E.123. Release 9.0.13

Fix insecure parsing of server command-line switches (Mitsumasa Kondo, Kyotaro Horiguchi)

A connection request containing a database name that begins with " - " could be crafted to damage or destroy files within the server's data directory, even if the request is eventually rejected. (CVE-2013-1899)

Reset OpenSSL randomness state in each postmaster child process (Marko Kreen)

This avoids a scenario wherein random numbers generated by contrib/pgcrypto functions might be relatively easy for another database user to guess. The risk is only significant when the postmaster is configured with ssl = on but most connections don't use SSL encryption. (CVE-2013-1900)

Fix GiST indexes to not use " fuzzy " geometric comparisons when it's not appropriate to do so (Alexander Korotkov)

The core geometric types perform comparisons using " fuzzy " equality, but gist_box_same must do exact comparisons, else GiST indexes using it might become inconsistent. After installing this update, users should REINDEX any GiST indexes on box , polygon , circle , or point columns, since all of these use gist_box_same .

Fix erroneous range-union and penalty logic in GiST indexes that use contrib/btree_gist for variable-width data types, that is text , bytea , bit , and numeric columns (Tom Lane)

These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in useless index bloat. Users are advised to REINDEX such indexes after installing this update.

Fix bugs in GiST page splitting code for multi-column indexes (Tom Lane)

These errors could result in inconsistent indexes in which some keys that are present would not be found by searches, and also in indexes that are unnecessarily inefficient to search. Users are advised to REINDEX multi-column GiST indexes after installing this update.

Fix gist_point_consistent to handle fuzziness consistently (Alexander Korotkov)

Index scans on GiST indexes on point columns would sometimes yield results different from a sequential scan, because gist_point_consistent disagreed with the underlying operator code about whether to do comparisons exactly or fuzzily.

Fix buffer leak in WAL replay (Heikki Linnakangas)

This bug could result in " incorrect local pin count " errors during replay, making recovery impossible.

Fix race condition in DELETE RETURNING (Tom Lane)

Under the right circumstances, DELETE RETURNING could attempt to fetch data from a shared buffer that the current process no longer has any pin on. If some other process changed the buffer meanwhile, this would lead to garbage RETURNING output, or even a crash.

Fix infinite-loop risk in regular expression compilation (Tom Lane, Don Porter)

Fix potential null-pointer dereference in regular expression compilation (Tom Lane)

Fix to_char() to use ASCII-only case-folding rules where appropriate (Tom Lane)

This fixes misbehavior of some template patterns that should be locale-independent, but mishandled " I " and " i " in Turkish locales.

Fix unwanted rejection of timestamp 1999-12-31 24:00:00 (Tom Lane)

Fix logic error when a single transaction does UNLISTEN then LISTEN (Tom Lane)

The session wound up not listening for notify events at all, though it surely should listen in this case.

Remove useless " picksplit doesn't support secondary split " log messages (Josh Hansen, Tom Lane)

This message seems to have been added in expectation of code that was never written, and probably never will be, since GiST's default handling of secondary splits is actually pretty good. So stop nagging end users about it.

Fix possible failure to send a session's last few transaction commit/abort counts to the statistics collector (Tom Lane)

Eliminate memory leaks in PL/Perl's spi_prepare() function (Alex Hunsaker, Tom Lane)

Fix pg_dumpall to handle database names containing " = " correctly (Heikki Linnakangas)

Avoid crash in pg_dump when an incorrect connection string is given (Heikki Linnakangas)

Ignore invalid indexes in pg_dump and pg_upgrade (Michael Paquier, Bruce Momjian)

Dumping invalid indexes can cause problems at restore time, for example if the reason the index creation failed was because it tried to enforce a uniqueness condition not satisfied by the table's data. Also, if the index creation is in fact still in progress, it seems reasonable to consider it to be an uncommitted DDL change, which pg_dump wouldn't be expected to dump anyway. pg_upgrade now also skips invalid indexes rather than failing.

Fix contrib/pg_trgm 's similarity() function to return zero for trigram-less strings (Tom Lane)

Previously it returned NaN due to internal division by zero.

Update time zone data files to tzdata release 2013b for DST law changes in Chile, Haiti, Morocco, Paraguay, and some Russian areas. Also, historical zone data corrections for numerous places.

Also, update the time zone abbreviation files for recent changes in Russia and elsewhere: CHOT , GET , IRKT , KGT , KRAT , MAGT , MAWT , MSK , NOVT , OMST , TKT , VLAT , WST , YAKT , YEKT now follow their current meanings, and VOLT (Europe/Volgograd) and MIST (Antarctica/Macquarie) are added to the default abbreviations list.