E.32. Release 9.5.1
Release date: 2016-02-11
This release contains a variety of fixes from 9.5.0. For information about new features in the 9.5 major release, see Section E.33 .
E.32.1. Migration to Version 9.5.1
A dump/restore is not required for those running 9.5.X.
E.32.2. Changes
-
Fix infinite loops and buffer-overrun problems in regular expressions (Tom Lane)
Very large character ranges in bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. (CVE-2016-0773)
-
Fix an oversight that caused hash joins to miss joining to some tuples of the inner relation in rare cases (Tomas Vondra, Tom Lane)
-
Avoid pushdown of
HAVING
clauses when grouping sets are used (Andrew Gierth) -
Fix deparsing of
ON CONFLICT
arbiterWHERE
clauses (Peter Geoghegan) -
Make
%h
and%r
escapes inlog_line_prefix
work for messages emitted due tolog_connections
(Tom Lane)Previously,
%h
/%r
started to work just after a new session had emitted the " connection received " log message; now they work for that message too. -
Avoid leaking a token handle during SSPI authentication (Christian Ullrich)
-
Fix psql 's
\det
command to interpret its pattern argument the same way as other\d
commands with potentially schema-qualified patterns do (Reece Hart) -
In pg_ctl on Windows, check service status to decide where to send output, rather than checking if standard output is a terminal (Michael Paquier)
-
Fix assorted corner-case bugs in pg_dump 's processing of extension member objects (Tom Lane)
-
Fix improper quoting of domain constraint names in pg_dump (Elvis Pranskevichus)
-
Make pg_dump mark a view's triggers as needing to be processed after its rule, to prevent possible failure during parallel pg_restore (Tom Lane)
-
Install guards in pgbench against corner-case overflow conditions during evaluation of script-specified division or modulo operators (Fabien Coelho, Michael Paquier)
-
Suppress useless warning message when pg_receivexlog connects to a pre-9.4 server (Marco Nenciarini)
-
Avoid dump/reload problems when using both plpython2 and plpython3 (Tom Lane)
In principle, both versions of PL/Python can be used in the same database, though not in the same session (because the two versions of libpython cannot safely be used concurrently). However, pg_restore and pg_upgrade both do things that can fall foul of the same-session restriction. Work around that by changing the timing of the check.
-
Fix PL/Python regression tests to pass with Python 3.5 (Peter Eisentraut)
-
Prevent certain PL/Java parameters from being set by non-superusers (Noah Misch)
This change mitigates a PL/Java security bug (CVE-2016-0766), which was fixed in PL/Java by marking these parameters as superuser-only. To fix the security hazard for sites that update PostgreSQL more frequently than PL/Java , make the core code aware of them also.
-
Fix ecpg -supplied header files to not contain comments continued from a preprocessor directive line onto the next line (Michael Meskes)
Such a comment is rejected by ecpg . It's not yet clear whether ecpg itself should be changed.
-
Fix
hstore_to_json_loose()
's test for whether anhstore
value can be converted to a JSON number (Tom Lane)Previously this function could be fooled by non-alphanumeric trailing characters, leading to emitting syntactically-invalid JSON.
-
In
contrib/postgres_fdw
, fix bugs triggered by use oftableoid
in data-modifying commands (Etsuro Fujita, Robert Haas) -
Fix ill-advised restriction of
NAMEDATALEN
to be less than 256 (Robert Haas, Tom Lane) -
Improve reproducibility of build output by ensuring filenames are given to the linker in a fixed order (Christoph Berg)
This avoids possible bitwise differences in the produced executable files from one build to the next.
-
Ensure that
dynloader.h
is included in the installed header files in MSVC builds (Bruce Momjian, Michael Paquier) -
Update time zone data files to tzdata release 2016a for DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.