Release date: 2016-03-31
This release contains a variety of fixes from 9.5.1. For information about new features in the 9.5 major release, see Section E.20.
A dump/restore is not required for those running 9.5.X.
However, you may need to REINDEX
some indexes after applying
the update, as per the first changelog entry below.
Disable abbreviated keys for string sorting in non-C
locales (Robert Haas)
PostgreSQL 9.5 introduced logic for speeding up
comparisons of string data types by using the standard C library
function strxfrm()
as a substitute
for strcoll()
. It now emerges that most versions of
glibc (Linux's implementation of the C library) have buggy
implementations of strxfrm()
that, in some locales,
can produce string comparison results that do not
match strcoll()
. Until this problem can be better
characterized, disable the optimization in all non-C
locales. (C
locale is safe since it uses
neither strcoll()
nor strxfrm()
.)
Unfortunately, this problem affects not only sorting but also entry
ordering in B-tree indexes, which means that B-tree indexes
on text
, varchar
, or char
columns may now
be corrupt if they sort according to an affected locale and were
built or modified under PostgreSQL 9.5.0 or 9.5.1.
Users should REINDEX
indexes that might be affected.
It is not possible at this time to give an exhaustive list of
known-affected locales. C
locale is known safe, and
there is no evidence of trouble in English-based locales such
as en_US
, but some other popular locales such
as de_DE
are affected in most glibc versions.
Maintain row-security status properly in cached plans (Stephen Frost)
In a session that performs queries as more than one role, the plan cache might incorrectly re-use a plan that was generated for another role ID, thus possibly applying the wrong set of policies when row-level security (RLS) is in use. (CVE-2016-2193)
Add must-be-superuser checks to some
new contrib/pageinspect
functions (Andreas Seltenreich)
Most functions in the pageinspect
extension that
inspect bytea
values disallow calls by non-superusers,
but brin_page_type()
and brin_metapage_info()
failed to do so. Passing contrived bytea
values to them might
crash the server or disclose a few bytes of server memory. Add the
missing permissions checks to prevent misuse.
(CVE-2016-3065)
Fix incorrect handling of indexed ROW()
comparisons
(Simon Riggs)
Flaws in a minor optimization introduced in 9.5 caused incorrect
results if the ROW()
comparison matches the index ordering
partially but not exactly (for example, differing column order, or the
index contains both ASC
and DESC
columns).
Pending a better solution, the optimization has been removed.
Fix incorrect handling of NULL index entries in
indexed ROW()
comparisons (Tom Lane)
An index search using a row comparison such as ROW(a, b) >
ROW('x', 'y')
would stop upon reaching a NULL entry in
the b
column, ignoring the fact that there might be
non-NULL b
values associated with later values
of a
.
Avoid unlikely data-loss scenarios due to renaming files without
adequate fsync()
calls before and after (Michael Paquier,
Tomas Vondra, Andres Freund)
Fix incorrect behavior when rechecking a just-modified row in a query
that does SELECT FOR UPDATE/SHARE
and contains some
relations that need not be locked (Tom Lane)
Rows from non-locked relations were incorrectly treated as containing
all NULLs during the recheck, which could result in incorrectly
deciding that the updated row no longer passes the WHERE
condition, or in incorrectly outputting NULLs.
Fix bug in json_to_record()
when a field of its input
object contains a sub-object with a field name matching one of the
requested output column names (Tom Lane)
Fix nonsense result from two-argument form
of jsonb_object()
when called with empty arrays
(Michael Paquier, Andrew Dunstan)
Fix misbehavior in jsonb_set()
when converting a path
array element into an integer for use as an array subscript
(Michael Paquier)
Fix misformatting of negative time zone offsets
by to_char()
's OF
format code
(Thomas Munro, Tom Lane)
Fix possible incorrect logging of waits done by
INSERT ... ON CONFLICT
(Peter Geoghegan)
Log messages would sometimes claim that the wait was due to an exclusion constraint although no such constraint was responsible.
Ignore recovery_min_apply_delay parameter until recovery has reached a consistent state (Michael Paquier)
Previously, standby servers would delay application of WAL records in
response to recovery_min_apply_delay
even while replaying
the initial portion of WAL needed to make their database state valid.
Since the standby is useless until it's reached a consistent database
state, this was deemed unhelpful.
Correctly handle cases where pg_subtrans
is close to XID
wraparound during server startup (Jeff Janes)
Fix assorted bugs in logical decoding (Andres Freund)
Trouble cases included tuples larger than one page when replica
identity is FULL
, UPDATE
s that change a
primary key within a transaction large enough to be spooled to disk,
incorrect reports of “subxact logged without previous toplevel
record”, and incorrect reporting of a transaction's commit time.
Fix planner error with nested security barrier views when the outer
view has a WHERE
clause containing a correlated subquery
(Dean Rasheed)
Fix memory leak in GIN index searches (Tom Lane)
Fix corner-case crash due to trying to free localeconv()
output strings more than once (Tom Lane)
Fix parsing of affix files for ispell
dictionaries
(Tom Lane)
The code could go wrong if the affix file contained any characters
whose byte length changes during case-folding, for
example I
in Turkish UTF8 locales.
Avoid use of sscanf()
to parse ispell
dictionary files (Artur Zakirov)
This dodges a portability problem on FreeBSD-derived platforms (including macOS).
Fix atomic-operations code used on PPC with IBM's xlc compiler (Noah Misch)
This error led to rare failures of concurrent operations on that platform.
Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an AVX2-capable CPU and a Postgres build done with Visual Studio 2013 (Christian Ullrich)
This is a workaround for a bug in Visual Studio 2013's runtime library, which Microsoft have stated they will not fix in that version.
Fix psql's tab completion logic to handle multibyte characters properly (Kyotaro Horiguchi, Robert Haas)
Fix psql's tab completion for
SECURITY LABEL
(Tom Lane)
Pressing TAB after SECURITY LABEL
might cause a crash
or offering of inappropriate keywords.
Make pg_ctl accept a wait timeout from the
PGCTLTIMEOUT
environment variable, if none is specified on
the command line (Noah Misch)
This eases testing of slower buildfarm members by allowing them to globally specify a longer-than-normal timeout for postmaster startup and shutdown.
Fix incorrect test for Windows service status in pg_ctl (Manuel Mathar)
The previous set of minor releases attempted to fix pg_ctl to properly determine whether to send log messages to Window's Event Log, but got the test backwards.
Fix pgbench to correctly handle the combination
of -C
and -M prepared
options (Tom Lane)
In pg_upgrade, skip creating a deletion script when the new data directory is inside the old data directory (Bruce Momjian)
Blind application of the script in such cases would result in loss of the new data directory.
In PL/Perl, properly translate empty Postgres arrays into empty Perl arrays (Alex Hunsaker)
Make PL/Python cope with function names that aren't valid Python identifiers (Jim Nasby)
Fix multiple mistakes in the statistics returned
by contrib/pgstattuple
's pgstatindex()
function (Tom Lane)
Remove dependency on psed
in MSVC builds, since it's no
longer provided by core Perl (Michael Paquier, Andrew Dunstan)
Update time zone data files to tzdata release 2016c for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus historical corrections for Lithuania, Moldova, and Russia (Kaliningrad, Samara, Volgograd).