<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >Release 9.4.15</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REV="MADE" HREF="mailto:pgsql-docs@postgresql.org"><LINK REL="HOME" TITLE="PostgreSQL 9.6.10 Documentation" HREF="index.html"><LINK REL="UP" TITLE="Release Notes" HREF="release.html"><LINK REL="PREVIOUS" TITLE="Release 9.4.16" HREF="release-9-4-16.html"><LINK REL="NEXT" TITLE="Release 9.4.14" HREF="release-9-4-14.html"><LINK REL="STYLESHEET" TYPE="text/css" HREF="stylesheet.css"><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"><META NAME="creation" CONTENT="2018-10-16T23:40:43"></HEAD ><BODY CLASS="SECT1" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="4" ALIGN="center" VALIGN="bottom" ><A HREF="index.html" >PostgreSQL 9.6.10 Documentation</A ></TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="top" ><A TITLE="Release 9.4.16" HREF="release-9-4-16.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="10%" ALIGN="left" VALIGN="top" ><A HREF="release.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="60%" ALIGN="center" VALIGN="bottom" >Appendix E. Release Notes</TD ><TD WIDTH="20%" ALIGN="right" VALIGN="top" ><A TITLE="Release 9.4.14" HREF="release-9-4-14.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="RELEASE-9-4-15" >E.31. Release 9.4.15</A ></H1 ><DIV CLASS="FORMALPARA" ><P ><B >Release date: </B >2017-11-09</P ></DIV ><P > This release contains a variety of fixes from 9.4.14. For information about new features in the 9.4 major release, see <A HREF="release-9-4.html" >Section E.46</A >. </P ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN138018" >E.31.1. Migration to Version 9.4.15</A ></H2 ><P > A dump/restore is not required for those running 9.4.X. </P ><P > However, if you are upgrading from a version earlier than 9.4.13, see <A HREF="release-9-4-13.html" >Section E.33</A >. </P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN138023" >E.31.2. Changes</A ></H2 ><P ></P ><UL ><LI ><P > Fix crash due to rowtype mismatch in <CODE CLASS="FUNCTION" >json{b}_populate_recordset()</CODE > (Michael Paquier, Tom Lane) </P ><P > These functions used the result rowtype specified in the <TT CLASS="LITERAL" >FROM ... AS</TT > clause without checking that it matched the actual rowtype of the supplied tuple value. If it didn't, that would usually result in a crash, though disclosure of server memory contents seems possible as well. (CVE-2017-15098) </P ></LI ><LI ><P > Fix sample server-start scripts to become <TT CLASS="LITERAL" >$PGUSER</TT > before opening <TT CLASS="LITERAL" >$PGLOG</TT > (Noah Misch) </P ><P > Previously, the postmaster log file was opened while still running as root. The database owner could therefore mount an attack against another system user by making <TT CLASS="LITERAL" >$PGLOG</TT > be a symbolic link to some other file, which would then become corrupted by appending log messages. </P ><P > By default, these scripts are not installed anywhere. Users who have made use of them will need to manually recopy them, or apply the same changes to their modified versions. If the existing <TT CLASS="LITERAL" >$PGLOG</TT > file is root-owned, it will need to be removed or renamed out of the way before restarting the server with the corrected script. (CVE-2017-12172) </P ></LI ><LI ><P > Fix crash when logical decoding is invoked from a SPI-using function, in particular any function written in a PL language (Tom Lane) </P ></LI ><LI ><P > Fix <CODE CLASS="FUNCTION" >json_build_array()</CODE >, <CODE CLASS="FUNCTION" >json_build_object()</CODE >, and their <TT CLASS="TYPE" >jsonb</TT > equivalents to handle explicit <TT CLASS="LITERAL" >VARIADIC</TT > arguments correctly (Michael Paquier) </P ></LI ><LI ><P > Properly reject attempts to convert infinite float values to type <TT CLASS="TYPE" >numeric</TT > (Tom Lane, KaiGai Kohei) </P ><P > Previously the behavior was platform-dependent. </P ></LI ><LI ><P > Fix corner-case crashes when columns have been added to the end of a view (Tom Lane) </P ></LI ><LI ><P > Record proper dependencies when a view or rule contains <TT CLASS="STRUCTNAME" >FieldSelect</TT > or <TT CLASS="STRUCTNAME" >FieldStore</TT > expression nodes (Tom Lane) </P ><P > Lack of these dependencies could allow a column or data type <TT CLASS="COMMAND" >DROP</TT > to go through when it ought to fail, thereby causing later uses of the view or rule to get errors. This patch does not do anything to protect existing views/rules, only ones created in the future. </P ></LI ><LI ><P > Correctly detect hashability of range data types (Tom Lane) </P ><P > The planner mistakenly assumed that any range type could be hashed for use in hash joins or hash aggregation, but actually it must check whether the range's subtype has hash support. This does not affect any of the built-in range types, since they're all hashable anyway. </P ></LI ><LI ><P > Fix low-probability loss of <TT CLASS="COMMAND" >NOTIFY</TT > messages due to XID wraparound (Marko Tiikkaja, Tom Lane) </P ><P > If a session executed no queries, but merely listened for notifications, for more than 2 billion transactions, it started to miss some notifications from concurrently-committing transactions. </P ></LI ><LI ><P > Avoid <SPAN CLASS="SYSTEMITEM" >SIGBUS</SPAN > crash on Linux when a DSM memory request exceeds the space available in <SPAN CLASS="SYSTEMITEM" >tmpfs</SPAN > (Thomas Munro) </P ></LI ><LI ><P > Prevent low-probability crash in processing of nested trigger firings (Tom Lane) </P ></LI ><LI ><P > Allow <TT CLASS="COMMAND" >COPY</TT >'s <TT CLASS="LITERAL" >FREEZE</TT > option to work when the transaction isolation level is <TT CLASS="LITERAL" >REPEATABLE READ</TT > or higher (Noah Misch) </P ><P > This case was unintentionally broken by a previous bug fix. </P ></LI ><LI ><P > Correctly restore the umask setting when file creation fails in <TT CLASS="COMMAND" >COPY</TT > or <CODE CLASS="FUNCTION" >lo_export()</CODE > (Peter Eisentraut) </P ></LI ><LI ><P > Give a better error message for duplicate column names in <TT CLASS="COMMAND" >ANALYZE</TT > (Nathan Bossart) </P ></LI ><LI ><P > Fix mis-parsing of the last line in a non-newline-terminated <TT CLASS="FILENAME" >pg_hba.conf</TT > file (Tom Lane) </P ></LI ><LI ><P > Fix <SPAN CLASS="APPLICATION" >libpq</SPAN > to not require user's home directory to exist (Tom Lane) </P ><P > In v10, failure to find the home directory while trying to read <TT CLASS="FILENAME" >~/.pgpass</TT > was treated as a hard error, but it should just cause that file to not be found. Both v10 and previous release branches made the same mistake when reading <TT CLASS="FILENAME" >~/.pg_service.conf</TT >, though this was less obvious since that file is not sought unless a service name is specified. </P ></LI ><LI ><P > Fix <SPAN CLASS="APPLICATION" >libpq</SPAN > to guard against integer overflow in the row count of a <TT CLASS="STRUCTNAME" >PGresult</TT > (Michael Paquier) </P ></LI ><LI ><P > Fix <SPAN CLASS="APPLICATION" >ecpg</SPAN >'s handling of out-of-scope cursor declarations with pointer or array variables (Michael Meskes) </P ></LI ><LI ><P > In ecpglib, correctly handle backslashes in string literals depending on whether <TT CLASS="VARNAME" >standard_conforming_strings</TT > is set (Tsunakawa Takayuki) </P ></LI ><LI ><P > Make ecpglib's Informix-compatibility mode ignore fractional digits in integer input strings, as expected (Gao Zengqi, Michael Meskes) </P ></LI ><LI ><P > Sync our copy of the timezone library with IANA release tzcode2017c (Tom Lane) </P ><P > This fixes various issues; the only one likely to be user-visible is that the default DST rules for a POSIX-style zone name, if no <TT CLASS="FILENAME" >posixrules</TT > file exists in the timezone data directory, now match current US law rather than what it was a dozen years ago. </P ></LI ><LI ><P > Update time zone data files to <SPAN CLASS="APPLICATION" >tzdata</SPAN > release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, Sudan, Tonga, and Turks & Caicos Islands, plus historical corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, Namibia, and Pago Pago. </P ></LI ></UL ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="release-9-4-16.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="release-9-4-14.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Release 9.4.16</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="release.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Release 9.4.14</TD ></TR ></TABLE ></DIV ></BODY ></HTML >