Newer
Older
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
<listitem>
<para>
Fix possible deadlock during parallel restore of a schema-only dump
(Robert Haas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix core dump in <literal>pg_dump --binary-upgrade</> on zero-column
composite type (Rushabh Lathia)
</para>
</listitem>
<listitem>
<para>
Prevent WAL files created by <literal>pg_basebackup -x/-X</> from
being archived again when the standby is promoted (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix failure of <filename>contrib/auto_explain</> to print per-node
timing information when doing <command>EXPLAIN ANALYZE</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix upgrade-from-unpackaged script for <filename>contrib/citext</>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix block number checking
in <filename>contrib/pageinspect</>'s <function>get_raw_page()</>
(Tom Lane)
</para>
<para>
The incorrect checking logic could prevent access to some pages in
non-main relation forks.
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</>'s <function>pgp_sym_decrypt()</>
to not fail on messages whose length is 6 less than a power of 2
(Marko Tiikkaja)
</para>
</listitem>
<listitem>
<para>
Fix file descriptor leak in <filename>contrib/pg_test_fsync</>
(Jeff Janes)
</para>
<para>
This could cause failure to remove temporary files on Windows.
</para>
</listitem>
<listitem>
<para>
Handle unexpected query results, especially NULLs, safely in
<filename>contrib/tablefunc</>'s <function>connectby()</>
(Michael Paquier)
</para>
<para>
<function>connectby()</> previously crashed if it encountered a NULL
key value. It now prints that row but doesn't recurse further.
</para>
</listitem>
<listitem>
<para>
Avoid a possible crash in <filename>contrib/xml2</>'s
<function>xslt_process()</> (Mark Simonetti)
</para>
<para>
<application>libxslt</> seems to have an undocumented dependency on
the order in which resources are freed; reorder our calls to avoid a
crash.
</para>
</listitem>
<listitem>
<para>
Mark some <filename>contrib</> I/O functions with correct volatility
properties (Tom Lane)
</para>
<para>
The previous over-conservative marking was immaterial in normal use,
but could cause optimization problems or rejection of valid index
expression definitions. Since the consequences are not large, we've
just adjusted the function definitions in the extension modules'
scripts, without changing version numbers.
</para>
</listitem>
<listitem>
<para>
Numerous cleanups of warnings from Coverity static code analyzer
(Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
</para>
<para>
These changes are mostly cosmetic but in some cases fix corner-case
bugs, for example a crash rather than a proper error report after an
out-of-memory failure. None are believed to represent security
issues.
</para>
</listitem>
<listitem>
<para>
Detect incompatible OpenLDAP versions during build (Noah Misch)
</para>
<para>
With OpenLDAP versions 2.4.24 through 2.4.31,
inclusive, <productname>PostgreSQL</> backends can crash at exit.
Raise a warning during <application>configure</> based on the
compile-time OpenLDAP version number, and test the crashing scenario
in the <filename>contrib/dblink</> regression test.
</para>
</listitem>
<listitem>
<para>
In non-MSVC Windows builds, ensure <filename>libpq.dll</> is installed
with execute permissions (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_regress</> remove any temporary installation it
created upon successful exit (Tom Lane)
</para>
<para>
This results in a very substantial reduction in disk space usage
during <literal>make check-world</>, since that sequence involves
creation of numerous temporary installations.
</para>
</listitem>
<listitem>
<para>
Support time zone abbreviations that change UTC offset from time to
time (Tom Lane)
</para>
<para>
Previously, <productname>PostgreSQL</> assumed that the UTC offset
associated with a time zone abbreviation (such as <literal>EST</>)
never changes in the usage of any particular locale. However this
assumption fails in the real world, so introduce the ability for a
zone abbreviation to represent a UTC offset that sometimes changes.
Update the zone abbreviation definition files to make use of this
feature in timezone locales that have changed the UTC offset of their
abbreviations since 1970 (according to the IANA timezone database).
In such timezones, <productname>PostgreSQL</> will now associate the
correct UTC offset with the abbreviation depending on the given date.
</para>
</listitem>
<listitem>
<para>
Update time zone abbreviations lists (Tom Lane)
</para>
<para>
Add CST (China Standard Time) to our lists.
Remove references to ADT as <quote>Arabia Daylight Time</>, an
abbreviation that's been out of use since 2007; therefore, claiming
there is a conflict with <quote>Atlantic Daylight Time</> doesn't seem
especially helpful.
Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
(Fiji); we didn't even have them on the proper side of the date line.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2015a.
</para>
<para>
The IANA timezone database has adopted abbreviations of the form
<literal>A<replaceable>x</>ST</literal>/<literal>A<replaceable>x</>DT</literal>
for all Australian time zones, reflecting what they believe to be
current majority practice Down Under. These names do not conflict
with usage elsewhere (other than ACST for Acre Summer Time, which has
been in disuse since 1994). Accordingly, adopt these names into
our <quote>Default</> timezone abbreviation set.
The <quote>Australia</> abbreviation set now contains only CST, EAST,
EST, SAST, SAT, and WST, all of which are thought to be mostly
historical usage. Note that SAST has also been changed to be South
Africa Standard Time in the <quote>Default</> abbreviation set.
</para>
<para>
Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
(Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
DST law changes in Chile, Mexico, the Turks & Caicos Islands
(America/Grand_Turk), and Fiji. There is a new zone
Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
corrections for historical (pre-1970) time zone data.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
<sect1 id="release-9-2-9">
<title>Release 9.2.9</title>
<note>
<title>Release Date</title>
<simpara>2014-07-24</simpara>
</note>
<para>
This release contains a variety of fixes from 9.2.8.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.9</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, this release corrects an index corruption problem in some GiST
indexes. See the first changelog entry below to find out whether your
installation has been affected and what steps you should take if so.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.2.6,
see <xref linkend="release-9-2-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Correctly initialize padding bytes in <filename>contrib/btree_gist</>
indexes on <type>bit</> columns (Heikki Linnakangas)
</para>
<para>
This error could result in incorrect query results due to values that
should compare equal not being seen as equal.
Users with GiST indexes on <type>bit</> or <type>bit varying</>
columns should <command>REINDEX</> those indexes after installing this
update.
</para>
</listitem>
<listitem>
<para>
Protect against torn pages when deleting GIN list pages (Heikki
Linnakangas)
</para>
<para>
This fix prevents possible index corruption if a system crash occurs
while the page update is being written to disk.
</para>
</listitem>
<listitem>
<para>
Don't clear the right-link of a GiST index page while replaying
updates from WAL (Heikki Linnakangas)
</para>
<para>
This error could lead to transiently wrong answers from GiST index
scans performed in Hot Standby.
</para>
</listitem>
<listitem>
<para>
Fix corner-case infinite loop during insertion into an SP-GiST text
index (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix feedback status when <xref linkend="guc-hot-standby-feedback"> is
turned off on-the-fly (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Fix possibly-incorrect cache invalidation during nested calls
to <function>ReceiveSharedInvalidMessages</> (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix planner's mishandling of nested PlaceHolderVars generated in
nested-nestloop plans (Tom Lane)
</para>
<para>
This oversight could result in <quote>variable not found in subplan
target lists</> errors, or in silently wrong query results.
</para>
</listitem>
<listitem>
<para>
Fix <quote>could not find pathkey item to sort</> planner failures
with <literal>UNION ALL</> over subqueries reading from tables with
inheritance children (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Don't assume a subquery's output is unique if there's a set-returning
function in its targetlist (David Rowley)
</para>
<para>
This oversight could lead to misoptimization of constructs
like <literal>WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP
BY y)</literal>.
</para>
</listitem>
<listitem>
<para>
Improve planner to drop constant-NULL inputs
of <literal>AND</>/<literal>OR</> when possible (Tom Lane)
</para>
<para>
This change fixes some cases where the more aggressive parameter
substitution done by 9.2 and later can lead to a worse plan than
older versions produced.
</para>
</listitem>
<listitem>
<para>
Fix identification of input type category in <function>to_json()</>
and friends (Tom Lane)
</para>
<para>
This is known to have led to inadequate quoting of <type>money</>
fields in the <type>JSON</> result, and there may have been wrong
results for other data types as well.
</para>
</listitem>
<listitem>
<para>
Fix failure to detoast fields in composite elements of structured
types (Tom Lane)
</para>
<para>
This corrects cases where TOAST pointers could be copied into other
tables without being dereferenced. If the original data is later
deleted, it would lead to errors like <quote>missing chunk number 0
for toast value ...</> when the now-dangling pointer is used.
</para>
</listitem>
<listitem>
<para>
Fix <quote>record type has not been registered</> failures with
whole-row references to the output of Append plan nodes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible crash when invoking a user-defined function while
rewinding a cursor (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix query-lifespan memory leak while evaluating the arguments for a
function in <literal>FROM</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix session-lifespan memory leaks in regular-expression processing
(Tom Lane, Arthur O'Dwyer, Greg Stark)
</para>
</listitem>
<listitem>
<para>
Fix data encoding error in <filename>hungarian.stop</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent foreign tables from being created with OIDS
when <xref linkend="guc-default-with-oids"> is true
(Etsuro Fujita)
</para>
</listitem>
<listitem>
<para>
Fix liveness checks for rows that were inserted in the current
transaction and then deleted by a now-rolled-back subtransaction
(Andres Freund)
</para>
<para>
This could cause problems (at least spurious warnings, and at worst an
infinite loop) if <command>CREATE INDEX</> or <command>CLUSTER</> were
done later in the same transaction.
</para>
</listitem>
<listitem>
<para>
Clear <structname>pg_stat_activity</>.<structfield>xact_start</>
during <command>PREPARE TRANSACTION</> (Andres Freund)
</para>
<para>
After the <command>PREPARE</>, the originating session is no longer in
a transaction, so it should not continue to display a transaction
start time.
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</> to not fail for text search objects
(Álvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Block signals during postmaster startup (Tom Lane)
</para>
<para>
This ensures that the postmaster will properly clean up after itself
if, for example, it receives <systemitem>SIGINT</> while still
starting up.
</para>
</listitem>
<listitem>
<para>
Fix client host name lookup when processing <filename>pg_hba.conf</>
entries that specify host names instead of IP addresses (Tom Lane)
</para>
<para>
Ensure that reverse-DNS lookup failures are reported, instead of just
silently not matching such entries. Also ensure that we make only
one reverse-DNS lookup attempt per connection, not one per host name
entry, which is what previously happened if the lookup attempts failed.
</para>
</listitem>
<listitem>
<para>
Allow the root user to use <literal>postgres -C variable</> and
<literal>postgres --describe-config</> (MauMau)
</para>
<para>
The prohibition on starting the server as root does not need to extend
to these operations, and relaxing it prevents failure
of <application>pg_ctl</> in some scenarios.
</para>
</listitem>
<listitem>
<para>
Secure Unix-domain sockets of temporary postmasters started during
<literal>make check</> (Noah Misch)
</para>
<para>
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory
of <filename>/tmp</>. The hazard remains however on platforms where
Unix sockets are not supported, notably Windows, because then the
temporary postmaster must accept local TCP connections.
</para>
<para>
A useful side effect of this change is to simplify
<literal>make check</> testing in builds that
override <literal>DEFAULT_PGSOCKET_DIR</>. Popular non-default values
like <filename>/var/run/postgresql</> are often not writable by the
build user, requiring workarounds that will no longer be necessary.
</para>
</listitem>
<listitem>
<para>
Fix tablespace creation WAL replay to work on Windows (MauMau)
</para>
</listitem>
<listitem>
<para>
Fix detection of socket creation failures on Windows (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
On Windows, allow new sessions to absorb values of PGC_BACKEND
parameters (such as <xref linkend="guc-log-connections">) from the
configuration file (Amit Kapila)
</para>
<para>
Previously, if such a parameter were changed in the file post-startup,
the change would have no effect.
</para>
</listitem>
<listitem>
<para>
Properly quote executable path names on Windows (Nikhil Deshpande)
</para>
<para>
This oversight could cause <application>initdb</>
and <application>pg_upgrade</> to fail on Windows, if the installation
path contained both spaces and <literal>@</> signs.
</para>
</listitem>
<listitem>
<para>
Fix linking of <application>libpython</> on macOS (Tom Lane)
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
</para>
<para>
The method we previously used can fail with the Python library
supplied by Xcode 5.0 and later.
</para>
</listitem>
<listitem>
<para>
Avoid buffer bloat in <application>libpq</> when the server
consistently sends data faster than the client can absorb it
(Shin-ichi Morita, Tom Lane)
</para>
<para>
<application>libpq</> could be coerced into enlarging its input buffer
until it runs out of memory (which would be reported misleadingly
as <quote>lost synchronization with server</>). Under ordinary
circumstances it's quite far-fetched that data could be continuously
transmitted more quickly than the <function>recv()</> loop can
absorb it, but this has been observed when the client is artificially
slowed by scheduler constraints.
</para>
</listitem>
<listitem>
<para>
Ensure that LDAP lookup attempts in <application>libpq</> time out as
intended (Laurenz Albe)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</> to do the right thing when an array
of <type>char *</> is the target for a FETCH statement returning more
than one row, as well as some other array-handling fixes
(Ashutosh Bapat)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</>'s processing of old-style large object
comments (Tom Lane)
</para>
<para>
A direct-to-database restore from an archive file generated by a
pre-9.0 version of <application>pg_dump</> would usually fail if the
archive contained more than a few comments for large objects.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</> for cases where the new server creates
a TOAST table but the old version did not (Bruce Momjian)
</para>
<para>
This rare situation would manifest as <quote>relation OID mismatch</>
errors.
</para>
</listitem>
<listitem>
<para>
Prevent <filename>contrib/auto_explain</> from changing the output of
a user's <command>EXPLAIN</> (Tom Lane)
</para>
<para>
If <filename>auto_explain</> is active, it could cause
an <literal>EXPLAIN (ANALYZE, TIMING OFF)</> command to nonetheless
print timing information.
</para>
</listitem>
<listitem>
<para>
Fix query-lifespan memory leak in <filename>contrib/dblink</>
(MauMau, Joe Conway)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/pgcrypto</> functions, ensure sensitive
information is cleared from stack variables before returning
(Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Prevent use of already-freed memory in
<filename>contrib/pgstattuple</>'s <function>pgstat_heap()</>
(Noah Misch)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/uuid-ossp</>, cache the state of the OSSP UUID
library across calls (Tom Lane)
</para>
<para>
This improves the efficiency of UUID generation and reduces the amount
of entropy drawn from <filename>/dev/urandom</>, on platforms that
have that.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2014e
for DST law changes in Crimea, Egypt, and Morocco.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
<sect1 id="release-9-2-8">
<title>Release 9.2.8</title>
<note>
<title>Release Date</title>
<simpara>2014-03-20</simpara>
</note>
<para>
This release contains a variety of fixes from 9.2.7.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.8</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.6,
see <xref linkend="release-9-2-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Restore GIN metapages unconditionally to avoid torn-page risk
(Heikki Linnakangas)
</para>
<para>
Although this oversight could theoretically result in a corrupted
index, it is unlikely to have caused any problems in practice, since
the active part of a GIN metapage is smaller than a standard 512-byte
disk sector.
</para>
</listitem>
<listitem>
<para>
Avoid race condition in checking transaction commit status during
receipt of a <command>NOTIFY</> message (Marko Tiikkaja)
</para>
<para>
This prevents a scenario wherein a sufficiently fast client might
respond to a notification before database updates made by the
notifier have become visible to the recipient.
</para>
</listitem>
<listitem>
<para>
Allow regular-expression operators to be terminated early by query
cancel requests (Tom Lane)
</para>
<para>
This prevents scenarios wherein a pathological regular expression
could lock up a server process uninterruptably for a long time.
</para>
</listitem>
<listitem>
<para>
Remove incorrect code that tried to allow <literal>OVERLAPS</> with
single-element row arguments (Joshua Yanovski)
</para>
<para>
This code never worked correctly, and since the case is neither
specified by the SQL standard nor documented, it seemed better to
remove it than fix it.
</para>
</listitem>
<listitem>
<para>
Avoid getting more than <literal>AccessShareLock</> when de-parsing a
rule or view (Dean Rasheed)
</para>
<para>
This oversight resulted in <application>pg_dump</> unexpectedly
acquiring <literal>RowExclusiveLock</> locks on tables mentioned as
the targets of <literal>INSERT</>/<literal>UPDATE</>/<literal>DELETE</>
commands in rules. While usually harmless, that could interfere with
concurrent transactions that tried to acquire, for example,
<literal>ShareLock</> on those tables.
</para>
</listitem>
<listitem>
<para>
Improve performance of index endpoint probes during planning (Tom Lane)
</para>
<para>
This change fixes a significant performance problem that occurred
when there were many not-yet-committed rows at the end of the index,
which is a common situation for indexes on sequentially-assigned
values such as timestamps or sequence-generated identifiers.
</para>
</listitem>
<listitem>
<para>
Fix <application>walsender</>'s failure to shut down cleanly when client
is <application>pg_receivexlog</> (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Check WAL level and hot standby parameters correctly when doing crash
recovery that will be followed by archive recovery (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix test to see if hot standby connections can be allowed immediately
after a crash (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Prevent interrupts while reporting non-<literal>ERROR</> messages
(Tom Lane)
</para>
<para>
This guards against rare server-process freezeups due to recursive
entry to <function>syslog()</>, and perhaps other related problems.
</para>
</listitem>
<listitem>
<para>
Fix memory leak in PL/Perl when returning a composite result, including
multiple-OUT-parameter cases (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Fix tracking of <application>psql</> script line numbers
during <literal>\copy</> from out-of-line data
(Kumar Rajeev Rastogi, Amit Khandekar)
</para>
<para>
<literal>\copy ... from</> incremented the script file line number
for each data line, even if the data was not coming from the script
file. This mistake resulted in wrong line numbers being reported for
any errors occurring later in the same script file.
</para>
</listitem>
<listitem>
<para>
Prevent intermittent <quote>could not reserve shared memory region</>
failures on recent Windows versions (MauMau)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2014a
for DST law changes in Fiji and Turkey, plus historical changes in
Israel and Ukraine.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
<sect1 id="release-9-2-7">
<title>Release 9.2.7</title>
<note>
<title>Release Date</title>
<simpara>2014-02-20</simpara>
</note>
<para>
This release contains a variety of fixes from 9.2.6.
For information about new features in the 9.2 major release, see
<xref linkend="release-9-2">.
</para>
<sect2>
<title>Migration to Version 9.2.7</title>
<para>
A dump/restore is not required for those running 9.2.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.2.6,
see <xref linkend="release-9-2-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
<listitem>
<para>
Shore up <literal>GRANT ... WITH ADMIN OPTION</> restrictions
(Noah Misch)
</para>
<para>
Granting a role without <literal>ADMIN OPTION</> is supposed to
prevent the grantee from adding or removing members from the granted
role, but this restriction was easily bypassed by doing <literal>SET
ROLE</> first. The security impact is mostly that a role member can
revoke the access of others, contrary to the wishes of his grantor.
Unapproved role member additions are a lesser concern, since an
uncooperative role member could provide most of his rights to others
anyway by creating views or <literal>SECURITY DEFINER</> functions.
(CVE-2014-0060)
</para>
</listitem>
<listitem>
<para>
Prevent privilege escalation via manual calls to PL validator
functions (Andres Freund)
</para>
<para>
The primary role of PL validator functions is to be called implicitly
during <command>CREATE FUNCTION</>, but they are also normal SQL
functions that a user can call explicitly. Calling a validator on
a function actually written in some other language was not checked
for and could be exploited for privilege-escalation purposes.
The fix involves adding a call to a privilege-checking function in
each validator function. Non-core procedural languages will also
need to make this change to their own validator functions, if any.
(CVE-2014-0061)
</para>
</listitem>
<listitem>
<para>
Avoid multiple name lookups during table and index DDL
(Robert Haas, Andres Freund)
</para>
<para>
If the name lookups come to different conclusions due to concurrent
activity, we might perform some parts of the DDL on a different table
than other parts. At least in the case of <command>CREATE INDEX</>,
this can be used to cause the permissions checks to be performed
against a different table than the index creation, allowing for a
privilege escalation attack.
(CVE-2014-0062)
</para>
</listitem>
<listitem>
<para>
Prevent buffer overrun with long datetime strings (Noah Misch)
</para>
<para>
The <literal>MAXDATELEN</> constant was too small for the longest
possible value of type <type>interval</>, allowing a buffer overrun
in <function>interval_out()</>. Although the datetime input
functions were more careful about avoiding buffer overrun, the limit
was short enough to cause them to reject some valid inputs, such as
input containing a very long timezone name. The <application>ecpg</>
library contained these vulnerabilities along with some of its own.
(CVE-2014-0063)
</para>