E.118. Release 9.0.13
Release date: 2013-04-04
This release contains a variety of fixes from 9.0.12. For information about new features in the 9.0 major release, see Section E.131 .
E.118.1. Migration to Version 9.0.13
A dump/restore is not required for those running 9.0.X.
However, this release corrects several errors in management of GiST
indexes. After installing this update, it is advisable to
REINDEX
any GiST indexes that meet one or more of the
conditions described below.
Also, if you are upgrading from a version earlier than 9.0.6, see Section E.125 .
E.118.2. Changes
-
Fix insecure parsing of server command-line switches (Mitsumasa Kondo, Kyotaro Horiguchi)
A connection request containing a database name that begins with "
-
" could be crafted to damage or destroy files within the server's data directory, even if the request is eventually rejected. (CVE-2013-1899) -
Reset OpenSSL randomness state in each postmaster child process (Marko Kreen)
This avoids a scenario wherein random numbers generated by
contrib/pgcrypto
functions might be relatively easy for another database user to guess. The risk is only significant when the postmaster is configured withssl
=on
but most connections don't use SSL encryption. (CVE-2013-1900) -
Fix GiST indexes to not use " fuzzy " geometric comparisons when it's not appropriate to do so (Alexander Korotkov)
The core geometric types perform comparisons using " fuzzy " equality, but
gist_box_same
must do exact comparisons, else GiST indexes using it might become inconsistent. After installing this update, users shouldREINDEX
any GiST indexes onbox
,polygon
,circle
, orpoint
columns, since all of these usegist_box_same
. -
Fix erroneous range-union and penalty logic in GiST indexes that use
contrib/btree_gist
for variable-width data types, that istext
,bytea
,bit
, andnumeric
columns (Tom Lane)These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in useless index bloat. Users are advised to
REINDEX
such indexes after installing this update. -
Fix bugs in GiST page splitting code for multi-column indexes (Tom Lane)
These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in indexes that are unnecessarily inefficient to search. Users are advised to
REINDEX
multi-column GiST indexes after installing this update. -
Fix
gist_point_consistent
to handle fuzziness consistently (Alexander Korotkov)Index scans on GiST indexes on
point
columns would sometimes yield results different from a sequential scan, becausegist_point_consistent
disagreed with the underlying operator code about whether to do comparisons exactly or fuzzily. -
Fix buffer leak in WAL replay (Heikki Linnakangas)
This bug could result in " incorrect local pin count " errors during replay, making recovery impossible.
-
Fix race condition in
DELETE RETURNING
(Tom Lane)Under the right circumstances,
DELETE RETURNING
could attempt to fetch data from a shared buffer that the current process no longer has any pin on. If some other process changed the buffer meanwhile, this would lead to garbageRETURNING
output, or even a crash. -
Fix infinite-loop risk in regular expression compilation (Tom Lane, Don Porter)
-
Fix potential null-pointer dereference in regular expression compilation (Tom Lane)
-
Fix
to_char()
to use ASCII-only case-folding rules where appropriate (Tom Lane)This fixes misbehavior of some template patterns that should be locale-independent, but mishandled "
I
" and "i
" in Turkish locales. -
Fix unwanted rejection of timestamp
1999-12-31 24:00:00
(Tom Lane) -
Fix logic error when a single transaction does
UNLISTEN
thenLISTEN
(Tom Lane)The session wound up not listening for notify events at all, though it surely should listen in this case.
-
Remove useless " picksplit doesn't support secondary split " log messages (Josh Hansen, Tom Lane)
This message seems to have been added in expectation of code that was never written, and probably never will be, since GiST's default handling of secondary splits is actually pretty good. So stop nagging end users about it.
-
Fix possible failure to send a session's last few transaction commit/abort counts to the statistics collector (Tom Lane)
-
Eliminate memory leaks in PL/Perl's
spi_prepare()
function (Alex Hunsaker, Tom Lane) -
Fix pg_dumpall to handle database names containing "
=
" correctly (Heikki Linnakangas) -
Avoid crash in pg_dump when an incorrect connection string is given (Heikki Linnakangas)
-
Ignore invalid indexes in pg_dump and pg_upgrade (Michael Paquier, Bruce Momjian)
Dumping invalid indexes can cause problems at restore time, for example if the reason the index creation failed was because it tried to enforce a uniqueness condition not satisfied by the table's data. Also, if the index creation is in fact still in progress, it seems reasonable to consider it to be an uncommitted DDL change, which pg_dump wouldn't be expected to dump anyway. pg_upgrade now also skips invalid indexes rather than failing.
-
Fix
contrib/pg_trgm
'ssimilarity()
function to return zero for trigram-less strings (Tom Lane)Previously it returned
NaN
due to internal division by zero. -
Update time zone data files to tzdata release 2013b for DST law changes in Chile, Haiti, Morocco, Paraguay, and some Russian areas. Also, historical zone data corrections for numerous places.
Also, update the time zone abbreviation files for recent changes in Russia and elsewhere:
CHOT
,GET
,IRKT
,KGT
,KRAT
,MAGT
,MAWT
,MSK
,NOVT
,OMST
,TKT
,VLAT
,WST
,YAKT
,YEKT
now follow their current meanings, andVOLT
(Europe/Volgograd) andMIST
(Antarctica/Macquarie) are added to the default abbreviations list.