E.41. Release 10.6
Release date: 2018-11-08
This release contains a variety of fixes from 10.5. For information about new features in major release 10, see Section E.47.
E.41.1. Migration to Version 10.6
A dump/restore is not required for those running 10.X.
However, if you use the
pg_stat_statements extension, see the changelog entry below about that.
Also, if you are upgrading from a version earlier than 10.4, see Section E.43.
Ensure proper quoting of transition table names when pg_dump emits
CREATE TRIGGER ... REFERENCINGcommands (Tom Lane)
This oversight could be exploited by an unprivileged user to gain superuser privileges during the next dump/reload or pg_upgrade run. (CVE-2018-16850)
Fix corner-case failures in
has_family of functions (Tom Lane)
Return NULL rather than throwing an error when an invalid object OID is provided. Some of these functions got that right already, but not all.
has_column_privilege()was additionally capable of crashing on some platforms.
pg_get_partition_constraintdef()to return NULL rather than fail when passed an invalid relation OID (Tom Lane)
Avoid O(N^2) slowdown in regular expression match/split functions on long strings (Andrew Gierth)
Fix parsing of standard multi-character operators that are immediately followed by a comment or
This oversight could lead to parse errors, or to incorrect assignment of precedence.
Avoid O(N^3) slowdown in lexer for long strings of
-characters (Andrew Gierth)
Fix mis-execution of SubPlans when the outer query is being scanned backwards (Andrew Gierth)
Fix failure of
UPDATE/DELETE ... WHERE CURRENT OF ...after rewinding the referenced cursor (Tom Lane)
A cursor that scans multiple relations (particularly an inheritance tree) could produce wrong behavior if rewound to an earlier relation.
EvalPlanQualto handle conditionally-executed InitPlans properly (Andrew Gierth, Tom Lane)
This resulted in hard-to-reproduce crashes or wrong answers in concurrent updates, if they contained code such as an uncorrelated sub-
Prevent creation of a partition in a trigger attached to its parent table (Amit Langote)
Ideally we'd allow that, but for the moment it has to be blocked to avoid crashes.
Fix problems with applying
ON COMMIT DELETE ROWSto a partitioned temporary table (Amit Langote)
Fix character-class checks to not fail on Windows for Unicode characters above U+FFFF (Tom Lane, Kenji Uno)
This bug affected full-text-search operations, as well as
Disallow pushing sub-
SELECTs containing window functions,
OFFSETto parallel workers (Amit Kapila)
Such cases could result in inconsistent behavior due to different workers getting different answers, as a result of indeterminacy due to row-ordering variations.
Ensure that sequences owned by a foreign table are processed by
ALTER OWNERon the table (Peter Eisentraut)
The ownership change should propagate to such sequences as well, but this was missed for foreign tables.
Ensure that the server will process already-received
SIGTERMinterrupts before waiting for client input (Jeff Janes, Tom Lane)
Fix over-allocation of space for
array_out()'s result string (Keiichi Hirobe)
Avoid query-lifetime memory leak in
Fix memory leak in repeated SP-GiST index scans (Tom Lane)
This is only known to amount to anything significant in cases where an exclusion constraint using SP-GiST receives many new index entries in a single command.
ApplyLogicalMappingFile()closes the mapping file when done with it (Tomas Vondra)
Previously, the file descriptor was leaked, eventually resulting in failures during logical decoding.
Fix logical decoding to handle cases where a mapped catalog table is repeatedly rewritten, e.g., by
VACUUM FULL(Andres Freund)
Prevent starting the server with
wal_levelset to too low a value to support an existing replication slot (Andres Freund)
Avoid crash if a utility command causes infinite recursion (Tom Lane)
When initializing a hot standby, cope with duplicate XIDs caused by two-phase transactions on the master (Michael Paquier, Konstantin Knizhnik)
Fix event triggers to handle nested
ALTER TABLEcommands (Michael Paquier, Álvaro Herrera)
Propagate parent process's transaction and statement start timestamps to parallel workers (Konstantin Knizhnik)
This prevents misbehavior of functions such as
transaction_timestamp()when executed in a worker.
Fix transfer of expanded datums to parallel workers so that alignment is preserved, preventing crashes on alignment-picky platforms (Tom Lane, Amit Kapila)
Fix WAL file recycling logic to work correctly on standby servers (Michael Paquier)
Depending on the setting of
archive_mode, a standby might fail to remove some WAL files that could be removed.
Fix handling of commit-timestamp tracking during recovery (Masahiko Sawada, Michael Paquier)
If commit timestamp tracking has been turned on or off, recovery might fail due to trying to fetch the commit timestamp for a transaction that did not record it.
random()seed in bootstrap and standalone backends, and in initdb (Noah Misch)
The main practical effect of this change is that it avoids a scenario where initdb might mistakenly conclude that POSIX shared memory is not available, due to name collisions caused by always using the same random seed.
Fix possible shared-memory corruption in DSA logic (Thomas Munro)
Allow DSM allocation to be interrupted (Chris Travers)
Avoid failure in a parallel worker when loading an extension that tries to access system caches within its init function (Thomas Munro)
We don't consider that to be good extension coding practice, but it mostly worked before parallel query, so continue to support it for now.
Properly handle turning
full_page_writeson dynamically (Kyotaro Horiguchi)
Fix possible crash due to double
free()during SP-GiST rescan (Andrew Gierth)
Prevent mis-linking of src/port and src/common functions on ELF-based BSD platforms, as well as HP-UX and Solaris (Andrew Gierth, Tom Lane)
Shared libraries loaded into a backend's address space could use the backend's versions of these functions, rather than their own copies as intended. Since the behavior of the two sets of functions isn't quite the same, this led to failures.
Avoid possible buffer overrun when replaying GIN page recompression from WAL (Alexander Korotkov, Sivasubramanian Ramasubramanian)
Avoid overrun of a hash index's metapage when
BLCKSZis smaller than default (Dilip Kumar)
Fix missed page checksum updates in hash indexes (Amit Kapila)
Fix missed fsync of a replication slot's directory (Konstantin Knizhnik, Michael Paquier)
Fix unexpected timeouts when using
wal_sender_timeouton a slow server (Noah Misch)
Ensure that hot standby processes use the correct WAL consistency point (Alexander Kukushkin, Michael Paquier)
This prevents possible misbehavior just after a standby server has reached a consistent database state during WAL replay.
Ensure background workers are stopped properly when the postmaster receives a fast-shutdown request before completing database startup (Alexander Kukushkin)
Update the free space map during WAL replay of page all-visible/frozen flag changes (Álvaro Herrera)
Previously we were not careful about this, reasoning that the FSM is not critical data anyway. However, if it's sufficiently out of date, that can result in significant performance degradation after a standby has been promoted to primary. The FSM will eventually be healed by updates, but we'd like it to be good sooner, so work harder at maintaining it during WAL replay.
Avoid premature release of parallel-query resources when query end or tuple count limit is reached (Amit Kapila)
It's only okay to shut down the executor at this point if the caller cannot demand backwards scan afterwards.
Don't run atexit callbacks when servicing
Don't record foreign-server user mappings as members of extensions (Tom Lane)
CREATE USER MAPPINGis executed in an extension script, an extension dependency was created for the user mapping, which is unexpected. Roles can't be extension members, so user mappings shouldn't be either.
Make syslogger more robust against failures in opening CSV log files (Tom Lane)
When libpq is given multiple target host names, do the DNS lookups one at a time, not all at once (Tom Lane)
This prevents unnecessary failures or slow connections when a connection is successfully made to one of the earlier servers in the list.
Fix libpq's handling of connection timeouts so that they are properly applied per host name or IP address (Tom Lane)
Previously, some code paths failed to restart the timer when switching to a new target host, possibly resulting in premature timeout.
Fix psql, as well as documentation examples, to call
PQnotifies()call (Tom Lane)
This fixes cases in which psql would not report receipt of a
NOTIFYmessage until after the next command.
--no-publicationsoption to also ignore publication tables (Gilles Darold)
In pg_dump, exclude identity sequences when their parent table is excluded from the dump (David Rowley)
Fix possible inconsistency in pg_dump's sorting of dissimilar object names (Jacob Champion)
Ensure that pg_restore will schema-qualify the table name when emitting
ENABLE TRIGGERcommands (Tom Lane)
This avoids failures due to the new policy of running restores with restrictive search path.
Fix pg_upgrade to handle event triggers in extensions correctly (Haribabu Kommi)
pg_upgrade failed to preserve an event trigger's extension-membership status.
Fix pg_upgrade's cluster state check to work correctly on a standby server (Bruce Momjian)
cube's dimension limit in all
contrib/cubefunctions (Andrey Borodin)
Previously, some cube-related functions could construct values that would be rejected by
cube_in(), leading to dump/reload failures.
contrib/pg_stat_statements, disallow the
pg_read_all_statsrole from executing
pg_read_all_statsis only meant to grant permission to read statistics, not to change them, so this grant was incorrect.
To cause this change to take effect, run
ALTER EXTENSION pg_stat_statements UPDATEin each database where
pg_stat_statementshas been installed.
contrib/postgres_fdw, don't try to ship a variable-free
ORDER BYclause to the remote server (Andrew Gierth)
unaccent()function to use the
unaccenttext search dictionary that is in the same schema as the function (Tom Lane)
Previously it tried to look up the dictionary using the search path, which could fail if the search path has a restrictive value.
Fix build problems on macOS 10.14 (Mojave) (Tom Lane)
Adjust configure to add an
CPPFLAGS; without this, PL/Perl and PL/Tcl fail to configure or build on macOS 10.14. The specific sysroot used can be overridden at configure time or build time by setting the
PG_SYSROOTvariable in the arguments of configure or make.
It is now recommended that Perl-related extensions write
-I$(perl_archlibexp)/COREin their compiler flags. The latter continues to work on most platforms, but not recent macOS.
Also, it should no longer be necessary to specify
--with-tclconfigmanually to get PL/Tcl to build on recent macOS releases.
Fix MSVC build and regression-test scripts to work on recent Perl versions (Andrew Dunstan)
Perl no longer includes the current directory in its search path by default; work around that.
On Windows, allow the regression tests to be run by an Administrator account (Andrew Dunstan)
To do this safely, pg_regress now gives up any such privileges at startup.
Allow btree comparison functions to return
Up to now, we've forbidden datatype-specific comparison functions from returning
INT_MIN, which allows callers to invert the sort order just by negating the comparison result. However, this was never safe for comparison functions that directly return the result of
strcmp(), etc, as POSIX doesn't place any such restriction on those functions. At least some recent versions of
INT_MIN, causing incorrect sort ordering. Hence, we've removed this restriction. Callers must now use the
INVERT_COMPARE_RESULT()macro if they wish to invert the sort order.
Fix recursion hazard in shared-invalidation message processing (Tom Lane)
This error could, for example, result in failure to access a system catalog or index that had just been processed by
This change adds a new result code for
LockAcquire, which might possibly affect external callers of that function, though only very unusual usage patterns would have an issue with it. The API of
LockAcquireExtendedis also changed.
Save and restore SPI's global variables during
SPI_finish()(Chapman Flack, Tom Lane)
This prevents possible interference when one SPI-using function calls another.
Avoid using potentially-under-aligned page buffers (Tom Lane)
Invent new union types
PGAlignedXLogBlock, and use these in place of plain char arrays, ensuring that the compiler can't place the buffer at a misaligned start address. This fixes potential core dumps on alignment-picky platforms, and may improve performance even on platforms that allow misalignment.
src/port/snprintf.cfollow the C99 standard's definition of
snprintf()'s result value (Tom Lane)
On platforms where this code is used (mostly Windows), its pre-C99 behavior could lead to failure to detect buffer overrun, if the calling code assumed C99 semantics.
When building on i386 with the clang compiler, require
-msse2to be used (Andres Freund)
This avoids problems with missed floating point overflow checks.
Fix configure's detection of the result type of
The previous coding got the wrong answer when building with icc on Linux (and perhaps in other cases), leading to libpq not returning useful error messages for system-reported errors.
Update time zone data files to tzdata release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia (Volgograd), plus historical corrections for China, Hawaii, Japan, Macau, and North Korea.