led to visible failures in some cases, notably when there are row-level triggers on a foreign child table.
Repair failure with correlated sub-SELECT inside VALUES inside a LATERAL subquery (Tom Lane)
Fix "could not devise a query plan for the given query" planner failure for some cases involving nested UNION ALL inside a lateral subquery (Tom Lane)
Fix logical decoding to correctly clean up disk files for crashed transactions (Atsushi Torikoshi)
Logical decoding may spill WAL records to disk for transactions generating many WAL records. Normally these files are cleaned up after the transaction's commit or abort record arrives; but if no such record is ever seen, the removal code misbehaved.
Fix walsender timeout failure and failure to respond to interrupts when processing a large transaction (Petr Jelinek)
has_sequence_privilege() to support WITH GRANT OPTION tests, as other privilege-testing functions do (Joe Conway)
In databases using UTF8 encoding, ignore any XML declaration that asserts a different encoding (Pavel Stehule, Noah Misch)
We always store XML strings in the database encoding, so allowing libxml to act on a declaration of another encoding gave wrong results. In encodings other than UTF8, we don't promise to support non-ASCII XML data anyway, so retain the previous behavior for bug compatibility. This change affects only
xpath() and related functions; other XML code paths already acted this way.
Provide for forward compatibility with future minor protocol versions (Robert Haas, Badrul Chowdhury)
Up to now, PostgreSQL servers simply rejected requests to use protocol versions newer than 3.0, so that there was no functional difference between the major and minor parts of the protocol version number. Allow clients to request versions 3.x without failing, sending back a message showing that the server only understands 3.0. This makes no difference at the moment, but back-patching this change should allow speedier introduction of future minor protocol upgrades.
Cope with failure to start a parallel worker process (Amit Kapila, Robert Haas)
Parallel query previously tended to hang indefinitely if a worker could not be started, as the result of fork() failure or other low-probability problems.
Fix collection of EXPLAIN statistics from parallel workers (Amit Kapila, Thomas Munro)
Avoid unsafe alignment assumptions when working with __int128 (Tom Lane)
Typically, compilers assume that __int128 variables are aligned on 16-byte boundaries, but our memory allocation infrastructure isn't prepared to guarantee that, and increasing the setting of MAXALIGN seems infeasible for multiple reasons. Adjust the code to allow use of __int128 only when we can tell the compiler to assume lesser alignment. The only known symptom of this problem so far is crashes in some parallel aggregation queries.
Prevent stack-overflow crashes when planning extremely deeply nested set operations (UNION/INTERSECT/EXCEPT) (Tom Lane)
Fix null-pointer crashes for some types of LDAP URLs appearing in pg_hba.conf (Thomas Munro)
INSTR() functions in the PL/pgSQL documentation (Yugo Nagata, Tom Lane)
These functions are stated to be Oracle® compatible, but they weren't exactly. In particular, there was a discrepancy in the interpretation of a negative third parameter: Oracle thinks that a negative value indicates the last place where the target substring can begin, whereas our functions took it as the last place where the target can end. Also, Oracle throws an error for a zero or negative fourth parameter, whereas our functions returned zero.
The sample code has been adjusted to match Oracle's behavior more precisely. Users who have copied this code into their applications may wish to update their copies.
Fix pg_dump to make ACL (permissions), comment, and security label entries reliably identifiable in archive output formats (Tom Lane)
The "tag" portion of an ACL archive entry was usually just the name of the associated object. Make it start with the object type instead, bringing ACLs into line with the convention already used for comment and security label archive entries. Also, fix the comment and security label entries for the whole database, if present, to make their tags start with DATABASE so that they also follow this convention. This prevents false matches in code that tries to identify large-object-related entries by seeing if the tag starts with LARGE OBJECT. That could have resulted in misclassifying entries as data rather than schema, with undesirable results in a schema-only or data-only dump.
Note that this change has user-visible results in the output of pg_restore --list.
copy_file_range function to avoid conflict with new Linux system call of that name (Andres Freund)
This change prevents build failures with newer glibc versions.
In ecpg, detect indicator arrays that do not have the correct length and report an error (David Rader)
Change the behavior of contrib/cube's cube ~> int operator to make it compatible with KNN search (Alexander Korotkov)
The meaning of the second argument (the dimension selector) has been changed to make it predictable which value is selected even when dealing with cubes of varying dimensionalities.
This is an incompatible change, but since the point of the operator was to be used in KNN searches, it seems rather useless as-is. After installing this update, any expression indexes or materialized views using this operator will need to be reindexed/refreshed.
Avoid triggering a libc assertion in contrib/hstore, due to use of
memcpy() with equal source and destination pointers (Tomas Vondra)
Fix incorrect display of tuples' null bitmaps in contrib/pageinspect (Maksim Milyutin)
In contrib/postgres_fdw, avoid "outer pathkeys do not match mergeclauses" planner error when constructing a plan involving a remote join (Robert Haas)
Provide modern examples of how to auto-start Postgres on macOS (Tom Lane)
The scripts in contrib/start-scripts/osx use infrastructure that's been deprecated for over a decade, and which no longer works at all in macOS releases of the last couple of years. Add a new subdirectory contrib/start-scripts/macos containing scripts that use the newer launchd infrastructure.
Fix incorrect selection of configuration-specific libraries for OpenSSL on Windows (Andrew Dunstan)
Support linking to MinGW-built versions of libperl (Noah Misch)
This allows building PL/Perl with some common Perl distributions for Windows.
Fix MSVC build to test whether 32-bit libperl needs -D_USE_32BIT_TIME_T (Noah Misch)
Available Perl distributions are inconsistent about what they expect, and lack any reliable means of reporting it, so resort to a build-time test on what the library being used actually does.
On Windows, install the crash dump handler earlier in postmaster startup (Takayuki Tsunakawa)
This may allow collection of a core dump for some early-startup failures that did not produce a dump before.
On Windows, avoid encoding-conversion-related crashes when emitting messages very early in postmaster startup (Takayuki Tsunakawa)
Use our existing Motorola 68K spinlock code on OpenBSD as well as NetBSD (David Carlier)
Add support for spinlocks on Motorola 88K (David Carlier)
Update time zone data files to tzdata release 2018c for DST law changes in Brazil, Sao Tome and Principe, plus historical corrections for Bolivia, Japan, and South Sudan. The US/Pacific-New zone has been removed (it was only an alias for America/Los_Angeles anyway).