Movatterモバイル変換

BlockDECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries (Noah Misch)§

This is essentially a leak in the“security restricted operation” sandbox mechanism. An attacker having permission to create non-temporary SQL objects could parlay this leak to execute arbitrary SQL code as a superuser.

ThePostgreSQL Project thanks Etienne Stalmans for reporting this problem. (CVE-2020-25695)

Fix usage of complex connection-string parameters inpg_dump,pg_restore,clusterdb,reindexdb, andvacuumdb (Tom Lane)§§

The-d parameter ofpg_dump andpg_restore, or the--maintenance-db parameter of the other programs mentioned, can be a“connection string” containing multiple connection parameters rather than just a database name. In cases where these programs need to initiate additional connections, such as parallel processing or processing of multiple databases, the connection string was forgotten and just the basic connection parameters (database name, host, port, and username) were used for the additional connections. This could lead to connection failures if the connection string included any other essential information, such as non-default SSL or GSS parameters. Worse, the connection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. (CVE-2020-25694)

Whenpsql's\connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used (Tom Lane)§

This avoids cases where reconnection might fail due to omission of relevant parameters, such as non-default SSL or GSS options. Worse, the reconnection might succeed but not be encrypted as intended, or be vulnerable to man-in-the-middle attacks that the intended connection parameters would have prevented. This is largely the same problem as just cited forpg_dump et al, althoughpsql's behavior is more complex since the user may intentionally override some connection parameters. (CVE-2020-25694)

Preventpsql's\gset command from modifying specially-treated variables (Noah Misch)§

\gset without a prefix would overwrite whatever variables the server told it to. Thus, a compromised server could set specially-treated variables such asPROMPT1, giving the ability to execute arbitrary shell code in the user's session.

ThePostgreSQL Project thanks Nick Cleaton for reporting this problem. (CVE-2020-25696)

Fix unintended breakage of the replication protocol (Álvaro Herrera)§§

A walsender reports two command-completion events forSTART_REPLICATION. This was undocumented and apparently unintentional; so we failed to notice that a late 13.0 change removed the duplicate event. However it turns out that walreceivers require the extra event in some code paths. The most practical fix is to decree that the extra event is part of the protocol and resume generating it.

Ensure that SLRU directories are properly fsync'd during checkpoints (Thomas Munro)§

This prevents possible data loss in a subsequent operating system crash.

FixALTER ROLE for users with theBYPASSRLS attribute (Tom Lane, Stephen Frost)§

TheBYPASSRLS attribute is only allowed to be changed by superusers, but otherALTER ROLE operations, such as password changes, should be allowed with only ordinary permission checks. The previous coding erroneously restricted all changes on such a role to superusers.

DisallowALTER TABLE ONLY ... DROP EXPRESSION when there are child tables (Peter Eisentraut)§

The current implementation cannot handle this case correctly, so just forbid it for now.

Ensure thatALTER TABLE ONLY ... ENABLE/DISABLE TRIGGER does not recurse to child tables (Álvaro Herrera)§

Previously theONLY flag was ignored.

AllowLOCK TABLE to succeed on a self-referential view (Tom Lane)§

It previously threw an error complaining about infinite recursion, but there seems no need to disallow the case.

Retain statistics about an index acrossREINDEX CONCURRENTLY (Michael Paquier, Fabrízio de Royes Mello)§

Non-concurrent reindexing has always preserved such statistics.

Fix incorrect progress reporting fromREINDEX CONCURRENTLY (Matthias van de Meent, Michael Paquier)§

Ensure thatGENERATED columns are updated when the column(s) they depend on are updated via a rule or an updatable view (Tom Lane)§

This fix also takes care of possible failure to fire a column-specific trigger in such cases.

Fix failures with collation-dependent partition bound expressions (Tom Lane)§

Support hashing of text arrays (Peter Eisentraut)§

Array hashing failed if the array element type is collatable. Notably, this prevented using hash partitioning with a text array column as partition key.

Prevent internal overflows in cross-type datetime comparisons (Nikita Glukhov, Alexander Korotkov, Tom Lane)§

Previously, comparing a date to a timestamp would fail if the date is past the valid range for timestamps. There were also corner cases involving overflow of close-to-the-limit timestamp values during timezone rotation.

Fix off-by-one conversion of negative years to BC dates into_date() andto_timestamp() (Dar Alathar-Yemen, Tom Lane)§

Also, arrange for the combination of a negative year and an explicit“BC” marker to cancel out and produce AD.

Allow thejsonpath.datetime() method to accept ISO 8601-format timestamps (Nikita Glukhov)§§

This is not required by SQL, but it seems appropriate since ourto_json() functions generate that timestamp format for Javascript compatibility.

Ensure that standby servers will archive WAL timeline history files whenarchive_mode is set toalways (Grigory Smolkin, Fujii Masao)§

This oversight could lead to failure of subsequent PITR recovery attempts.

Fix edge cases in detecting premature death of the postmaster on platforms that usekqueue() (Thomas Munro)§§

Avoid generating an incorrect incremental-sort plan when the sort key is a volatile expression (James Coleman)§

Fix possible crash when considering partition-wise joins during GEQO planning (Tom Lane)§

Fix possible infinite loop or corrupted output data in TOAST decompression (Tom Lane)§§

Fix counting of the number of entries in B-tree indexes during cleanup-onlyVACUUMs (Peter Geoghegan)§

Ensure that data is detoasted before being inserted into a BRIN index (Tomas Vondra)§

Index entries are not supposed to contain out-of-line TOAST pointers, but BRIN didn't get that memo. This could lead to errors like“missing chunk number 0 for toast value NNN”. (If you are faced with such an error from an existing index,REINDEX should be enough to fix it.)

Fix buffered GiST index builds to work when the index has included columns (Pavel Borisov)§

Fix unportable use ofgetnameinfo() inpg_hba_file_rules view (Tom Lane)§

On FreeBSD 11, and possibly other platforms, the view'saddress andnetmask columns were always null due to this error.

Avoid crash ifdebug_query_string is NULL when starting a parallel worker (Noah Misch)§

Avoid failures when aBEFORE ROW UPDATE trigger returns the“old” row of a table having dropped or“missing” columns (Amit Langote, Tom Lane)§§

This method of suppressing an update could result in crashes, unexpectedCHECK constraint failures, or incorrectRETURNING output, because“missing” columns would read as NULLs for those purposes. (A column is“missing” for this purpose if it was added byALTER TABLE ADD COLUMN with a non-NULL, but constant, default value.) Dropped columns could cause trouble as well.

FixEXPLAIN's output for incremental sort plans to have correct tag nesting in XML output mode (Daniel Gustafsson)§

Avoid unnecessary failure when transferring very large payloads through shared memory queues (Markus Wanner)§

Fix omission of result data type coercion in some cases in SQL-language functions (Tom Lane)§

This could lead to wrong results or crashes, depending on the data types involved.

Fix incorrect handling of template function attributes in JIT code generation (Andres Freund)§§

This has been shown to cause crashes ons390x, and very possibly there are other cases on other platforms.

Improve code generated for compare_exchange and fetch_add operations on PPC (Noah Misch)§§

Fix relation cache memory leaks with RLS policies (Tom Lane)§

Fix edge-case memory leak inindex_get_partition() (Justin Pryzby)§

Fix small memory leak when SIGHUP processing decides that a new GUC variable value cannot be applied without a restart (Tom Lane)§

Fix memory leaks inPL/pgsql'sCALL processing (Pavel Stehule, Tom Lane)§

Inlibpq for Windows, callWSAStartup() once per process andWSACleanup() not at all (Tom Lane, Alexander Lakhin)§

Previously,libpq invokedWSAStartup() at connection start andWSACleanup() at connection cleanup. However, it appears that callingWSACleanup() can interfere with other program operations; notably, we have observed rare failures to emit expected output to stdout. There appear to be no ill effects from omitting the call, so do that. (This also eliminates a performance issue from repeated DLL loads and unloads when a program performs a series of database connections.)

Fixecpg library's per-thread initialization logic for Windows (Tom Lane, Alexander Lakhin)§

Multi-threadedecpg applications could suffer rare misbehavior due to incorrect locking.

Fixecpg's mis-processing ofB'...' andX'...' literals (Shenhao Wang)§§

On Windows, makepsql read the output of a backtick command in text mode, not binary mode (Tom Lane)§

This ensures proper handling of newlines.

Ensure thatpg_dump collects per-column information about extension configuration tables (Fabrízio de Royes Mello, Tom Lane)§§

Failure to do this led to crashes when specifying--inserts, or underspecified (though usually correct)COPY commands when usingCOPY to reload the tables' data.

Makepg_upgrade check for pre-existence of tablespace directories in the target cluster (Bruce Momjian)§§

Fix potential memory leak incontrib/pgcrypto (Michael Paquier)§

Add check for an unlikely failure case incontrib/pgcrypto (Daniel Gustafsson)§

Fix recently-addedtimetz test case so it works when the USA is not observing daylight savings time (Tom Lane)§

Update time zone data files totzdata release 2020d for DST law changes in Fiji, Morocco, Palestine, the Canadian Yukon, Macquarie Island, and Casey Station (Antarctica); plus historical corrections for France, Hungary, Monaco, and Palestine. (Tom Lane)§§

Sync our copy of the timezone library with IANA tzcode release 2020d (Tom Lane)§§

This absorbs upstream's change ofzic's default output option from“fat” to“slim”. That's just cosmetic for our purposes, as we continue to select the“fat” mode in pre-v13 branches. This change also ensures thatstrftime() does not changeerrno unless it fails.