<!-- doc/src/sgml/release-9.3.sgml -->
<!-- See header comment in release.sgml about typical markup -->
+ <sect1 id="release-9-3-17">
+ <title>Release 9.3.17</title>
+
+ <note>
+ <title>Release Date</title>
+ <simpara>2017-05-11</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 9.3.16.
+ For information about new features in the 9.3 major release, see
+ <xref linkend="release-9-3">.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 9.3.17</title>
+
+ <para>
+ A dump/restore is not required for those running 9.3.X.
+ </para>
+
+ <para>
+ However, if you are upgrading from a version earlier than 9.3.16,
+ see <xref linkend="release-9-3-16">.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Fix possible corruption of <quote>init forks</> of unlogged indexes
+ (Robert Haas, Michael Paquier)
+ </para>
+
+ <para>
+ This could result in an unlogged index being set to an invalid state
+ after a crash and restart. Such a problem would persist until the
+ index was dropped and rebuilt.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix incorrect reconstruction of <structname>pg_subtrans</> entries
+ when a standby server replays a prepared but uncommitted two-phase
+ transaction (Tom Lane)
+ </para>
+
+ <para>
+ In most cases this turned out to have no visible ill effects, but in
+ corner cases it could result in circular references
+ in <structname>pg_subtrans</>, potentially causing infinite loops
+ in queries that examine rows modified by the two-phase transaction.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure parsing of queries in extension scripts sees the results of
+ immediately-preceding DDL (Julien Rouhaud, Tom Lane)
+ </para>
+
+ <para>
+ Due to lack of a cache flush step between commands in an extension
+ script file, non-utility queries might not see the effects of an
+ immediately preceding catalog change, such as <command>ALTER TABLE
+ ... RENAME</>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Skip tablespace privilege checks when <command>ALTER TABLE ... ALTER
+ COLUMN TYPE</> rebuilds an existing index (Noah Misch)
+ </para>
+
+ <para>
+ The command failed if the calling user did not currently have
+ <literal>CREATE</> privilege for the tablespace containing the index.
+ That behavior seems unhelpful, so skip the check, allowing the
+ index to be rebuilt where it is.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>ALTER TABLE ... VALIDATE CONSTRAINT</> to not recurse
+ to child tables when the constraint is marked <literal>NO INHERIT</>
+ (Amit Langote)
+ </para>
+
+ <para>
+ This fix prevents unwanted <quote>constraint does not exist</> failures
+ when no matching constraint is present in the child tables.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>VACUUM</> to account properly for pages that could not
+ be scanned due to conflicting page pins (Andrew Gierth)
+ </para>
+
+ <para>
+ This tended to lead to underestimation of the number of tuples in
+ the table. In the worst case of a small heavily-contended
+ table, <command>VACUUM</> could incorrectly report that the table
+ contained no tuples, leading to very bad planning choices.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that bulk-tuple-transfer loops within a hash join are
+ interruptible by query cancel requests (Tom Lane, Thomas Munro)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <function>cursor_to_xml()</> to produce valid output
+ with <replaceable>tableforest</> = false
+ (Thomas Munro, Peter Eisentraut)
+ </para>
+
+ <para>
+ Previously it failed to produce a wrapping <literal><table></>
+ element.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Improve performance of <structname>pg_timezone_names</> view
+ (Tom Lane, David Rowley)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix sloppy handling of corner-case errors from <function>lseek()</>
+ and <function>close()</> (Tom Lane)
+ </para>
+
+ <para>
+ Neither of these system calls are likely to fail in typical situations,
+ but if they did, <filename>fd.c</> could get quite confused.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix incorrect check for whether postmaster is running as a Windows
+ service (Michael Paquier)
+ </para>
+
+ <para>
+ This could result in attempting to write to the event log when that
+ isn't accessible, so that no logging happens at all.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>ecpg</> to support <command>COMMIT PREPARED</>
+ and <command>ROLLBACK PREPARED</> (Masahiko Sawada)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix a double-free error when processing dollar-quoted string literals
+ in <application>ecpg</> (Michael Meskes)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>pg_dump</>, fix incorrect schema and owner marking for
+ comments and security labels of some types of database objects
+ (Giuseppe Broccolo, Tom Lane)
+ </para>
+
+ <para>
+ In simple cases this caused no ill effects; but for example, a
+ schema-selective restore might omit comments it should include, because
+ they were not marked as belonging to the schema of their associated
+ object.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid emitting an invalid list file in <literal>pg_restore -l</>
+ when SQL object names contain newlines (Tom Lane)
+ </para>
+
+ <para>
+ Replace newlines by spaces, which is sufficient to make the output
+ valid for <literal>pg_restore -L</>'s purposes.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>pg_upgrade</> to transfer comments and security labels
+ attached to <quote>large objects</> (blobs) (Stephen Frost)
+ </para>
+
+ <para>
+ Previously, blobs were correctly transferred to the new database, but
+ any comments or security labels attached to them were lost.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Improve error handling
+ in <filename>contrib/adminpack</>'s <function>pg_file_write()</>
+ function (Noah Misch)
+ </para>
+
+ <para>
+ Notably, it failed to detect errors reported
+ by <function>fclose()</>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <filename>contrib/dblink</>, avoid leaking the previous unnamed
+ connection when establishing a new unnamed connection (Joe Conway)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <filename>contrib/pg_trgm</>'s extraction of trigrams from regular
+ expressions (Tom Lane)
+ </para>
+
+ <para>
+ In some cases it would produce a broken data structure that could never
+ match anything, leading to GIN or GiST indexscans that use a trigram
+ index not finding any matches to the regular expression.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <filename>contrib/postgres_fdw</>,
+ transmit query cancellation requests to the remote server
+ (Michael Paquier, Etsuro Fujita)
+ </para>
+
+ <para>
+ Previously, a local query cancellation request did not cause an
+ already-sent remote query to terminate early. This is a back-patch
+ of work originally done for 9.6.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Support OpenSSL 1.1.0 (Heikki Linnakangas, Andreas Karlsson, Tom Lane)
+ </para>
+
+ <para>
+ This is a back-patch of work previously done in newer branches;
+ it's needed since many platforms are adopting newer OpenSSL versions.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Support Tcl 8.6 in MSVC builds (Álvaro Herrera)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Sync our copy of the timezone library with IANA release tzcode2017b
+ (Tom Lane)
+ </para>
+
+ <para>
+ This fixes a bug affecting some DST transitions in January 2038.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</> release 2017b
+ for DST law changes in Chile, Haiti, and Mongolia, plus historical
+ corrections for Ecuador, Kazakhstan, Liberia, and Spain.
+ Switch to numeric abbreviations for numerous time zones in South
+ America, the Pacific and Indian oceans, and some Asian and Middle
+ Eastern countries.
+ </para>
+
+ <para>
+ The IANA time zone database previously provided textual abbreviations
+ for all time zones, sometimes making up abbreviations that have little
+ or no currency among the local population. They are in process of
+ reversing that policy in favor of using numeric UTC offsets in zones
+ where there is no evidence of real-world use of an English
+ abbreviation. At least for the time being, <productname>PostgreSQL</>
+ will continue to accept such removed abbreviations for timestamp input.
+ But they will not be shown in the <structname>pg_timezone_names</>
+ view nor used for output.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Use correct daylight-savings rules for POSIX-style time zone names
+ in MSVC builds (David Rowley)
+ </para>
+
+ <para>
+ The Microsoft MSVC build scripts neglected to install
+ the <filename>posixrules</> file in the timezone directory tree.
+ This resulted in the timezone code falling back to its built-in
+ rule about what DST behavior to assume for a POSIX-style time zone
+ name. For historical reasons that still corresponds to the DST rules
+ the USA was using before 2007 (i.e., change on first Sunday in April
+ and last Sunday in October). With this fix, a POSIX-style zone name
+ will use the current and historical DST transition dates of
+ the <literal>US/Eastern</> zone. If you don't want that, remove
+ the <filename>posixrules</> file, or replace it with a copy of some
+ other zone file (see <xref linkend="datatype-timezones">). Note that
+ due to caching, you may need to restart the server to get such changes
+ to take effect.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="release-9-3-16">
+ <title>Release 9.3.16</title>
+
+ <note>
+ <title>Release Date</title>
+ <simpara>2017-02-09</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 9.3.15.
+ For information about new features in the 9.3 major release, see
+ <xref linkend="release-9-3">.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 9.3.16</title>
+
+ <para>
+ A dump/restore is not required for those running 9.3.X.
+ </para>
+
+ <para>
+ However, if your installation has been affected by the bug described in
+ the first changelog entry below, then after updating you may need
+ to take action to repair corrupted indexes.
+ </para>
+
+ <para>
+ Also, if you are upgrading from a version earlier than 9.3.15,
+ see <xref linkend="release-9-3-15">.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Fix a race condition that could cause indexes built
+ with <command>CREATE INDEX CONCURRENTLY</> to be corrupt
+ (Pavan Deolasee, Tom Lane)
+ </para>
+
+ <para>
+ If <command>CREATE INDEX CONCURRENTLY</> was used to build an index
+ that depends on a column not previously indexed, then rows
+ updated by transactions that ran concurrently with
+ the <command>CREATE INDEX</> command could have received incorrect
+ index entries. If you suspect this may have happened, the most
+ reliable solution is to rebuild affected indexes after installing
+ this update.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Unconditionally WAL-log creation of the <quote>init fork</> for an
+ unlogged table (Michael Paquier)
+ </para>
+
+ <para>
+ Previously, this was skipped when <xref linkend="guc-wal-level">
+ = <literal>minimal</>, but actually it's necessary even in that case
+ to ensure that the unlogged table is properly reset to empty after a
+ crash.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ If the stats collector dies during hot standby, restart it (Takayuki
+ Tsunakawa)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that hot standby feedback works correctly when it's enabled at
+ standby server start (Ants Aasma, Craig Ringer)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Check for interrupts while hot standby is waiting for a conflicting
+ query (Simon Riggs)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid constantly respawning the autovacuum launcher in a corner case
+ (Amit Khandekar)
+ </para>
+
+ <para>
+ This fix avoids problems when autovacuum is nominally off and there
+ are some tables that require freezing, but all such tables are
+ already being processed by autovacuum workers.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix check for when an extension member object can be dropped (Tom Lane)
+ </para>
+
+ <para>
+ Extension upgrade scripts should be able to drop member objects,
+ but this was disallowed for serial-column sequences, and possibly
+ other cases.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make sure <command>ALTER TABLE</> preserves index tablespace
+ assignments when rebuilding indexes (Tom Lane, Michael Paquier)
+ </para>
+
+ <para>
+ Previously, non-default settings
+ of <xref linkend="guc-default-tablespace"> could result in broken
+ indexes.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent dropping a foreign-key constraint if there are pending
+ trigger events for the referenced relation (Tom Lane)
+ </para>
+
+ <para>
+ This avoids <quote>could not find trigger <replaceable>NNN</></quote>
+ or <quote>relation <replaceable>NNN</> has no triggers</quote> errors.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix processing of OID column when a table with OIDs is associated to
+ a parent with OIDs via <command>ALTER TABLE ... INHERIT</> (Amit
+ Langote)
+ </para>
+
+ <para>
+ The OID column should be treated the same as regular user columns in
+ this case, but it wasn't, leading to odd behavior in later
+ inheritance changes.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Report correct object identity during <command>ALTER TEXT SEARCH
+ CONFIGURATION</> (Artur Zakirov)
+ </para>
+
+ <para>
+ The wrong catalog OID was reported to extensions such as logical
+ decoding.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Check for serializability conflicts before reporting
+ constraint-violation failures (Thomas Munro)
+ </para>
+
+ <para>
+ When using serializable transaction isolation, it is desirable
+ that any error due to concurrent transactions should manifest
+ as a serialization failure, thereby cueing the application that
+ a retry might succeed. Unfortunately, this does not reliably
+ happen for duplicate-key failures caused by concurrent insertions.
+ This change ensures that such an error will be reported as a
+ serialization error if the application explicitly checked for
+ the presence of a conflicting key (and did not find it) earlier
+ in the transaction.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent multicolumn expansion of <replaceable>foo</><literal>.*</> in
+ an <command>UPDATE</> source expression (Tom Lane)
+ </para>
+
+ <para>
+ This led to <quote>UPDATE target count mismatch --- internal
+ error</>. Now the syntax is understood as a whole-row variable,
+ as it would be in other contexts.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that column typmods are determined accurately for
+ multi-row <literal>VALUES</> constructs (Tom Lane)
+ </para>
+
+ <para>
+ This fixes problems occurring when the first value in a column has a
+ determinable typmod (e.g., length for a <type>varchar</> value) but
+ later values don't share the same limit.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Throw error for an unfinished Unicode surrogate pair at the end of a
+ Unicode string (Tom Lane)
+ </para>
+
+ <para>
+ Normally, a Unicode surrogate leading character must be followed by a
+ Unicode surrogate trailing character, but the check for this was
+ missed if the leading character was the last character in a Unicode
+ string literal (<literal>U&'...'</>) or Unicode identifier
+ (<literal>U&"..."</>).
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that a purely negative text search query, such
+ as <literal>!foo</>, matches empty <type>tsvector</>s (Tom Dunstan)
+ </para>
+
+ <para>
+ Such matches were found by GIN index searches, but not by sequential
+ scans or GiST index searches.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent crash when <function>ts_rewrite()</> replaces a non-top-level
+ subtree with an empty query (Artur Zakirov)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix performance problems in <function>ts_rewrite()</> (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <function>ts_rewrite()</>'s handling of nested NOT operators
+ (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <function>array_fill()</> to handle empty arrays properly (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix one-byte buffer overrun in <function>quote_literal_cstr()</>
+ (Heikki Linnakangas)
+ </para>
+
+ <para>
+ The overrun occurred only if the input consisted entirely of single
+ quotes and/or backslashes.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent multiple calls of <function>pg_start_backup()</>
+ and <function>pg_stop_backup()</> from running concurrently (Michael
+ Paquier)
+ </para>
+
+ <para>
+ This avoids an assertion failure, and possibly worse things, if
+ someone tries to run these functions in parallel.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid discarding <type>interval</>-to-<type>interval</> casts
+ that aren't really no-ops (Tom Lane)
+ </para>
+
+ <para>
+ In some cases, a cast that should result in zeroing out
+ low-order <type>interval</> fields was mistakenly deemed to be a
+ no-op and discarded. An example is that casting from <type>INTERVAL
+ MONTH</> to <type>INTERVAL YEAR</> failed to clear the months field.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that cached plans are invalidated by changes in foreign-table
+ options (Amit Langote, Etsuro Fujita, Ashutosh Bapat)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>pg_dump</> to dump user-defined casts and transforms
+ that use built-in functions (Stephen Frost)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible <application>pg_basebackup</> failure on standby
+ server when including WAL files (Amit Kapila, Robert Haas)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that the Python exception objects we create for PL/Python are
+ properly reference-counted (Rafa de la Torre, Tom Lane)
+ </para>
+
+ <para>
+ This avoids failures if the objects are used after a Python garbage
+ collection cycle has occurred.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix PL/Tcl to support triggers on tables that have <literal>.tupno</>
+ as a column name (Tom Lane)
+ </para>
+
+ <para>
+ This matches the (previously undocumented) behavior of
+ PL/Tcl's <command>spi_exec</> and <command>spi_execp</> commands,
+ namely that a magic <literal>.tupno</> column is inserted only if
+ there isn't a real column named that.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Allow DOS-style line endings in <filename>~/.pgpass</> files,
+ even on Unix (Vik Fearing)
+ </para>
+
+ <para>
+ This change simplifies use of the same password file across Unix and
+ Windows machines.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix one-byte buffer overrun if <application>ecpg</> is given a file
+ name that ends with a dot (Takayuki Tsunakawa)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>psql</>'s tab completion for <command>ALTER DEFAULT
+ PRIVILEGES</> (Gilles Darold, Stephen Frost)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>psql</>, treat an empty or all-blank setting of
+ the <envar>PAGER</> environment variable as meaning <quote>no
+ pager</> (Tom Lane)
+ </para>
+
+ <para>
+ Previously, such a setting caused output intended for the pager to
+ vanish entirely.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Improve <filename>contrib/dblink</>'s reporting of
+ low-level <application>libpq</> errors, such as out-of-memory
+ (Joe Conway)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Teach <filename>contrib/dblink</> to ignore irrelevant server options
+ when it uses a <filename>contrib/postgres_fdw</> foreign server as
+ the source of connection options (Corey Huinker)
+ </para>
+
+ <para>
+ Previously, if the foreign server object had options that were not
+ also <application>libpq</> connection options, an error occurred.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ On Windows, ensure that environment variable changes are propagated
+ to DLLs built with debug options (Christian Ullrich)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Sync our copy of the timezone library with IANA release tzcode2016j
+ (Tom Lane)
+ </para>
+
+ <para>
+ This fixes various issues, most notably that timezone data
+ installation failed if the target directory didn't support hard
+ links.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</> release 2016j
+ for DST law changes in northern Cyprus (adding a new zone
+ Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga,
+ and Antarctica/Casey.
+ Historical corrections for Italy, Kazakhstan, Malta, and Palestine.
+ Switch to preferring numeric zone abbreviations for Tonga.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="release-9-3-15">
+ <title>Release 9.3.15</title>
+
+ <note>
+ <title>Release Date</title>
+ <simpara>2016-10-27</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 9.3.14.
+ For information about new features in the 9.3 major release, see
+ <xref linkend="release-9-3">.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 9.3.15</title>
+
+ <para>
+ A dump/restore is not required for those running 9.3.X.
+ </para>
+
+ <para>
+ However, if your installation has been affected by the bug described in
+ the first changelog entry below, then after updating you may need
+ to take action to repair corrupted free space maps.
+ </para>
+
+ <para>
+ Also, if you are upgrading from a version earlier than 9.3.9,
+ see <xref linkend="release-9-3-9">.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Fix WAL-logging of truncation of relation free space maps and
+ visibility maps (Pavan Deolasee, Heikki Linnakangas)
+ </para>
+
+ <para>
+ It was possible for these files to not be correctly restored during
+ crash recovery, or to be written incorrectly on a standby server.
+ Bogus entries in a free space map could lead to attempts to access
+ pages that have been truncated away from the relation itself, typically
+ producing errors like <quote>could not read block <replaceable>XXX</>:
+ read only 0 of 8192 bytes</quote>. Checksum failures in the
+ visibility map are also possible, if checksumming is enabled.
+ </para>
+
+ <para>
+ Procedures for determining whether there is a problem and repairing it
+ if so are discussed at
+ <ulink url="https://wiki.postgresql.org/wiki/Free_Space_Map_Problems"></>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>SELECT FOR UPDATE/SHARE</> to correctly lock tuples that
+ have been updated by a subsequently-aborted transaction
+ (Álvaro Herrera)
+ </para>
+
+ <para>
+ In 9.5 and later, the <command>SELECT</> would sometimes fail to
+ return such tuples at all. A failure has not been proven to occur in
+ earlier releases, but might be possible with concurrent updates.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix EvalPlanQual rechecks involving CTE scans (Tom Lane)
+ </para>
+
+ <para>
+ The recheck would always see the CTE as returning no rows, typically
+ leading to failure to update rows that were recently updated.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix improper repetition of previous results from hashed aggregation in
+ a subquery (Andrew Gierth)
+ </para>
+
+ <para>
+ The test to see if we can reuse a previously-computed hash table of
+ the aggregate state values neglected the possibility of an outer query
+ reference appearing in an aggregate argument expression. A change in
+ the value of such a reference should lead to recalculating the hash
+ table, but did not.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>EXPLAIN</> to emit valid XML when
+ <xref linkend="guc-track-io-timing"> is on (Markus Winand)
+ </para>
+
+ <para>
+ Previously the XML output-format option produced syntactically invalid
+ tags such as <literal><I/O-Read-Time></>. That is now
+ rendered as <literal><I-O-Read-Time></>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Suppress printing of zeroes for unmeasured times
+ in <command>EXPLAIN</> (Maksim Milyutin)
+ </para>
+
+ <para>
+ Certain option combinations resulted in printing zero values for times
+ that actually aren't ever measured in that combination. Our general
+ policy in <command>EXPLAIN</> is not to print such fields at all, so
+ do that consistently in all cases.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix timeout length when <command>VACUUM</> is waiting for exclusive
+ table lock so that it can truncate the table (Simon Riggs)
+ </para>
+
+ <para>
+ The timeout was meant to be 50 milliseconds, but it was actually only
+ 50 microseconds, causing <command>VACUUM</> to give up on truncation
+ much more easily than intended. Set it to the intended value.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix bugs in merging inherited <literal>CHECK</> constraints while
+ creating or altering a table (Tom Lane, Amit Langote)
+ </para>
+
+ <para>
+ Allow identical <literal>CHECK</> constraints to be added to a parent
+ and child table in either order. Prevent merging of a valid
+ constraint from the parent table with a <literal>NOT VALID</>
+ constraint on the child. Likewise, prevent merging of a <literal>NO
+ INHERIT</> child constraint with an inherited constraint.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Remove artificial restrictions on the values accepted
+ by <function>numeric_in()</> and <function>numeric_recv()</>
+ (Tom Lane)
+ </para>
+
+ <para>
+ We allow numeric values up to the limit of the storage format (more
+ than <literal>1e100000</>), so it seems fairly pointless
+ that <function>numeric_in()</> rejected scientific-notation exponents
+ above 1000. Likewise, it was silly for <function>numeric_recv()</> to
+ reject more than 1000 digits in an input value.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid very-low-probability data corruption due to testing tuple
+ visibility without holding buffer lock (Thomas Munro, Peter Geoghegan,
+ Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix file descriptor leakage when truncating a temporary relation of
+ more than 1GB (Andres Freund)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Disallow starting a standalone backend with <literal>standby_mode</>
+ turned on (Michael Paquier)
+ </para>
+
+ <para>
+ This can't do anything useful, since there will be no WAL receiver
+ process to fetch more WAL data; and it could result in misbehavior
+ in code that wasn't designed with this situation in mind.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Don't try to share SSL contexts across multiple connections
+ in <application>libpq</> (Heikki Linnakangas)
+ </para>
+
+ <para>
+ This led to assorted corner-case bugs, particularly when trying to use
+ different SSL parameters for different connections.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid corner-case memory leak in <application>libpq</> (Tom Lane)
+ </para>
+
+ <para>
+ The reported problem involved leaking an error report
+ during <function>PQreset()</>, but there might be related cases.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make <application>ecpg</>'s <option>--help</> and <option>--version</>
+ options work consistently with our other executables (Haribabu Kommi)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>pg_dump</>, never dump range constructor functions
+ (Tom Lane)
+ </para>
+
+ <para>
+ This oversight led to <application>pg_upgrade</> failures with
+ extensions containing range types, due to duplicate creation of the
+ constructor functions.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>pg_xlogdump</>, retry opening new WAL segments when
+ using <option>--follow</> option (Magnus Hagander)
+ </para>
+
+ <para>
+ This allows for a possible delay in the server's creation of the next
+ segment.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>pg_xlogdump</> to cope with a WAL file that begins
+ with a continuation record spanning more than one page (Pavan
+ Deolasee)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <filename>contrib/intarray/bench/bench.pl</> to print the results
+ of the <command>EXPLAIN</> it does when given the <option>-e</> option
+ (Daniel Gustafsson)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update Windows time zone mapping to recognize some time zone names
+ added in recent Windows versions (Michael Paquier)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane)
+ </para>
+
+ <para>
+ If a dynamic time zone abbreviation does not match any entry in the
+ referenced time zone, treat it as equivalent to the time zone name.
+ This avoids unexpected failures when IANA removes abbreviations from
+ their time zone database, as they did in <application>tzdata</>
+ release 2016f and seem likely to do again in the future. The
+ consequences were not limited to not recognizing the individual
+ abbreviation; any mismatch caused
+ the <structname>pg_timezone_abbrevs</> view to fail altogether.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</> release 2016h
+ for DST law changes in Palestine and Turkey, plus historical
+ corrections for Turkey and some regions of Russia.
+ Switch to numeric abbreviations for some time zones in Antarctica,
+ the former Soviet Union, and Sri Lanka.
+ </para>
+
+ <para>
+ The IANA time zone database previously provided textual abbreviations
+ for all time zones, sometimes making up abbreviations that have little
+ or no currency among the local population. They are in process of
+ reversing that policy in favor of using numeric UTC offsets in zones
+ where there is no evidence of real-world use of an English
+ abbreviation. At least for the time being, <productname>PostgreSQL</>
+ will continue to accept such removed abbreviations for timestamp input.
+ But they will not be shown in the <structname>pg_timezone_names</>
+ view nor used for output.
+ </para>
+
+ <para>
+ In this update, <literal>AMT</> is no longer shown as being in use to
+ mean Armenia Time. Therefore, we have changed the <literal>Default</>
+ abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="release-9-3-14">
+ <title>Release 9.3.14</title>
+
+ <note>
+ <title>Release Date</title>
+ <simpara>2016-08-11</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 9.3.13.
+ For information about new features in the 9.3 major release, see
+ <xref linkend="release-9-3">.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 9.3.14</title>
+
+ <para>
+ A dump/restore is not required for those running 9.3.X.
+ </para>
+
+ <para>
+ However, if you are upgrading from a version earlier than 9.3.9,
+ see <xref linkend="release-9-3-9">.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Fix possible mis-evaluation of
+ nested <literal>CASE</>-<literal>WHEN</> expressions (Heikki
+ Linnakangas, Michael Paquier, Tom Lane)
+ </para>
+
+ <para>
+ A <literal>CASE</> expression appearing within the test value
+ subexpression of another <literal>CASE</> could become confused about
+ whether its own test value was null or not. Also, inlining of a SQL
+ function implementing the equality operator used by
+ a <literal>CASE</> expression could result in passing the wrong test
+ value to functions called within a <literal>CASE</> expression in the
+ SQL function's body. If the test values were of different data
+ types, a crash might result; moreover such situations could be abused
+ to allow disclosure of portions of server memory. (CVE-2016-5423)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix client programs' handling of special characters in database and
+ role names (Noah Misch, Nathan Bossart, Michael Paquier)
+ </para>
+
+ <para>
+ Numerous places in <application>vacuumdb</> and other client programs
+ could become confused by database and role names containing double
+ quotes or backslashes. Tighten up quoting rules to make that safe.
+ Also, ensure that when a conninfo string is used as a database name
+ parameter to these programs, it is correctly treated as such throughout.
+ </para>
+
+ <para>
+ Fix handling of paired double quotes
+ in <application>psql</>'s <command>\connect</>
+ and <command>\password</> commands to match the documentation.
+ </para>
+
+ <para>
+ Introduce a new <option>-reuse-previous</> option
+ in <application>psql</>'s <command>\connect</> command to allow
+ explicit control of whether to re-use connection parameters from a
+ previous connection. (Without this, the choice is based on whether
+ the database name looks like a conninfo string, as before.) This
+ allows secure handling of database names containing special
+ characters in <application>pg_dumpall</> scripts.
+ </para>
+
+ <para>
+ <application>pg_dumpall</> now refuses to deal with database and role
+ names containing carriage returns or newlines, as it seems impractical
+ to quote those characters safely on Windows. In future we may reject
+ such names on the server side, but that step has not been taken yet.
+ </para>
+
+ <para>
+ These are considered security fixes because crafted object names
+ containing special characters could have been used to execute
+ commands with superuser privileges the next time a superuser
+ executes <application>pg_dumpall</> or other routine maintenance
+ operations. (CVE-2016-5424)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix corner-case misbehaviors for <literal>IS NULL</>/<literal>IS NOT
+ NULL</> applied to nested composite values (Andrew Gierth, Tom Lane)
+ </para>
+
+ <para>
+ The SQL standard specifies that <literal>IS NULL</> should return
+ TRUE for a row of all null values (thus <literal>ROW(NULL,NULL) IS
+ NULL</> yields TRUE), but this is not meant to apply recursively
+ (thus <literal>ROW(NULL, ROW(NULL,NULL)) IS NULL</> yields FALSE).
+ The core executor got this right, but certain planner optimizations
+ treated the test as recursive (thus producing TRUE in both cases),
+ and <filename>contrib/postgres_fdw</> could produce remote queries
+ that misbehaved similarly.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make the <type>inet</> and <type>cidr</> data types properly reject
+ IPv6 addresses with too many colon-separated fields (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent crash in <function>close_ps()</>
+ (the <type>point</> <literal>##</> <type>lseg</> operator)
+ for NaN input coordinates (Tom Lane)
+ </para>
+
+ <para>
+ Make it return NULL instead of crashing.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash in <function>pg_get_expr()</> when inconsistent
+ values are passed to it (Michael Paquier, Thomas Munro)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix several one-byte buffer over-reads in <function>to_number()</>
+ (Peter Eisentraut)
+ </para>
+
+ <para>
+ In several cases the <function>to_number()</> function would read one
+ more character than it should from the input string. There is a
+ small chance of a crash, if the input happens to be adjacent to the
+ end of memory.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Do not run the planner on the query contained in <literal>CREATE
+ MATERIALIZED VIEW</> or <literal>CREATE TABLE AS</>
+ when <literal>WITH NO DATA</> is specified (Michael Paquier,
+ Tom Lane)
+ </para>
+
+ <para>
+ This avoids some unnecessary failure conditions, for example if a
+ stable function invoked by the materialized view depends on a table
+ that doesn't exist yet.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid unsafe intermediate state during expensive paths
+ through <function>heap_update()</> (Masahiko Sawada, Andres Freund)
+ </para>
+
+ <para>
+ Previously, these cases locked the target tuple (by setting its XMAX)
+ but did not WAL-log that action, thus risking data integrity problems
+ if the page were spilled to disk and then a database crash occurred
+ before the tuple update could be completed.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix hint bit update during WAL replay of row locking operations
+ (Andres Freund)
+ </para>
+
+ <para>
+ The only known consequence of this problem is that row locks held by
+ a prepared, but uncommitted, transaction might fail to be enforced
+ after a crash and restart.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid unnecessary <quote>could not serialize access</> errors when
+ acquiring <literal>FOR KEY SHARE</> row locks in serializable mode
+ (Álvaro Herrera)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid crash in <literal>postgres -C</> when the specified variable
+ has a null string value (Michael Paquier)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that backends see up-to-date statistics for shared catalogs
+ (Tom Lane)
+ </para>
+
+ <para>
+ The statistics collector failed to update the statistics file for
+ shared catalogs after a request from a regular backend. This problem
+ was partially masked because the autovacuum launcher regularly makes
+ requests that did cause such updates; however, it became obvious with
+ autovacuum disabled.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid redundant writes of the statistics files when multiple
+ backends request updates close together (Tom Lane, Tomas Vondra)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid consuming a transaction ID during <command>VACUUM</>
+ (Alexander Korotkov)
+ </para>
+
+ <para>
+ Some cases in <command>VACUUM</> unnecessarily caused an XID to be
+ assigned to the current transaction. Normally this is negligible,
+ but if one is up against the XID wraparound limit, consuming more
+ XIDs during anti-wraparound vacuums is a very bad thing.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid canceling hot-standby queries during <command>VACUUM FREEZE</>
+ (Simon Riggs, Álvaro Herrera)
+ </para>
+
+ <para>
+ <command>VACUUM FREEZE</> on an otherwise-idle master server could
+ result in unnecessary cancellations of queries on its standby
+ servers.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent possible failure when vacuuming multixact IDs in an
+ installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth,
+ Álvaro Herrera)
+ </para>
+
+ <para>
+ The usual symptom of this bug is errors
+ like <quote>MultiXactId <replaceable>NNN</> has not been created
+ yet -- apparent wraparound</quote>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ When a manual <command>ANALYZE</> specifies a column list, don't
+ reset the table's <literal>changes_since_analyze</> counter
+ (Tom Lane)
+ </para>
+
+ <para>
+ If we're only analyzing some columns, we should not prevent routine
+ auto-analyze from happening for the other columns.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>ANALYZE</>'s overestimation of <literal>n_distinct</>
+ for a unique or nearly-unique column with many null entries (Tom
+ Lane)
+ </para>
+
+ <para>
+ The nulls could get counted as though they were themselves distinct
+ values, leading to serious planner misestimates in some types of
+ queries.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent autovacuum from starting multiple workers for the same shared
+ catalog (Álvaro Herrera)
+ </para>
+
+ <para>
+ Normally this isn't much of a problem because the vacuum doesn't take
+ long anyway; but in the case of a severely bloated catalog, it could
+ result in all but one worker uselessly waiting instead of doing
+ useful work on other tables.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent infinite loop in GiST index build for geometric columns
+ containing NaN component values (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <filename>contrib/btree_gin</> to handle the smallest
+ possible <type>bigint</> value correctly (Peter Eisentraut)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Teach libpq to correctly decode server version from future servers
+ (Peter Eisentraut)
+ </para>
+
+ <para>
+ It's planned to switch to two-part instead of three-part server
+ version numbers for releases after 9.6. Make sure
+ that <function>PQserverVersion()</> returns the correct value for
+ such cases.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>ecpg</>'s code for <literal>unsigned long long</>
+ array elements (Michael Meskes)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>pg_dump</> with both <option>-c</> and <option>-C</>
+ options, avoid emitting an unwanted <literal>CREATE SCHEMA public</>
+ command (David Johnston, Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Improve handling of <systemitem>SIGTERM</>/control-C in
+ parallel <application>pg_dump</> and <application>pg_restore</> (Tom
+ Lane)
+ </para>
+
+ <para>
+ Make sure that the worker processes will exit promptly, and also arrange
+ to send query-cancel requests to the connected backends, in case they
+ are doing something long-running such as a <command>CREATE INDEX</>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix error reporting in parallel <application>pg_dump</>
+ and <application>pg_restore</> (Tom Lane)
+ </para>
+
+ <para>
+ Previously, errors reported by <application>pg_dump</>
+ or <application>pg_restore</> worker processes might never make it to
+ the user's console, because the messages went through the master
+ process, and there were various deadlock scenarios that would prevent
+ the master process from passing on the messages. Instead, just print
+ everything to <literal>stderr</>. In some cases this will result in
+ duplicate messages (for instance, if all the workers report a server
+ shutdown), but that seems better than no message.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that parallel <application>pg_dump</>
+ or <application>pg_restore</> on Windows will shut down properly
+ after an error (Kyotaro Horiguchi)
+ </para>
+
+ <para>
+ Previously, it would report the error, but then just sit until
+ manually stopped by the user.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make <application>pg_dump</> behave better when built without zlib
+ support (Kyotaro Horiguchi)
+ </para>
+
+ <para>
+ It didn't work right for parallel dumps, and emitted some rather
+ pointless warnings in other cases.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make <application>pg_basebackup</> accept <literal>-Z 0</> as
+ specifying no compression (Fujii Masao)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix makefiles' rule for building AIX shared libraries to be safe for
+ parallel make (Noah Misch)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix TAP tests and MSVC scripts to work when build directory's path
+ name contains spaces (Michael Paquier, Kyotaro Horiguchi)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Be more predictable about reporting <quote>statement timeout</>
+ versus <quote>lock timeout</> (Tom Lane)
+ </para>
+
+ <para>
+ On heavily loaded machines, the regression tests sometimes failed due
+ to reporting <quote>lock timeout</> even though the statement timeout
+ should have occurred first.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make regression tests safe for Danish and Welsh locales (Jeff Janes,
+ Tom Lane)
+ </para>
+
+ <para>
+ Change some test data that triggered the unusual sorting rules of
+ these locales.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update our copy of the timezone code to match
+ IANA's <application>tzcode</> release 2016c (Tom Lane)
+ </para>
+
+ <para>
+ This is needed to cope with anticipated future changes in the time
+ zone data files. It also fixes some corner-case bugs in coping with
+ unusual time zones.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</> release 2016f
+ for DST law changes in Kemerovo and Novosibirsk, plus historical
+ corrections for Azerbaijan, Belarus, and Morocco.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="release-9-3-13">
+ <title>Release 9.3.13</title>
+
+ <note>
+ <title>Release Date</title>
+ <simpara>2016-05-12</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 9.3.12.
+ For information about new features in the 9.3 major release, see
+ <xref linkend="release-9-3">.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 9.3.13</title>
+
+ <para>
+ A dump/restore is not required for those running 9.3.X.
+ </para>
+
+ <para>
+ However, if you are upgrading from a version earlier than 9.3.9,
+ see <xref linkend="release-9-3-9">.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Clear the OpenSSL error queue before OpenSSL calls, rather than
+ assuming it's clear already; and make sure we leave it clear
+ afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut)
+ </para>
+
+ <para>
+ This change prevents problems when there are multiple connections
+ using OpenSSL within a single process and not all the code involved
+ follows the same rules for when to clear the error queue.
+ Failures have been reported specifically when a client application
+ uses SSL connections in <application>libpq</> concurrently with
+ SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL.
+ It's possible for similar problems to arise within the server as well,
+ if an extension module establishes an outgoing SSL connection.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <quote>failed to build any <replaceable>N</>-way joins</quote>
+ planner error with a full join enclosed in the right-hand side of a
+ left join (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix incorrect handling of equivalence-class tests in multilevel
+ nestloop plans (Tom Lane)
+ </para>
+
+ <para>
+ Given a three-or-more-way equivalence class of variables, such
+ as <literal>X.X = Y.Y = Z.Z</>, it was possible for the planner to omit
+ some of the tests needed to enforce that all the variables are actually
+ equal, leading to join rows being output that didn't satisfy
+ the <literal>WHERE</> clauses. For various reasons, erroneous plans
+ were seldom selected in practice, so that this bug has gone undetected
+ for a long time.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible misbehavior of <literal>TH</>, <literal>th</>,
+ and <literal>Y,YYY</> format codes in <function>to_timestamp()</>
+ (Tom Lane)
+ </para>
+
+ <para>
+ These could advance off the end of the input string, causing subsequent
+ format codes to read garbage.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix dumping of rules and views in which the <replaceable>array</>
+ argument of a <literal><replaceable>value</> <replaceable>operator</>
+ ANY (<replaceable>array</>)</literal> construct is a sub-SELECT
+ (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make <application>pg_regress</> use a startup timeout from the
+ <envar>PGCTLTIMEOUT</> environment variable, if that's set (Tom Lane)
+ </para>
+
+ <para>
+ This is for consistency with a behavior recently added
+ to <application>pg_ctl</>; it eases automated testing on slow machines.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>pg_upgrade</> to correctly restore extension
+ membership for operator families containing only one operator class
+ (Tom Lane)
+ </para>
+
+ <para>
+ In such a case, the operator family was restored into the new database,
+ but it was no longer marked as part of the extension. This had no
+ immediate ill effects, but would cause later <application>pg_dump</>
+ runs to emit output that would cause (harmless) errors on restore.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>pg_upgrade</> to not fail when new-cluster TOAST rules
+ differ from old (Tom Lane)
+ </para>
+
+ <para>
+ <application>pg_upgrade</> had special-case code to handle the
+ situation where the new <productname>PostgreSQL</> version thinks that
+ a table should have a TOAST table while the old version did not. That
+ code was broken, so remove it, and instead do nothing in such cases;
+ there seems no reason to believe that we can't get along fine without
+ a TOAST table if that was okay according to the old version's rules.
+ </para>
+ </listitem>
+
+ <listitem>
+<!--
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: REL9_3_STABLE [f4f4f6990] 2016-04-15 16:49:48 -0400
+Branch: REL9_2_STABLE [d7dbc882d] 2016-04-15 16:49:48 -0400
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: REL9_3_STABLE [992df9658] 2016-04-16 10:42:07 -0400
+Branch: REL9_2_STABLE [9008922bf] 2016-04-16 10:41:57 -0400
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: REL9_3_STABLE [35166fd76] 2016-04-18 13:19:52 -0400
+Branch: REL9_2_STABLE [37f30b251] 2016-04-18 13:19:52 -0400
+-->
+ <para>
+ Back-port 9.4-era memory-barrier code changes into 9.2 and 9.3 (Tom Lane)
+ </para>
+
+ <para>
+ These changes were not originally needed in pre-9.4 branches, but we
+ recently back-patched a fix that expected the barrier code to work
+ properly. Only IA64 (when using icc), HPPA, and Alpha platforms are
+ affected.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Reduce the number of SysV semaphores used by a build configured with
+ <option>--disable-spinlocks</> (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Rename internal function <function>strtoi()</>
+ to <function>strtoint()</> to avoid conflict with a NetBSD library
+ function (Thomas Munro)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix reporting of errors from <function>bind()</>
+ and <function>listen()</> system calls on Windows (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Reduce verbosity of compiler output when building with Microsoft Visual
+ Studio (Christian Ullrich)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <function>putenv()</> to work properly with Visual Studio 2013
+ (Michael Paquier)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possibly-unsafe use of Windows' <function>FormatMessage()</>
+ function (Christian Ullrich)
+ </para>
+
+ <para>
+ Use the <literal>FORMAT_MESSAGE_IGNORE_INSERTS</> flag where
+ appropriate. No live bug is known to exist here, but it seems like a
+ good idea to be careful.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</> release 2016d
+ for DST law changes in Russia and Venezuela. There are new zone
+ names <literal>Europe/Kirov</> and <literal>Asia/Tomsk</> to reflect
+ the fact that these regions now have different time zone histories from
+ adjacent regions.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="release-9-3-12">
+ <title>Release 9.3.12</title>
+
+ <note>
+ <title>Release Date</title>
+ <simpara>2016-03-31</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 9.3.11.
+ For information about new features in the 9.3 major release, see
+ <xref linkend="release-9-3">.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 9.3.12</title>
+
+ <para>
+ A dump/restore is not required for those running 9.3.X.
+ </para>
+
+ <para>
+ However, if you are upgrading from a version earlier than 9.3.9,
+ see <xref linkend="release-9-3-9">.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Fix incorrect handling of NULL index entries in
+ indexed <literal>ROW()</> comparisons (Tom Lane)
+ </para>
+
+ <para>
+ An index search using a row comparison such as <literal>ROW(a, b) >
+ ROW('x', 'y')</> would stop upon reaching a NULL entry in
+ the <structfield>b</> column, ignoring the fact that there might be
+ non-NULL <structfield>b</> values associated with later values
+ of <structfield>a</>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid unlikely data-loss scenarios due to renaming files without
+ adequate <function>fsync()</> calls before and after (Michael Paquier,
+ Tomas Vondra, Andres Freund)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Correctly handle cases where <literal>pg_subtrans</> is close to XID
+ wraparound during server startup (Jeff Janes)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix corner-case crash due to trying to free <function>localeconv()</>
+ output strings more than once (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix parsing of affix files for <literal>ispell</> dictionaries
+ (Tom Lane)
+ </para>
+
+ <para>
+ The code could go wrong if the affix file contained any characters
+ whose byte length changes during case-folding, for
+ example <literal>I</> in Turkish UTF8 locales.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid use of <function>sscanf()</> to parse <literal>ispell</>
+ dictionary files (Artur Zakirov)
+ </para>
+
+ <para>
+ This dodges a portability problem on FreeBSD-derived platforms
+ (including macOS).
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an
+ AVX2-capable CPU and a Postgres build done with Visual Studio 2013
+ (Christian Ullrich)
+ </para>
+
+ <para>
+ This is a workaround for a bug in Visual Studio 2013's runtime
+ library, which Microsoft have stated they will not fix in that
+ version.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>psql</>'s tab completion logic to handle multibyte
+ characters properly (Kyotaro Horiguchi, Robert Haas)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>psql</>'s tab completion for
+ <literal>SECURITY LABEL</> (Tom Lane)
+ </para>
+
+ <para>
+ Pressing TAB after <literal>SECURITY LABEL</> might cause a crash
+ or offering of inappropriate keywords.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make <application>pg_ctl</> accept a wait timeout from the
+ <envar>PGCTLTIMEOUT</> environment variable, if none is specified on
+ the command line (Noah Misch)
+ </para>
+
+ <para>
+ This eases testing of slower buildfarm members by allowing them
+ to globally specify a longer-than-normal timeout for postmaster
+ startup and shutdown.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix incorrect test for Windows service status
+ in <application>pg_ctl</> (Manuel Mathar)
+ </para>
+
+ <para>
+ The previous set of minor releases attempted to
+ fix <application>pg_ctl</> to properly determine whether to send log
+ messages to Window's Event Log, but got the test backwards.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>pgbench</> to correctly handle the combination
+ of <literal>-C</> and <literal>-M prepared</> options (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>pg_upgrade</>, skip creating a deletion script when
+ the new data directory is inside the old data directory (Bruce
+ Momjian)
+ </para>
+
+ <para>
+ Blind application of the script in such cases would result in loss of
+ the new data directory.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In PL/Perl, properly translate empty Postgres arrays into empty Perl
+ arrays (Alex Hunsaker)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make PL/Python cope with function names that aren't valid Python
+ identifiers (Jim Nasby)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix multiple mistakes in the statistics returned
+ by <filename>contrib/pgstattuple</>'s <function>pgstatindex()</>
+ function (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Remove dependency on <literal>psed</> in MSVC builds, since it's no
+ longer provided by core Perl (Michael Paquier, Andrew Dunstan)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</> release 2016c
+ for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia
+ (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus
+ historical corrections for Lithuania, Moldova, and Russia
+ (Kaliningrad, Samara, Volgograd).
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
+ <sect1 id="release-9-3-11">
+ <title>Release 9.3.11</title>
+
+ <note>
+ <title>Release Date</title>
+ <simpara>2016-02-11</simpara>
+ </note>
+
+ <para>
+ This release contains a variety of fixes from 9.3.10.
+ For information about new features in the 9.3 major release, see
+ <xref linkend="release-9-3">.
+ </para>
+
+ <sect2>
+ <title>Migration to Version 9.3.11</title>
+
+ <para>
+ A dump/restore is not required for those running 9.3.X.
+ </para>
+
+ <para>
+ However, if you are upgrading from a version earlier than 9.3.9,
+ see <xref linkend="release-9-3-9">.
+ </para>
+
+ </sect2>
+
+ <sect2>
+ <title>Changes</title>
+
+ <itemizedlist>
+
+ <listitem>
+ <para>
+ Fix infinite loops and buffer-overrun problems in regular expressions
+ (Tom Lane)
+ </para>
+
+ <para>
+ Very large character ranges in bracket expressions could cause
+ infinite loops in some cases, and memory overwrites in other cases.
+ (CVE-2016-0773)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Perform an immediate shutdown if the <filename>postmaster.pid</> file
+ is removed (Tom Lane)
+ </para>
+
+ <para>
+ The postmaster now checks every minute or so
+ that <filename>postmaster.pid</> is still there and still contains its
+ own PID. If not, it performs an immediate shutdown, as though it had
+ received <systemitem>SIGQUIT</>. The main motivation for this change
+ is to ensure that failed buildfarm runs will get cleaned up without
+ manual intervention; but it also serves to limit the bad effects if a
+ DBA forcibly removes <filename>postmaster.pid</> and then starts a new
+ postmaster.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <literal>SERIALIZABLE</> transaction isolation mode, serialization
+ anomalies could be missed due to race conditions during insertions
+ (Kevin Grittner, Thomas Munro)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix failure to emit appropriate WAL records when doing <literal>ALTER
+ TABLE ... SET TABLESPACE</> for unlogged relations (Michael Paquier,
+ Andres Freund)
+ </para>
+
+ <para>
+ Even though the relation's data is unlogged, the move must be logged or
+ the relation will be inaccessible after a standby is promoted to master.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible misinitialization of unlogged relations at the end of
+ crash recovery (Andres Freund, Michael Paquier)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure walsender slots are fully re-initialized when being re-used
+ (Magnus Hagander)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>ALTER COLUMN TYPE</> to reconstruct inherited check
+ constraints properly (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>REASSIGN OWNED</> to change ownership of composite types
+ properly (Álvaro Herrera)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>REASSIGN OWNED</> and <command>ALTER OWNER</> to correctly
+ update granted-permissions lists when changing owners of data types,
+ foreign data wrappers, or foreign servers (Bruce Momjian,
+ Álvaro Herrera)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <command>REASSIGN OWNED</> to ignore foreign user mappings,
+ rather than fail (Álvaro Herrera)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible crash after doing query rewrite for an updatable view
+ (Stephen Frost)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix planner's handling of <literal>LATERAL</> references (Tom
+ Lane)
+ </para>
+
+ <para>
+ This fixes some corner cases that led to <quote>failed to build any
+ N-way joins</> or <quote>could not devise a query plan</> planner
+ failures.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Add more defenses against bad planner cost estimates for GIN index
+ scans when the index's internal statistics are very out-of-date
+ (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make planner cope with hypothetical GIN indexes suggested by an index
+ advisor plug-in (Julien Rouhaud)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Speed up generation of unique table aliases in <command>EXPLAIN</> and
+ rule dumping, and ensure that generated aliases do not
+ exceed <literal>NAMEDATALEN</> (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix dumping of whole-row Vars in <literal>ROW()</>
+ and <literal>VALUES()</> lists (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible internal overflow in <type>numeric</> division
+ (Dean Rasheed)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix enforcement of restrictions inside parentheses within regular
+ expression lookahead constraints (Tom Lane)
+ </para>
+
+ <para>
+ Lookahead constraints aren't allowed to contain backrefs, and
+ parentheses within them are always considered non-capturing, according
+ to the manual. However, the code failed to handle these cases properly
+ inside a parenthesized subexpression, and would give unexpected
+ results.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Conversion of regular expressions to indexscan bounds could produce
+ incorrect bounds from regexps containing lookahead constraints
+ (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix regular-expression compiler to handle loops of constraint arcs
+ (Tom Lane)
+ </para>
+
+ <para>
+ The code added for CVE-2007-4772 was both incomplete, in that it didn't
+ handle loops involving more than one state, and incorrect, in that it
+ could cause assertion failures (though there seem to be no bad
+ consequences of that in a non-assert build). Multi-state loops would
+ cause the compiler to run until the query was canceled or it reached
+ the too-many-states error condition.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Improve memory-usage accounting in regular-expression compiler
+ (Tom Lane)
+ </para>
+
+ <para>
+ This causes the code to emit <quote>regular expression is too
+ complex</> errors in some cases that previously used unreasonable
+ amounts of time and memory.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Improve performance of regular-expression compiler (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make <literal>%h</> and <literal>%r</> escapes
+ in <varname>log_line_prefix</> work for messages emitted due
+ to <varname>log_connections</> (Tom Lane)
+ </para>
+
+ <para>
+ Previously, <literal>%h</>/<literal>%r</> started to work just after a
+ new session had emitted the <quote>connection received</> log message;
+ now they work for that message too.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ On Windows, ensure the shared-memory mapping handle gets closed in
+ child processes that don't need it (Tom Lane, Amit Kapila)
+ </para>
+
+ <para>
+ This oversight resulted in failure to recover from crashes
+ whenever <varname>logging_collector</> is turned on.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix possible failure to detect socket EOF in non-blocking mode on
+ Windows (Tom Lane)
+ </para>
+
+ <para>
+ It's not entirely clear whether this problem can happen in pre-9.5
+ branches, but if it did, the symptom would be that a walsender process
+ would wait indefinitely rather than noticing a loss of connection.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid leaking a token handle during SSPI authentication
+ (Christian Ullrich)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>psql</>, ensure that <application>libreadline</>'s idea
+ of the screen size is updated when the terminal window size changes
+ (Merlin Moncure)
+ </para>
+
+ <para>
+ Previously, <application>libreadline</> did not notice if the window
+ was resized during query output, leading to strange behavior during
+ later input of multiline queries.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>psql</>'s <literal>\det</> command to interpret its
+ pattern argument the same way as other <literal>\d</> commands with
+ potentially schema-qualified patterns do (Reece Hart)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid possible crash in <application>psql</>'s <literal>\c</> command
+ when previous connection was via Unix socket and command specifies a
+ new hostname and same username (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <literal>pg_ctl start -w</>, test child process status directly
+ rather than relying on heuristics (Tom Lane, Michael Paquier)
+ </para>
+
+ <para>
+ Previously, <application>pg_ctl</> relied on an assumption that the new
+ postmaster would always create <filename>postmaster.pid</> within five
+ seconds. But that can fail on heavily-loaded systems,
+ causing <application>pg_ctl</> to report incorrectly that the
+ postmaster failed to start.
+ </para>
+
+ <para>
+ Except on Windows, this change also means that a <literal>pg_ctl start
+ -w</> done immediately after another such command will now reliably
+ fail, whereas previously it would report success if done within two
+ seconds of the first command.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <literal>pg_ctl start -w</>, don't attempt to use a wildcard listen
+ address to connect to the postmaster (Kondo Yuta)
+ </para>
+
+ <para>
+ On Windows, <application>pg_ctl</> would fail to detect postmaster
+ startup if <varname>listen_addresses</> is set to <literal>0.0.0.0</>
+ or <literal>::</>, because it would try to use that value verbatim as
+ the address to connect to, which doesn't work. Instead assume
+ that <literal>127.0.0.1</> or <literal>::1</>, respectively, is the
+ right thing to use.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>pg_ctl</> on Windows, check service status to decide
+ where to send output, rather than checking if standard output is a
+ terminal (Michael Paquier)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ In <application>pg_dump</> and <application>pg_basebackup</>, adopt
+ the GNU convention for handling tar-archive members exceeding 8GB
+ (Tom Lane)
+ </para>
+
+ <para>
+ The POSIX standard for <literal>tar</> file format does not allow
+ archive member files to exceed 8GB, but most modern implementations
+ of <application>tar</> support an extension that fixes that. Adopt
+ this extension so that <application>pg_dump</> with <option>-Ft</> no
+ longer fails on tables with more than 8GB of data, and so
+ that <application>pg_basebackup</> can handle files larger than 8GB.
+ In addition, fix some portability issues that could cause failures for
+ members between 4GB and 8GB on some platforms. Potentially these
+ problems could cause unrecoverable data loss due to unreadable backup
+ files.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix assorted corner-case bugs in <application>pg_dump</>'s processing
+ of extension member objects (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Make <application>pg_dump</> mark a view's triggers as needing to be
+ processed after its rule, to prevent possible failure during
+ parallel <application>pg_restore</> (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that relation option values are properly quoted
+ in <application>pg_dump</> (Kouhei Sutou, Tom Lane)
+ </para>
+
+ <para>
+ A reloption value that isn't a simple identifier or number could lead
+ to dump/reload failures due to syntax errors in CREATE statements
+ issued by <application>pg_dump</>. This is not an issue with any
+ reloption currently supported by core <productname>PostgreSQL</>, but
+ extensions could allow reloptions that cause the problem.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid repeated password prompts during parallel <application>pg_dump</>
+ (Zeus Kronion)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>pg_upgrade</>'s file-copying code to handle errors
+ properly on Windows (Bruce Momjian)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Install guards in <application>pgbench</> against corner-case overflow
+ conditions during evaluation of script-specified division or modulo
+ operators (Fabien Coelho, Michael Paquier)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix failure to localize messages emitted
+ by <application>pg_receivexlog</> and <application>pg_recvlogical</>
+ (Ioseph Kim)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Avoid dump/reload problems when using both <application>plpython2</>
+ and <application>plpython3</> (Tom Lane)
+ </para>
+
+ <para>
+ In principle, both versions of <application>PL/Python</> can be used in
+ the same database, though not in the same session (because the two
+ versions of <application>libpython</> cannot safely be used concurrently).
+ However, <application>pg_restore</> and <application>pg_upgrade</> both
+ do things that can fall foul of the same-session restriction. Work
+ around that by changing the timing of the check.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>PL/Python</> regression tests to pass with Python 3.5
+ (Peter Eisentraut)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix premature clearing of <application>libpq</>'s input buffer when
+ socket EOF is seen (Tom Lane)
+ </para>
+
+ <para>
+ This mistake caused <application>libpq</> to sometimes not report the
+ backend's final error message before reporting <quote>server closed the
+ connection unexpectedly</>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Prevent certain <application>PL/Java</> parameters from being set by
+ non-superusers (Noah Misch)
+ </para>
+
+ <para>
+ This change mitigates a <application>PL/Java</> security bug
+ (CVE-2016-0766), which was fixed in <application>PL/Java</> by marking
+ these parameters as superuser-only. To fix the security hazard for
+ sites that update <productname>PostgreSQL</> more frequently
+ than <application>PL/Java</>, make the core code aware of them also.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Improve <application>libpq</>'s handling of out-of-memory situations
+ (Michael Paquier, Amit Kapila, Heikki Linnakangas)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix order of arguments
+ in <application>ecpg</>-generated <literal>typedef</> statements
+ (Michael Meskes)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Use <literal>%g</> not <literal>%f</> format
+ in <application>ecpg</>'s <function>PGTYPESnumeric_from_double()</>
+ (Tom Lane)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <application>ecpg</>-supplied header files to not contain comments
+ continued from a preprocessor directive line onto the next line
+ (Michael Meskes)
+ </para>
+
+ <para>
+ Such a comment is rejected by <application>ecpg</>. It's not yet clear
+ whether <application>ecpg</> itself should be changed.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <function>hstore_to_json_loose()</>'s test for whether
+ an <type>hstore</> value can be converted to a JSON number (Tom Lane)
+ </para>
+
+ <para>
+ Previously this function could be fooled by non-alphanumeric trailing
+ characters, leading to emitting syntactically-invalid JSON.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>contrib/pgcrypto</>'s <function>crypt()</>
+ function can be interrupted by query cancel (Andreas Karlsson)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Accept <application>flex</> versions later than 2.5.x
+ (Tom Lane, Michael Paquier)
+ </para>
+
+ <para>
+ Now that flex 2.6.0 has been released, the version checks in our build
+ scripts needed to be adjusted.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Improve reproducibility of build output by ensuring filenames are given
+ to the linker in a fixed order (Christoph Berg)
+ </para>
+
+ <para>
+ This avoids possible bitwise differences in the produced executable
+ files from one build to the next.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Install our <filename>missing</> script where PGXS builds can find it
+ (Jim Nasby)
+ </para>
+
+ <para>
+ This allows sane behavior in a PGXS build done on a machine where build
+ tools such as <application>bison</> are missing.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Ensure that <filename>dynloader.h</> is included in the installed
+ header files in MSVC builds (Bruce Momjian, Michael Paquier)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Add variant regression test expected-output file to match behavior of
+ current <application>libxml2</> (Tom Lane)
+ </para>
+
+ <para>
+ The fix for <application>libxml2</>'s CVE-2015-7499 causes it not to
+ output error context reports in some cases where it used to do so.
+ This seems to be a bug, but we'll probably have to live with it for
+ some time, so work around it.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Update time zone data files to <application>tzdata</> release 2016a for
+ DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
+ Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
+ </para>
+ </listitem>
+
+ </itemizedlist>
+
+ </sect2>
+ </sect1>
+
<sect1 id="release-9-3-10">
<title>Release 9.3.10</title>
<itemizedlist>
+ <listitem>
+ <para>
+ Guard against stack overflows in <type>json</> parsing
+ (Oskari Saarenmaa)
+ </para>
+
+ <para>
+ If an application constructs PostgreSQL <type>json</>
+ or <type>jsonb</> values from arbitrary user input, the application's
+ users can reliably crash the PostgreSQL server, causing momentary
+ denial of service. (CVE-2015-5289)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Fix <filename>contrib/pgcrypto</> to detect and report
+ too-short <function>crypt()</> salts (Josh Kupershmidt)
+ </para>
+
+ <para>
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix subtransaction cleanup after a portal (cursor) belonging to an
</para>
</listitem>
+ <listitem>
+ <para>
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input
<listitem>
<para>
- Silence some build warnings on OS X (Tom Lane)
+ Silence some build warnings on macOS (Tom Lane)
</para>
</listitem>
<para>
The most notable oversight was
- that <varname>recovery_min_apply_delay</> failed to delay application
- of a two-phase commit.
+ that <varname>recovery_target_xid</> could not be used to stop at
+ a two-phase commit.
</para>
</listitem>
<listitem>
<para>
- Warn if OS X's <function>setlocale()</> starts an unwanted extra
+ Warn if macOS's <function>setlocale()</> starts an unwanted extra
thread inside the postmaster (Noah Misch)
</para>
</listitem>
<listitem>
<para>
- Fix linking of <application>libpython</> on OS X (Tom Lane)
+ Fix linking of <application>libpython</> on macOS (Tom Lane)
</para>
<para>
<para>
This prevents scenarios wherein a pathological regular expression
- could lock up a server process uninterruptably for a long time.
+ could lock up a server process uninterruptibly for a long time.
</para>
</listitem>
<listitem>
<para>
Allow tools like <link
- linkend="app-pgreceivexlog"><application>pg_receivexlog</></link>
+ linkend="app-pgreceivewal"><application>pg_receivexlog</></link>
to run on computers with different architectures (Heikki
Linnakangas)
</para>
<listitem>
<para>
Allow <link
- linkend="app-pgreceivexlog"><application>pg_receivexlog</></link>
+ linkend="app-pgreceivewal"><application>pg_receivexlog</></link>
and <link
linkend="app-pgbasebackup"><application>pg_basebackup</></link>
<option>--xlog-method</> to handle streaming timeline switches
linkend="APP-PG-DUMPALL"><application>pg_dumpall</></link>, <link
linkend="app-pgbasebackup"><application>pg_basebackup</></link>, and
<link
- linkend="app-pgreceivexlog"><application>pg_receivexlog</></link>
+ linkend="app-pgreceivewal"><application>pg_receivexlog</></link>
to allow specifying a connection string (Amit Kapila)
</para>
</listitem>
<listitem>
<para>
- Remove <filename>src/tool/backend</>, now that the content is on
+ Remove <filename>src/tools/backend</>, now that the content is on
the <productname>PostgreSQL</> wiki (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
- Add <link linkend="pgxlogdump"><application>pg_xlogdump</></link>
+ Add <link linkend="pgwaldump"><application>pg_xlogdump</></link>
contrib program (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Add <link linkend="docguide-toolsets">instructions</link> for setting
- up the documentation tool chain on Mac <productname>OS X</>
+ up the documentation tool chain on <productname>macOS</>
(Peter Eisentraut)
</para>
</listitem>