release-9.2.sgml

    <listitem>
     <para>
      Fix <filename>contrib/pgcrypto</> to detect and report
      too-short <function>crypt()</> salts (Josh Kupershmidt)
     </para>

     <para>
      Certain invalid salt arguments crashed the server or disclosed a few
      bytes of server memory.  We have not ruled out the viability of
      attacks that arrange for presence of confidential information in the
      disclosed bytes, but they seem unlikely.  (CVE-2015-5288)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix subtransaction cleanup after a portal (cursor) belonging to an
      outer subtransaction fails (Tom Lane, Michael Paquier)
     </para>

     <para>
      A function executed in an outer-subtransaction cursor could cause an
      assertion failure or crash by referencing a relation created within an
      inner subtransaction.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix insertion of relations into the relation cache <quote>init file</>
      (Tom Lane)
     </para>

     <para>
      An oversight in a patch in the most recent minor releases
      caused <structname>pg_trigger_tgrelid_tgname_index</> to be omitted
      from the init file.  Subsequent sessions detected this, then deemed the
      init file to be broken and silently ignored it, resulting in a
      significant degradation in session startup time.  In addition to fixing
      the bug, install some guards so that any similar future mistake will be
      more obvious.
     </para>
    </listitem>

    <listitem>
     <para>
      Avoid O(N^2) behavior when inserting many tuples into a SPI query
      result (Neil Conway)
     </para>
    </listitem>

    <listitem>
     <para>
      Improve <command>LISTEN</> startup time when there are many unread
      notifications (Matt Newell)
     </para>
    </listitem>

<!--
Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: REL9_2_STABLE [0e933fdf9] 2015-08-27 12:22:10 -0400
Branch: REL9_1_STABLE [9b1b9446f] 2015-08-27 12:22:10 -0400
-->

    <listitem>
     <para>
      Back-patch 9.3-era addition of per-resource-owner lock caches
      (Jeff Janes)
     </para>

     <para>
      This substantially improves performance when <application>pg_dump</>
      tries to dump a large number of tables.
     </para>
    </listitem>

    <listitem>
     <para>
      Disable SSL renegotiation by default (Michael Paquier, Andres Freund)
     </para>

     <para>
      While use of SSL renegotiation is a good idea in theory, we have seen
      too many bugs in practice, both in the underlying OpenSSL library and
      in our usage of it.  Renegotiation will be removed entirely in 9.5 and
      later.  In the older branches, just change the default value
      of <varname>ssl_renegotiation_limit</> to zero (disabled).
     </para>
    </listitem>

    <listitem>
     <para>
      Lower the minimum values of the <literal>*_freeze_max_age</> parameters
      (Andres Freund)
     </para>

     <para>
      This is mainly to make tests of related behavior less time-consuming,
      but it may also be of value for installations with limited disk space.
     </para>
    </listitem>

    <listitem>
     <para>
      Limit the maximum value of <varname>wal_buffers</> to 2GB to avoid
      server crashes (Josh Berkus)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix rare internal overflow in multiplication of <type>numeric</> values
      (Dean Rasheed)
     </para>
    </listitem>

    <listitem>
     <para>
      Guard against hard-to-reach stack overflows involving record types,
      range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
      <type>ltxtquery</> and <type>query_int</> (Noah Misch)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input
      (Greg Stark)
     </para>

     <para>
      These tokens aren't meant to be used in datetime values, but previously
      they resulted in opaque internal error messages rather
      than <quote>invalid input syntax</>.
     </para>
    </listitem>

    <listitem>
     <para>
      Add more query-cancel checks to regular expression matching (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Add recursion depth protections to regular expression, <literal>SIMILAR
      TO</>, and <literal>LIKE</> matching (Tom Lane)
     </para>

     <para>
      Suitable search patterns and a low stack depth limit could lead to
      stack-overrun crashes.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix potential infinite loop in regular expression execution (Tom Lane)
     </para>

     <para>
      A search pattern that can apparently match a zero-length string, but
      actually doesn't match because of a back reference, could lead to an
      infinite loop.
     </para>
    </listitem>

    <listitem>
     <para>
      In regular expression execution, correctly record match data for
      capturing parentheses within a quantifier even when the match is
      zero-length (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix low-memory failures in regular expression compilation
      (Andreas Seltenreich)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix low-probability memory leak during regular expression execution
      (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix rare low-memory failure in lock cleanup during transaction abort
      (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <quote>unexpected out-of-memory situation during sort</> errors
      when using tuplestores with small <varname>work_mem</> settings (Tom
      Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix very-low-probability stack overrun in <function>qsort</> (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <quote>invalid memory alloc request size</> failure in hash joins
      with large <varname>work_mem</> settings (Tomas Vondra, Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix assorted planner bugs (Tom Lane)
     </para>

     <para>
      These mistakes could lead to incorrect query plans that would give wrong
      answers, or to assertion failures in assert-enabled builds, or to odd
      planner errors such as <quote>could not devise a query plan for the
      given query</>, <quote>could not find pathkey item to
      sort</>, <quote>plan should not reference subplan's variable</>,
      or <quote>failed to assign all NestLoopParams to plan nodes</>.
      Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz
      testing that exposed these problems.
     </para>
    </listitem>

    <listitem>
     <para>
      Improve planner's performance for <command>UPDATE</>/<command>DELETE</>
      on large inheritance sets (Tom Lane, Dean Rasheed)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure standby promotion trigger files are removed at postmaster
      startup (Michael Paquier, Fujii Masao)
     </para>

     <para>
      This prevents unwanted promotion from occurring if these files appear
      in a database backup that is used to initialize a new standby server.
     </para>
    </listitem>

    <listitem>
     <para>
      During postmaster shutdown, ensure that per-socket lock files are
      removed and listen sockets are closed before we remove
      the <filename>postmaster.pid</> file (Tom Lane)
     </para>

     <para>
      This avoids race-condition failures if an external script attempts to
      start a new postmaster as soon as <literal>pg_ctl stop</> returns.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix postmaster's handling of a startup-process crash during crash
      recovery (Tom Lane)
     </para>

     <para>
      If, during a crash recovery cycle, the startup process crashes without
      having restored database consistency, we'd try to launch a new startup
      process, which typically would just crash again, leading to an infinite
      loop.
     </para>
    </listitem>

    <listitem>
     <para>
      Do not print a <literal>WARNING</> when an autovacuum worker is already
      gone when we attempt to signal it, and reduce log verbosity for such
      signals (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent autovacuum launcher from sleeping unduly long if the server
      clock is moved backwards a large amount (&Aacute;lvaro Herrera)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure that cleanup of a GIN index's pending-insertions list is
      interruptable by cancel requests (Jeff Janes)
     </para>
    </listitem>

    <listitem>
     <para>
      Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas)
     </para>

     <para>
      Such a page might be left behind after a crash.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix handling of all-zeroes pages in SP-GiST indexes (Heikki
      Linnakangas)
     </para>

     <para>
      <command>VACUUM</> attempted to recycle such pages, but did so in a
      way that wasn't crash-safe.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix off-by-one error that led to otherwise-harmless warnings
      about <quote>apparent wraparound</> in subtrans/multixact truncation
      (Thomas Munro)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix misreporting of <command>CONTINUE</> and <command>MOVE</> statement
      types in <application>PL/pgSQL</>'s error context messages
      (Pavel Stehule, Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>PL/Perl</> to handle non-<acronym>ASCII</> error
      message texts correctly (Alex Hunsaker)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>PL/Python</> crash when returning the string
      representation of a <type>record</> result (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix some places in <application>PL/Tcl</> that neglected to check for
      failure of <function>malloc()</> calls (Michael Paquier, &Aacute;lvaro
      Herrera)
     </para>
    </listitem>

    <listitem>
     <para>
      In <filename>contrib/isn</>, fix output of ISBN-13 numbers that begin
      with 979 (Fabien Coelho)
     </para>

     <para>
      EANs beginning with 979 (but not 9790) are considered ISBNs, but they
      must be printed in the new 13-digit format, not the 10-digit format.
     </para>
    </listitem>

<!--
Author: Joe Conway <mail@joeconway.com>
Branch: REL9_2_STABLE [e90a629e1] 2015-09-22 14:58:38 -0700
-->

    <listitem>
     <para>
      Fix <filename>contrib/sepgsql</>'s handling of <command>SELECT INTO</>
      statements (Kohei KaiGai)
     </para>
    </listitem>

    <listitem>
     <para>
      Improve <application>libpq</>'s handling of out-of-memory conditions
      (Michael Paquier, Heikki Linnakangas)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix memory leaks and missing out-of-memory checks
      in <application>ecpg</> (Michael Paquier)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>psql</>'s code for locale-aware formatting of numeric
      output (Tom Lane)
     </para>

     <para>
      The formatting code invoked by <literal>\pset numericlocale on</>
      did the wrong thing for some uncommon cases such as numbers with an
      exponent but no decimal point.  It could also mangle already-localized
      output from the <type>money</> data type.
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent crash in <application>psql</>'s <command>\c</> command when
      there is no current connection (Noah Misch)
     </para>
    </listitem>

    <listitem>
     <para>
      Make <application>pg_dump</> handle inherited <literal>NOT VALID</>
      check constraints correctly (Tom Lane)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix selection of default <application>zlib</> compression level
      in <application>pg_dump</>'s directory output format (Andrew Dunstan)
     </para>
    </listitem>

    <listitem>
     <para>
      Ensure that temporary files created during a <application>pg_dump</>
      run with <acronym>tar</>-format output are not world-readable (Michael
      Paquier)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>pg_dump</> and <application>pg_upgrade</> to support
      cases where the <literal>postgres</> or <literal>template1</> database
      is in a non-default tablespace (Marti Raudsepp, Bruce Momjian)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>pg_dump</> to handle object privileges sanely when
      dumping from a server too old to have a particular privilege type
      (Tom Lane)
     </para>

     <para>
      When dumping data types from pre-9.2 servers, and when dumping
      functions or procedural languages from pre-7.3
      servers, <application>pg_dump</> would
      produce <command>GRANT</>/<command>REVOKE</> commands that revoked the
      owner's grantable privileges and instead granted all privileges
      to <literal>PUBLIC</>.  Since the privileges involved are
      just <literal>USAGE</> and <literal>EXECUTE</>, this isn't a security
      problem, but it's certainly a surprising representation of the older
      systems' behavior.  Fix it to leave the default privilege state alone
      in these cases.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <application>pg_dump</> to dump shell types (Tom Lane)
     </para>

     <para>
      Shell types (that is, not-yet-fully-defined types) aren't useful for
      much, but nonetheless <application>pg_dump</> should dump them.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix assorted minor memory leaks in <application>pg_dump</> and other
      client-side programs (Michael Paquier)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix spinlock assembly code for PPC hardware to be compatible
      with <acronym>AIX</>'s native assembler (Tom Lane)
     </para>

     <para>
      Building with <application>gcc</> didn't work if <application>gcc</>
      had been configured to use the native assembler, which is becoming more
      common.
     </para>
    </listitem>

    <listitem>
     <para>
      On <acronym>AIX</>, test the <literal>-qlonglong</> compiler option
      rather than just assuming it's safe to use (Noah Misch)
     </para>
    </listitem>

    <listitem>
     <para>
      On <acronym>AIX</>, use <literal>-Wl,-brtllib</> link option to allow
      symbols to be resolved at runtime (Noah Misch)
     </para>

     <para>
      Perl relies on this ability in 5.8.0 and later.
     </para>
    </listitem>

    <listitem>
     <para>
      Avoid use of inline functions when compiling with
      32-bit <application>xlc</>, due to compiler bugs (Noah Misch)
     </para>
    </listitem>

    <listitem>
     <para>
      Use <filename>librt</> for <function>sched_yield()</> when necessary,
      which it is on some Solaris versions (Oskari Saarenmaa)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix Windows <filename>install.bat</> script to handle target directory
      names that contain spaces (Heikki Linnakangas)
     </para>
    </listitem>

    <listitem>
     <para>
      Make the numeric form of the <productname>PostgreSQL</> version number
      (e.g., <literal>90405</>) readily available to extension Makefiles,
      as a variable named <varname>VERSION_NUM</> (Michael Paquier)
     </para>
    </listitem>

    <listitem>
     <para>
      Update time zone data files to <application>tzdata</> release 2015g for
      DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk
      Island, North Korea, Turkey, and Uruguay.  There is a new zone name
      <literal>America/Fort_Nelson</> for the Canadian Northern Rockies.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-9-2-13">
  <title>Release 9.2.13</title>

  <note>
  <title>Release Date</title>
  <simpara>2015-06-12</simpara>
  </note>

  <para>
   This release contains a small number of fixes from 9.2.12.
   For information about new features in the 9.2 major release, see
   <xref linkend="release-9-2">.
  </para>

  <sect2>
   <title>Migration to Version 9.2.13</title>

   <para>
    A dump/restore is not required for those running 9.2.X.
   </para>

   <para>
    However, if you are upgrading from a version earlier than 9.2.11,
    see <xref linkend="release-9-2-11">.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Fix rare failure to invalidate relation cache init file (Tom Lane)
     </para>

     <para>
      With just the wrong timing of concurrent activity, a <command>VACUUM
      FULL</> on a system catalog might fail to update the <quote>init file</>
      that's used to avoid cache-loading work for new sessions.  This would
      result in later sessions being unable to access that catalog at all.
      This is a very ancient bug, but it's so hard to trigger that no
      reproducible case had been seen until recently.
     </para>
    </listitem>

    <listitem>
     <para>
      Avoid deadlock between incoming sessions and <literal>CREATE/DROP
      DATABASE</> (Tom Lane)
     </para>

     <para>
      A new session starting in a database that is the target of
      a <command>DROP DATABASE</> command, or is the template for
      a <command>CREATE DATABASE</> command, could cause the command to wait
      for five seconds and then fail, even if the new session would have
      exited before that.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-9-2-12">
  <title>Release 9.2.12</title>

  <note>
  <title>Release Date</title>
  <simpara>2015-06-04</simpara>
  </note>

  <para>
   This release contains a small number of fixes from 9.2.11.
   For information about new features in the 9.2 major release, see
   <xref linkend="release-9-2">.
  </para>

  <sect2>
   <title>Migration to Version 9.2.12</title>

   <para>
    A dump/restore is not required for those running 9.2.X.
   </para>

   <para>
    However, if you are upgrading from a version earlier than 9.2.11,
    see <xref linkend="release-9-2-11">.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Avoid failures while <function>fsync</>'ing data directory during
      crash restart (Abhijit Menon-Sen, Tom Lane)
     </para>

     <para>
      In the previous minor releases we added a patch to <function>fsync</>
      everything in the data directory after a crash.  Unfortunately its
      response to any error condition was to fail, thereby preventing the
      server from starting up, even when the problem was quite harmless.
      An example is that an unwritable file in the data directory would
      prevent restart on some platforms; but it is common to make SSL
      certificate files unwritable by the server.  Revise this behavior so
      that permissions failures are ignored altogether, and other types of
      failures are logged but do not prevent continuing.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix <function>pg_get_functiondef()</> to show
      functions' <literal>LEAKPROOF</> property, if set (Jeevan Chalke)
     </para>
    </listitem>

    <listitem>
     <para>
      Remove <application>configure</>'s check prohibiting linking to a
      threaded <application>libpython</>
      on <systemitem class="osname">OpenBSD</> (Tom Lane)
     </para>

     <para>
      The failure this restriction was meant to prevent seems to not be a
      problem anymore on current <systemitem class="osname">OpenBSD</>
      versions.
     </para>
    </listitem>

    <listitem>
     <para>
      Allow <application>libpq</> to use TLS protocol versions beyond v1
      (Noah Misch)
     </para>

     <para>
      For a long time, <application>libpq</> was coded so that the only SSL
      protocol it would allow was TLS v1.  Now that newer TLS versions are
      becoming popular, allow it to negotiate the highest commonly-supported
      TLS version with the server.  (<productname>PostgreSQL</> servers were
      already capable of such negotiation, so no change is needed on the
      server side.)  This is a back-patch of a change already released in
      9.4.0.
     </para>
    </listitem>

   </itemizedlist>

  </sect2>
 </sect1>

 <sect1 id="release-9-2-11">
  <title>Release 9.2.11</title>

  <note>
  <title>Release Date</title>
  <simpara>2015-05-22</simpara>
  </note>

  <para>
   This release contains a variety of fixes from 9.2.10.
   For information about new features in the 9.2 major release, see
   <xref linkend="release-9-2">.
  </para>

  <sect2>
   <title>Migration to Version 9.2.11</title>

   <para>
    A dump/restore is not required for those running 9.2.X.
   </para>

   <para>
    However, if you use <filename>contrib/citext</>'s
    <function>regexp_matches()</> functions, see the changelog entry below
    about that.
   </para>

   <para>
    Also, if you are upgrading from a version earlier than 9.2.10,
    see <xref linkend="release-9-2-10">.
   </para>

  </sect2>

  <sect2>
   <title>Changes</title>

   <itemizedlist>

    <listitem>
     <para>
      Avoid possible crash when client disconnects just before the
      authentication timeout expires (Benkocs Norbert Attila)
     </para>

     <para>
      If the timeout interrupt fired partway through the session shutdown
      sequence, SSL-related state would be freed twice, typically causing a
      crash and hence denial of service to other sessions.  Experimentation
      shows that an unauthenticated remote attacker could trigger the bug
      somewhat consistently, hence treat as security issue.
      (CVE-2015-3165)
     </para>
    </listitem>

    <listitem>
     <para>
      Improve detection of system-call failures (Noah Misch)
     </para>

     <para>
      Our replacement implementation of <function>snprintf()</> failed to
      check for errors reported by the underlying system library calls;
      the main case that might be missed is out-of-memory situations.
      In the worst case this might lead to information exposure, due to our
      code assuming that a buffer had been overwritten when it hadn't been.
      Also, there were a few places in which security-relevant calls of other
      system library functions did not check for failure.
     </para>

     <para>
      It remains possible that some calls of the <function>*printf()</>
      family of functions are vulnerable to information disclosure if an
      out-of-memory error occurs at just the wrong time.  We judge the risk
      to not be large, but will continue analysis in this area.
      (CVE-2015-3166)
     </para>
    </listitem>

    <listitem>
     <para>
      In <filename>contrib/pgcrypto</>, uniformly report decryption failures
      as <quote>Wrong key or corrupt data</> (Noah Misch)
     </para>

     <para>
      Previously, some cases of decryption with an incorrect key could report
      other error message texts.  It has been shown that such variance in
      error reports can aid attackers in recovering keys from other systems.
      While it's unknown whether <filename>pgcrypto</>'s specific behaviors
      are likewise exploitable, it seems better to avoid the risk by using a
      one-size-fits-all message.
      (CVE-2015-3167)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix incorrect declaration of <filename>contrib/citext</>'s
      <function>regexp_matches()</> functions (Tom Lane)
     </para>

     <para>
      These functions should return <type>setof text[]</>, like the core
      functions they are wrappers for; but they were incorrectly declared as
      returning just <type>text[]</>.  This mistake had two results: first,
      if there was no match you got a scalar null result, whereas what you
      should get is an empty set (zero rows).  Second, the <literal>g</> flag
      was effectively ignored, since you would get only one result array even
      if there were multiple matches.
     </para>

     <para>
      While the latter behavior is clearly a bug, there might be applications
      depending on the former behavior; therefore the function declarations
      will not be changed by default until <productname>PostgreSQL</> 9.5.
      In pre-9.5 branches, the old behavior exists in version 1.0 of
      the <literal>citext</> extension, while we have provided corrected
      declarations in version 1.1 (which is <emphasis>not</> installed by
      default).  To adopt the fix in pre-9.5 branches, execute
      <literal>ALTER EXTENSION citext UPDATE TO '1.1'</> in each database in
      which <literal>citext</> is installed.  (You can also <quote>update</>
      back to 1.0 if you need to undo that.)  Be aware that either update
      direction will require dropping and recreating any views or rules that
      use <filename>citext</>'s <function>regexp_matches()</> functions.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix incorrect checking of deferred exclusion constraints after a HOT
      update (Tom Lane)
     </para>

     <para>
      If a new row that potentially violates a deferred exclusion constraint
      is HOT-updated (that is, no indexed columns change and the row can be
      stored back onto the same table page) later in the same transaction,
      the exclusion constraint would be reported as violated when the check
      finally occurred, even if the row(s) the new row originally conflicted
      with had been deleted.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix planning of star-schema-style queries (Tom Lane)
     </para>

     <para>
      Sometimes, efficient scanning of a large table requires that index
      parameters be provided from more than one other table (commonly,
      dimension tables whose keys are needed to index a large fact table).
      The planner should be able to find such plans, but an overly
      restrictive search heuristic prevented it.
     </para>
    </listitem>

    <listitem>
     <para>
      Prevent improper reordering of antijoins (NOT EXISTS joins) versus
      other outer joins (Tom Lane)
     </para>

     <para>
      This oversight in the planner has been observed to cause <quote>could
      not find RelOptInfo for given relids</> errors, but it seems possible
      that sometimes an incorrect query plan might get past that consistency
      check and result in silently-wrong query output.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix incorrect matching of subexpressions in outer-join plan nodes
      (Tom Lane)
     </para>

     <para>
      Previously, if textually identical non-strict subexpressions were used
      both above and below an outer join, the planner might try to re-use
      the value computed below the join, which would be incorrect because the
      executor would force the value to NULL in case of an unmatched outer row.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix GEQO planner to cope with failure of its join order heuristic
      (Tom Lane)
     </para>

     <para>
      This oversight has been seen to lead to <quote>failed to join all
      relations together</> errors in queries involving <literal>LATERAL</>,
      and that might happen in other cases as well.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix possible deadlock at startup
      when <literal>max_prepared_transactions</> is too small
      (Heikki Linnakangas)
     </para>
    </listitem>

    <listitem>
     <para>
      Don't archive useless preallocated WAL files after a timeline switch
      (Heikki Linnakangas)
     </para>
    </listitem>

<!--
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
Branch: REL9_2_STABLE [97ff2a564] 2015-05-18 17:44:21 -0300
Branch: REL9_1_STABLE [2360eea3b] 2015-05-18 17:44:21 -0300
Branch: REL9_0_STABLE [850e1a566] 2015-05-18 17:44:21 -0300
-->

    <listitem>
     <para>
      Avoid <quote>cannot GetMultiXactIdMembers() during recovery</> error
      (&Aacute;lvaro Herrera)
     </para>
    </listitem>

    <listitem>
     <para>
      Recursively <function>fsync()</> the data directory after a crash
      (Abhijit Menon-Sen, Robert Haas)
     </para>

     <para>
      This ensures consistency if another crash occurs shortly later.  (The
      second crash would have to be a system-level crash, not just a database
      crash, for there to be a problem.)
     </para>
    </listitem>

    <listitem>
     <para>
      Fix autovacuum launcher's possible failure to shut down, if an error
      occurs after it receives SIGTERM (&Aacute;lvaro Herrera)
     </para>
    </listitem>

    <listitem>
     <para>
      Cope with unexpected signals in <function>LockBufferForCleanup()</>
      (Andres Freund)
     </para>

     <para>
      This oversight could result in spurious errors about <quote>multiple
      backends attempting to wait for pincount 1</>.
     </para>
    </listitem>

    <listitem>
     <para>
      Fix crash when doing <literal>COPY IN</> to a table with check
      constraints that contain whole-row references (Tom Lane)
     </para>

     <para>
      The known failure case only crashes in 9.4 and up, but there is very
      similar code in 9.3 and 9.2, so back-patch those branches as well.
     </para>
    </listitem>