E.43. Release 9.5.2
Release date: 2016-03-31
This release contains a variety of fixes from 9.5.1. For information about new features in the 9.5 major release, see Section E.45.
E.43.1. Migration to Version 9.5.2
A dump/restore is not required for those running 9.5.X.
However, you may need to
REINDEX some indexes after applying the update, as per the first changelog entry below.
Disable abbreviated keys for string sorting in non-
Clocales (Robert Haas)
PostgreSQL 9.5 introduced logic for speeding up comparisons of string data types by using the standard C library function
strxfrm()as a substitute for
strcoll(). It now emerges that most versions of glibc (Linux's implementation of the C library) have buggy implementations of
strxfrm()that, in some locales, can produce string comparison results that do not match
strcoll(). Until this problem can be better characterized, disable the optimization in all non-
Clocale is safe since it uses neither
Unfortunately, this problem affects not only sorting but also entry ordering in B-tree indexes, which means that B-tree indexes on
charcolumns may now be corrupt if they sort according to an affected locale and were built or modified under PostgreSQL 9.5.0 or 9.5.1. Users should
REINDEXindexes that might be affected.
It is not possible at this time to give an exhaustive list of known-affected locales.
Clocale is known safe, and there is no evidence of trouble in English-based locales such as
en_US, but some other popular locales such as
de_DEare affected in most glibc versions.
Maintain row-security status properly in cached plans (Stephen Frost)
In a session that performs queries as more than one role, the plan cache might incorrectly re-use a plan that was generated for another role ID, thus possibly applying the wrong set of policies when row-level security (RLS) is in use. (CVE-2016-2193)
Add must-be-superuser checks to some new
contrib/pageinspectfunctions (Andreas Seltenreich)
Most functions in the
pageinspectextension that inspect
byteavalues disallow calls by non-superusers, but
brin_metapage_info()failed to do so. Passing contrived
byteavalues to them might crash the server or disclose a few bytes of server memory. Add the missing permissions checks to prevent misuse. (CVE-2016-3065)
Fix incorrect handling of indexed
ROW()comparisons (Simon Riggs)
Flaws in a minor optimization introduced in 9.5 caused incorrect results if the
ROW()comparison matches the index ordering partially but not exactly (for example, differing column order, or the index contains both
DESCcolumns). Pending a better solution, the optimization has been removed.
Fix incorrect handling of NULL index entries in indexed
ROW()comparisons (Tom Lane)
An index search using a row comparison such as
ROW(a, b) > ROW('x', 'y')would stop upon reaching a NULL entry in the
bcolumn, ignoring the fact that there might be non-NULL
bvalues associated with later values of
Avoid unlikely data-loss scenarios due to renaming files without adequate
fsync()calls before and after (Michael Paquier, Tomas Vondra, Andres Freund)
Fix incorrect behavior when rechecking a just-modified row in a query that does
SELECT FOR UPDATE/SHAREand contains some relations that need not be locked (Tom Lane)
Rows from non-locked relations were incorrectly treated as containing all NULLs during the recheck, which could result in incorrectly deciding that the updated row no longer passes the
WHEREcondition, or in incorrectly outputting NULLs.
Fix bug in
json_to_record()when a field of its input object contains a sub-object with a field name matching one of the requested output column names (Tom Lane)
Fix nonsense result from two-argument form of
jsonb_object()when called with empty arrays (Michael Paquier, Andrew Dunstan)
Fix misbehavior in
jsonb_set()when converting a path array element into an integer for use as an array subscript (Michael Paquier)
Fix misformatting of negative time zone offsets by
OFformat code (Thomas Munro, Tom Lane)
Fix possible incorrect logging of waits done by
INSERT ... ON CONFLICT(Peter Geoghegan)
Log messages would sometimes claim that the wait was due to an exclusion constraint although no such constraint was responsible.
Ignore recovery_min_apply_delay parameter until recovery has reached a consistent state (Michael Paquier)
Previously, standby servers would delay application of WAL records in response to
recovery_min_apply_delayeven while replaying the initial portion of WAL needed to make their database state valid. Since the standby is useless until it's reached a consistent database state, this was deemed unhelpful.
Correctly handle cases where
pg_subtransis close to XID wraparound during server startup (Jeff Janes)
Fix assorted bugs in logical decoding (Andres Freund)
Trouble cases included tuples larger than one page when replica identity is
UPDATEs that change a primary key within a transaction large enough to be spooled to disk, incorrect reports of “subxact logged without previous toplevel record”, and incorrect reporting of a transaction's commit time.
Fix planner error with nested security barrier views when the outer view has a
WHEREclause containing a correlated subquery (Dean Rasheed)
Fix memory leak in GIN index searches (Tom Lane)
Fix corner-case crash due to trying to free
localeconv()output strings more than once (Tom Lane)
Fix parsing of affix files for
ispelldictionaries (Tom Lane)
The code could go wrong if the affix file contained any characters whose byte length changes during case-folding, for example
Iin Turkish UTF8 locales.
Avoid use of
ispelldictionary files (Artur Zakirov)
This dodges a portability problem on FreeBSD-derived platforms (including macOS).
Fix atomic-operations code used on PPC with IBM's xlc compiler (Noah Misch)
This error led to rare failures of concurrent operations on that platform.
Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an AVX2-capable CPU and a Postgres build done with Visual Studio 2013 (Christian Ullrich)
This is a workaround for a bug in Visual Studio 2013's runtime library, which Microsoft have stated they will not fix in that version.
Fix psql's tab completion logic to handle multibyte characters properly (Kyotaro Horiguchi, Robert Haas)
Fix psql's tab completion for
SECURITY LABEL(Tom Lane)
Pressing TAB after
SECURITY LABELmight cause a crash or offering of inappropriate keywords.
Make pg_ctl accept a wait timeout from the
PGCTLTIMEOUTenvironment variable, if none is specified on the command line (Noah Misch)
This eases testing of slower buildfarm members by allowing them to globally specify a longer-than-normal timeout for postmaster startup and shutdown.
Fix incorrect test for Windows service status in pg_ctl (Manuel Mathar)
The previous set of minor releases attempted to fix pg_ctl to properly determine whether to send log messages to Window's Event Log, but got the test backwards.
Fix pgbench to correctly handle the combination of
-M preparedoptions (Tom Lane)
In pg_upgrade, skip creating a deletion script when the new data directory is inside the old data directory (Bruce Momjian)
Blind application of the script in such cases would result in loss of the new data directory.
In PL/Perl, properly translate empty Postgres arrays into empty Perl arrays (Alex Hunsaker)
Make PL/Python cope with function names that aren't valid Python identifiers (Jim Nasby)
Fix multiple mistakes in the statistics returned by
pgstatindex()function (Tom Lane)
Remove dependency on
psedin MSVC builds, since it's no longer provided by core Perl (Michael Paquier, Andrew Dunstan)
Update time zone data files to tzdata release 2016c for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus historical corrections for Lithuania, Moldova, and Russia (Kaliningrad, Samara, Volgograd).