E.79. Release 9.3.5

Release date: 2014-07-24

This release contains a variety of fixes from 9.3.4. For information about new features in the 9.3 major release, see Section E.84 .

E.79.1. Migration to Version 9.3.5

A dump/restore is not required for those running 9.3.X.

However, this release corrects a logic error in pg_upgrade , as well as an index corruption problem in some GiST indexes. See the first two changelog entries below to find out whether your installation has been affected and what steps you should take if so.

Also, if you are upgrading from a version earlier than 9.3.4, see Section E.80 .

E.79.2. Changes

  • In pg_upgrade , remove pg_multixact files left behind by initdb (Bruce Momjian)

    If you used a pre-9.3.5 version of pg_upgrade to upgrade a database cluster to 9.3, it might have left behind a file $PGDATA/pg_multixact/offsets/0000 that should not be there and will eventually cause problems in VACUUM . However, in common cases this file is actually valid and must not be removed. To determine whether your installation has this problem, run this query as superuser, in any database of the cluster:

    WITH list(file) AS (SELECT * FROM pg_ls_dir('pg_multixact/offsets'))
    SELECT EXISTS (SELECT * FROM list WHERE file = '0000') AND
           NOT EXISTS (SELECT * FROM list WHERE file = '0001') AND
           NOT EXISTS (SELECT * FROM list WHERE file = 'FFFF') AND
           EXISTS (SELECT * FROM list WHERE file != '0000')
           AS file_0000_removal_required;
    

    If this query returns t , manually remove the file $PGDATA/pg_multixact/offsets/0000 . Do nothing if the query returns f .

  • Correctly initialize padding bytes in contrib/btree_gist indexes on bit columns (Heikki Linnakangas)

    This error could result in incorrect query results due to values that should compare equal not being seen as equal. Users with GiST indexes on bit or bit varying columns should REINDEX those indexes after installing this update.

  • Protect against torn pages when deleting GIN list pages (Heikki Linnakangas)

    This fix prevents possible index corruption if a system crash occurs while the page update is being written to disk.

  • Don't clear the right-link of a GiST index page while replaying updates from WAL (Heikki Linnakangas)

    This error could lead to transiently wrong answers from GiST index scans performed in Hot Standby.

  • Fix corner-case infinite loop during insertion into an SP-GiST text index (Tom Lane)

  • Fix incorrect answers from SP-GiST index searches with -|- (range adjacency) operator (Heikki Linnakangas)

  • Fix wraparound handling for pg_multixact/members (Álvaro Herrera)

  • Truncate pg_multixact during checkpoints, not during VACUUM (Álvaro Herrera)

    This change ensures that pg_multixact segments can't be removed if they'd still be needed during WAL replay after a crash.

  • Fix possible inconsistency of all-visible flags after WAL recovery (Heikki Linnakangas)

  • Fix possibly-incorrect cache invalidation during nested calls to ReceiveSharedInvalidMessages (Andres Freund)

  • Fix race condition when updating a tuple concurrently locked by another process (Andres Freund, Álvaro Herrera)

  • Fix " could not find pathkey item to sort " planner failures with UNION ALL over subqueries reading from tables with inheritance children (Tom Lane)

  • Don't assume a subquery's output is unique if there's a set-returning function in its targetlist (David Rowley)

    This oversight could lead to misoptimization of constructs like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP BY y) .

  • Improve planner to drop constant-NULL inputs of AND / OR when possible (Tom Lane)

    This change fixes some cases where the more aggressive parameter substitution done by 9.2 and later can lead to a worse plan than older versions produced.

  • Ensure that the planner sees equivalent VARIADIC and non- VARIADIC function calls as equivalent (Tom Lane)

    This bug could for example result in failure to use expression indexes involving variadic functions. It might be necessary to re-create such indexes, and/or re-create views including variadic function calls that should match the indexes, for the fix to be effective for existing 9.3 installations.

  • Fix handling of nested JSON objects in json_populate_recordset() and friends (Michael Paquier, Tom Lane)

    A nested JSON object could result in previous fields of the parent object not being shown in the output.

  • Fix identification of input type category in to_json() and friends (Tom Lane)

    This is known to have led to inadequate quoting of money fields in the JSON result, and there may have been wrong results for other data types as well.

  • Fix failure to detoast fields in composite elements of structured types (Tom Lane)

    This corrects cases where TOAST pointers could be copied into other tables without being dereferenced. If the original data is later deleted, it would lead to errors like " missing chunk number 0 for toast value ... " when the now-dangling pointer is used.

  • Fix " record type has not been registered " failures with whole-row references to the output of Append plan nodes (Tom Lane)

  • Fix possible crash when invoking a user-defined function while rewinding a cursor (Tom Lane)

  • Fix query-lifespan memory leak while evaluating the arguments for a function in FROM (Tom Lane)

  • Fix session-lifespan memory leaks in regular-expression processing (Tom Lane, Arthur O'Dwyer, Greg Stark)

  • Fix data encoding error in hungarian.stop (Tom Lane)

  • Prevent foreign tables from being created with OIDS when default_with_oids is true (Etsuro Fujita)

  • Fix liveness checks for rows that were inserted in the current transaction and then deleted by a now-rolled-back subtransaction (Andres Freund)

    This could cause problems (at least spurious warnings, and at worst an infinite loop) if CREATE INDEX or CLUSTER were done later in the same transaction.

  • Clear pg_stat_activity . xact_start during PREPARE TRANSACTION (Andres Freund)

    After the PREPARE , the originating session is no longer in a transaction, so it should not continue to display a transaction start time.

  • Fix REASSIGN OWNED to not fail for text search objects (Álvaro Herrera)

  • Prevent pg_class . relminmxid values from going backwards during VACUUM FULL (Álvaro Herrera)

  • Reduce indentation in rule/view dumps to improve readability and avoid excessive whitespace (Greg Stark, Tom Lane)

    This change reduces the amount of indentation applied to nested constructs, including some cases that the user probably doesn't think of as nested, such as UNION lists. Previously, deeply nested constructs were printed with an amount of whitespace growing as O(N^2), which created a performance problem and even risk of out-of-memory failures. Now the indentation is reduced modulo 40, which is initially odd to look at but seems to preserve readability better than simply limiting the indentation would do. Redundant parenthesization of UNION lists has been reduced as well.

  • Fix dumping of rules/views when subsequent addition of a column has resulted in multiple input columns matching a USING specification (Tom Lane)

  • Repair view printing for some cases involving functions in FROM that return a composite type containing dropped columns (Tom Lane)

  • Block signals during postmaster startup (Tom Lane)

    This ensures that the postmaster will properly clean up after itself if, for example, it receives SIGINT while still starting up.

  • Fix client host name lookup when processing pg_hba.conf entries that specify host names instead of IP addresses (Tom Lane)

    Ensure that reverse-DNS lookup failures are reported, instead of just silently not matching such entries. Also ensure that we make only one reverse-DNS lookup attempt per connection, not one per host name entry, which is what previously happened if the lookup attempts failed.

  • Allow the root user to use postgres -C variable and postgres --describe-config (MauMau)

    The prohibition on starting the server as root does not need to extend to these operations, and relaxing it prevents failure of pg_ctl in some scenarios.

  • Secure Unix-domain sockets of temporary postmasters started during make check (Noah Misch)

    Any local user able to access the socket file could connect as the server's bootstrap superuser, then proceed to execute arbitrary code as the operating-system user running the test, as we previously noted in CVE-2014-0067. This change defends against that risk by placing the server's socket in a temporary, mode 0700 subdirectory of /tmp . The hazard remains however on platforms where Unix sockets are not supported, notably Windows, because then the temporary postmaster must accept local TCP connections.

    A useful side effect of this change is to simplify make check testing in builds that override DEFAULT_PGSOCKET_DIR . Popular non-default values like /var/run/postgresql are often not writable by the build user, requiring workarounds that will no longer be necessary.

  • Fix tablespace creation WAL replay to work on Windows (MauMau)

  • Fix detection of socket creation failures on Windows (Bruce Momjian)

  • On Windows, allow new sessions to absorb values of PGC_BACKEND parameters (such as log_connections ) from the configuration file (Amit Kapila)

    Previously, if such a parameter were changed in the file post-startup, the change would have no effect.

  • Properly quote executable path names on Windows (Nikhil Deshpande)

    This oversight could cause initdb and pg_upgrade to fail on Windows, if the installation path contained both spaces and @ signs.

  • Fix linking of libpython on macOS (Tom Lane)

    The method we previously used can fail with the Python library supplied by Xcode 5.0 and later.

  • Avoid buffer bloat in libpq when the server consistently sends data faster than the client can absorb it (Shin-ichi Morita, Tom Lane)

    libpq could be coerced into enlarging its input buffer until it runs out of memory (which would be reported misleadingly as " lost synchronization with server " ). Under ordinary circumstances it's quite far-fetched that data could be continuously transmitted more quickly than the recv() loop can absorb it, but this has been observed when the client is artificially slowed by scheduler constraints.

  • Ensure that LDAP lookup attempts in libpq time out as intended (Laurenz Albe)

  • Fix ecpg to do the right thing when an array of char * is the target for a FETCH statement returning more than one row, as well as some other array-handling fixes (Ashutosh Bapat)

  • Fix pg_dump to cope with a materialized view that depends on a table's primary key (Tom Lane)

    This occurs if the view's query relies on functional dependency to abbreviate a GROUP BY list. pg_dump got sufficiently confused that it dumped the materialized view as a regular view.

  • Fix parsing of pg_dumpall 's -i switch (Tom Lane)

  • Fix pg_restore 's processing of old-style large object comments (Tom Lane)

    A direct-to-database restore from an archive file generated by a pre-9.0 version of pg_dump would usually fail if the archive contained more than a few comments for large objects.

  • Fix pg_upgrade for cases where the new server creates a TOAST table but the old version did not (Bruce Momjian)

    This rare situation would manifest as " relation OID mismatch " errors.

  • In pg_upgrade , preserve pg_database . datminmxid and pg_class . relminmxid values from the old cluster, or insert reasonable values when upgrading from pre-9.3; also defend against unreasonable values in the core server (Bruce Momjian, Álvaro Herrera, Tom Lane)

    These changes prevent scenarios in which autovacuum might insist on scanning the entire cluster's contents immediately upon starting the new cluster, or in which tracking of unfrozen MXID values might be disabled completely.

  • Prevent contrib/auto_explain from changing the output of a user's EXPLAIN (Tom Lane)

    If auto_explain is active, it could cause an EXPLAIN (ANALYZE, TIMING OFF) command to nonetheless print timing information.

  • Fix query-lifespan memory leak in contrib/dblink (MauMau, Joe Conway)

  • In contrib/pgcrypto functions, ensure sensitive information is cleared from stack variables before returning (Marko Kreen)

  • Prevent use of already-freed memory in contrib/pgstattuple 's pgstat_heap() (Noah Misch)

  • In contrib/uuid-ossp , cache the state of the OSSP UUID library across calls (Tom Lane)

    This improves the efficiency of UUID generation and reduces the amount of entropy drawn from /dev/urandom , on platforms that have that.

  • Update time zone data files to tzdata release 2014e for DST law changes in Crimea, Egypt, and Morocco.