E.31. Release 9.5.1

Release date: 2016-02-11

This release contains a variety of fixes from 9.5.0. For information about new features in the 9.5 major release, see Section E.32 .

E.31.1. Migration to Version 9.5.1

A dump/restore is not required for those running 9.5.X.

E.31.2. Changes

  • Fix infinite loops and buffer-overrun problems in regular expressions (Tom Lane)

    Very large character ranges in bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. (CVE-2016-0773)

  • Fix an oversight that caused hash joins to miss joining to some tuples of the inner relation in rare cases (Tomas Vondra, Tom Lane)

  • Avoid pushdown of HAVING clauses when grouping sets are used (Andrew Gierth)

  • Fix deparsing of ON CONFLICT arbiter WHERE clauses (Peter Geoghegan)

  • Make %h and %r escapes in log_line_prefix work for messages emitted due to log_connections (Tom Lane)

    Previously, %h / %r started to work just after a new session had emitted the " connection received " log message; now they work for that message too.

  • Avoid leaking a token handle during SSPI authentication (Christian Ullrich)

  • Fix psql 's \det command to interpret its pattern argument the same way as other \d commands with potentially schema-qualified patterns do (Reece Hart)

  • In pg_ctl on Windows, check service status to decide where to send output, rather than checking if standard output is a terminal (Michael Paquier)

  • Fix assorted corner-case bugs in pg_dump 's processing of extension member objects (Tom Lane)

  • Fix improper quoting of domain constraint names in pg_dump (Elvis Pranskevichus)

  • Make pg_dump mark a view's triggers as needing to be processed after its rule, to prevent possible failure during parallel pg_restore (Tom Lane)

  • Install guards in pgbench against corner-case overflow conditions during evaluation of script-specified division or modulo operators (Fabien Coelho, Michael Paquier)

  • Suppress useless warning message when pg_receivexlog connects to a pre-9.4 server (Marco Nenciarini)

  • Avoid dump/reload problems when using both plpython2 and plpython3 (Tom Lane)

    In principle, both versions of PL/Python can be used in the same database, though not in the same session (because the two versions of libpython cannot safely be used concurrently). However, pg_restore and pg_upgrade both do things that can fall foul of the same-session restriction. Work around that by changing the timing of the check.

  • Fix PL/Python regression tests to pass with Python 3.5 (Peter Eisentraut)

  • Prevent certain PL/Java parameters from being set by non-superusers (Noah Misch)

    This change mitigates a PL/Java security bug (CVE-2016-0766), which was fixed in PL/Java by marking these parameters as superuser-only. To fix the security hazard for sites that update PostgreSQL more frequently than PL/Java , make the core code aware of them also.

  • Fix ecpg -supplied header files to not contain comments continued from a preprocessor directive line onto the next line (Michael Meskes)

    Such a comment is rejected by ecpg . It's not yet clear whether ecpg itself should be changed.

  • Fix hstore_to_json_loose() 's test for whether an hstore value can be converted to a JSON number (Tom Lane)

    Previously this function could be fooled by non-alphanumeric trailing characters, leading to emitting syntactically-invalid JSON.

  • In contrib/postgres_fdw , fix bugs triggered by use of tableoid in data-modifying commands (Etsuro Fujita, Robert Haas)

  • Fix ill-advised restriction of NAMEDATALEN to be less than 256 (Robert Haas, Tom Lane)

  • Improve reproducibility of build output by ensuring filenames are given to the linker in a fixed order (Christoph Berg)

    This avoids possible bitwise differences in the produced executable files from one build to the next.

  • Ensure that dynloader.h is included in the installed header files in MSVC builds (Bruce Momjian, Michael Paquier)

  • Update time zone data files to tzdata release 2016a for DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.