E.28. Release 10.16
Release date: 2021-02-11
This release contains a variety of fixes from 10.15. For information about new features in major release 10, see Section E.44.
E.28.1. Migration to Version 10.16
A dump/restore is not required for those running 10.X.
However, see the first changelog item below, which describes cases in which reindexing indexes after the upgrade may be advisable.
Also, if you are upgrading from a version earlier than 10.11, see Section E.33.
CREATE INDEX CONCURRENTLYto wait for concurrent prepared transactions (Andrey Borodin)
At the point where
CREATE INDEX CONCURRENTLYwaits for all concurrent transactions to complete so that it can see rows they inserted, it must also wait for all prepared transactions to complete, for the same reason. Its failure to do so meant that rows inserted by prepared transactions might be omitted from the new index, causing queries relying on the index to miss such rows. In installations that have enabled prepared transactions (
max_prepared_transactions> 0), it's recommended to reindex any concurrently-built indexes in case this problem occurred when they were built.
Avoid incorrect results when
WHERE CURRENT OFis applied to a cursor whose plan contains a MergeAppend node (Tom Lane)
This case is unsupported (in general, a cursor using
ORDER BYis not guaranteed to be simply updatable); but the code previously did not reject it, and could silently give false matches.
Fix crash when
WHERE CURRENT OFis applied to a cursor whose plan contains a custom scan node (David Geier)
Fix planner's handling of a placeholder that is computed at some join level and used only at that same level (Tom Lane)
This oversight could lead to “failed to build any
N-way joins” planner errors.
Be more careful about whether index AMs support mark/restore (Andrew Gierth)
This prevents errors about missing support functions in rare edge cases.
Adjust settings to make it more difficult to run out of DSM slots during heavy usage of parallel queries (Thomas Munro)
ALTER DEFAULT PRIVILEGESto handle duplicated arguments safely (Michael Paquier)
Duplicate role or schema names within the same command could lead to “tuple already updated by self” errors or unique-constraint violations.
Flush ACL-related caches when
pg_authidchanges (Noah Misch)
This change ensures that permissions-related decisions will promptly reflect the results of
ALTER ROLE ... [NO] INHERIT.
Prevent misprocessing of ambiguous
CREATE TABLE LIKEclauses (Tom Lane)
LIKEclause is re-examined after initial creation of the new table, to handle importation of indexes and such. It was possible for this re-examination to find a different table of the same name, causing unexpected behavior; one example is where the new table is a temporary table of the same name as the
Rearrange order of operations in
CREATE TABLE LIKEso that indexes are cloned before building foreign key constraints (Tom Lane)
This fixes the case where a self-referential foreign key constraint declared in the outer
CREATE TABLEdepends on an index that's coming from the
CREATE STATISTICSon system catalogs (Tomas Vondra)
Disallow converting an inheritance child table to a view (Tom Lane)
Ensure that disk space allocated for a dropped relation is released promptly at commit (Thomas Munro)
Previously, if the dropped relation spanned multiple 1GB segments, only the first segment was truncated immediately. Other segments were simply unlinked, which doesn't authorize the kernel to release the storage so long as any other backends still have the files open.
Fix handling of backslash-escaped multibyte characters in
COPY FROM(Heikki Linnakangas)
A backslash followed by a multibyte character was not handled correctly. In some client character encodings, this could lead to misinterpreting part of a multibyte character as a field separator or end-of-copy-data marker.
Avoid preallocating executor hash tables in
Fix recently-introduced race conditions in
NOTIFYqueue handling (Tom Lane)
A newly-listening backend could attempt to read SLRU pages that were in process of being truncated, possibly causing an error.
The queue tail pointer could become set to a value that's not equal to the queue position of any backend, resulting in effective disabling of the queue truncation logic. Continued use of
NOTIFYthen led to queue-fill warnings, and eventually to inability to send any more notifies until the server is restarted.
jsonbconcatenation operator to handle all combinations of JSON data types (Tom Lane)
We can concatenate two JSON objects or two JSON arrays. Handle other cases by wrapping non-array inputs in one-element arrays, then performing an array concatenation. Previously, some combinations of inputs followed this rule but others arbitrarily threw an error.
Fix use of uninitialized value while parsing a
*quantifier in a BRE-mode regular expression (Tom Lane)
This error could cause the quantifier to act non-greedy, that is behave like a
*?quantifier would do in full regular expressions.
power()for the case where the exponent is exactly
INT_MIN(-2147483648) (Dean Rasheed)
Previously, a result with no significant digits was produced.
Prevent possible data loss from incorrect detection of the wraparound point of an SLRU log (Noah Misch)
The wraparound point typically falls in the middle of a page, which must be rounded off to a page boundary, and that was not done correctly. No issue could arise unless an installation had gotten to within one page of SLRU overflow, which is unlikely in a properly-functioning system. If this did happen, it would manifest in later “apparent wraparound” or “could not access status of transaction” errors.
Fix memory leak in walsender processes while sending new snapshots for logical decoding (Amit Kapila)
Fix walsender to accept additional commands after terminating replication (Jeff Davis)
Ensure detection of deadlocks between hot standby backends and the startup (WAL-application) process (Fujii Masao)
The startup process did not run the deadlock detection code, so that in situations where the startup process is last to join a circular wait situation, the deadlock might never be recognized.
Ensure that unserviced requests for background workers are cleaned up when the postmaster begins a “smart” or “fast” shutdown sequence (Tom Lane)
Previously, there was a race condition whereby a child process that had requested a background worker just before shutdown could wait indefinitely, preventing shutdown from completing.
Fix portability problem in parsing of
recovery_target_xidvalues (Michael Paquier)
The target XID is potentially 64 bits wide, but it was parsed with
strtoul(), causing misbehavior on platforms where
longis 32 bits (such as Windows).
Avoid assertion failure in
pg_get_functiondef()when examining a function with a
TRANSFORMoption (Tom Lane)
In psql, re-allow including a password in a
connection_stringargument of a
\connectcommand (Tom Lane)
This used to work, but a recent bug fix caused the password to be ignored (resulting in prompting for a password).
Fix assorted bugs in psql's
\helpcommand (Kyotaro Horiguchi, Tom Lane)
\helpwith two argument words failed to find a command description using only the first word, for example
\help reset allshould show the help for
RESETbut did not. Also,
\helpoften failed to invoke the pager when it should. It also leaked memory.
In pg_dump, ensure that the restore script runs
ALTER PUBLICATION ADD TABLEcommands as the owner of the publication (Tom Lane)
Previously, these commands would be run by the role that started the restore script; which will usually work, but in corner cases that role might not have adequate permissions.
Fix pg_dump to handle
WITH GRANT OPTIONin an extension's initial privileges (Noah Misch)
If an extension's script creates an object and grants privileges on it with grant option, then later the user revokes such privileges, pg_dump would generate incorrect SQL for reproducing the situation. (Few if any extensions do this today.)
In pg_rewind, ensure that all WAL is accounted for when rewinding a standby server (Ian Barwick, Heikki Linnakangas)
Report the correct database name in connection failure error messages from some client programs (Álvaro Herrera)
If the database name was defaulted rather than given on the command line, pg_dumpall, pgbench, oid2name, and vacuumlo would produce misleading error messages after a connection failure.
Fix memory leak in
Memory consumed while producing the
EXPLAINoutput was not freed until the end of the current transaction (for a top-level statement) or the end of the surrounding statement (for a nested statement). This was particularly a problem with
contrib/postgres_fdw, avoid leaking open connections to remote servers when a user mapping or foreign server object is dropped (Bharath Rupireddy)
Open connections that depend on a dropped user mapping or foreign server can no longer be referenced, but formerly they were kept around anyway for the duration of the local session.
contrib/pgcrypto, check for error returns from OpenSSL's EVP functions (Michael Paquier)
We do not really expect errors here, but this change silences warnings from static analysis tools.
contrib/pg_trgm's GiST index support, avoid crash in the rare case that picksplit is called on exactly two index items (Andrew Gierth, Alexander Korotkov)
Fix miscalculation of timeouts in
contrib/postgres_fdw(Alexey Kondratov, Tom Lane)
The main loop in
contrib/pg_prewarm's autoprewarm parent process underestimated its desired sleep time by a factor of 1000, causing it to consume much more CPU than intended. When waiting for a result from a remote server,
contrib/postgres_fdwoverestimated the desired timeout by a factor of 1000 (though this error had been mitigated by imposing a clamp to 60 seconds).
Both of these errors stemmed from incorrectly converting seconds-and-microseconds to milliseconds. Introduce a new API
TimestampDifferenceMilliseconds()to make it easier to get this right in the future.
Improve configure's heuristics for selecting
PG_SYSROOTon macOS (Tom Lane)
The new method is more likely to produce desirable results when Xcode is newer than the underlying operating system. Choosing a sysroot that does not match the OS version may result in nonfunctional executables.
While building on macOS, specify
-isysrootin link steps as well as compile steps (James Hilliard)
This likewise improves the results when Xcode is out of sync with the operating system.
Update time zone data files to tzdata release 2021a for DST law changes in Russia (Volgograd zone) and South Sudan, plus historical corrections for Australia, Bahamas, Belize, Bermuda, Ghana, Israel, Kenya, Nigeria, Palestine, Seychelles, and Vanuatu.
Notably, the Australia/Currie zone has been corrected to the point where it is identical to Australia/Hobart.