Movatterモバイル変換

Further restrict visibility ofpg_user_mappings.umoptions, to protect passwords stored as user mapping options (Noah Misch)

The fix for CVE-2017-7486 was incorrect: it allowed a user to see the options in her own user mapping, even if she did not haveUSAGE permission on the associated foreign server. Such options might include a password that had been provided by the server owner rather than the user herself. Sinceinformation_schema.user_mapping_options does not show the options in such cases,pg_user_mappings should not either. (CVE-2017-7547)

By itself, this patch will only fix the behavior in newly initdb'd databases. If you wish to apply this change in an existing database, you will need to do the following:

Disallow empty passwords in all password-based authentication methods (Heikki Linnakangas)

libpq ignores empty password specifications, and does not transmit them to the server. So, if a user's password has been set to the empty string, it's impossible to log in with that password viapsql or otherlibpq-based clients. An administrator might therefore believe that setting the password to empty is equivalent to disabling password login. However, with a modified or non-libpq-based client, logging in could be possible, depending on which authentication method is configured. In particular the most common method,md5, accepted empty passwords. Change the server to reject empty passwords in all cases. (CVE-2017-7546)

Makelo_put() check forUPDATE privilege on the target large object (Tom Lane, Michael Paquier)

lo_put() should surely require the same permissions aslowrite(), but the check was missing, allowing any user to change the data in a large object. (CVE-2017-7548)

Correct the documentation about the process for upgrading standby servers withpg_upgrade (Bruce Momjian)

The previous documentation instructed users to start/stop the primary server after runningpg_upgrade but before syncing the standby servers. This sequence is unsafe.

Fix concurrent locking of tuple update chains (Álvaro Herrera)

If several sessions concurrently lock a tuple update chain with nonconflicting lock modes using an old snapshot, and they all succeed, it was possible for some of them to nonetheless fail (and conclude there is no live tuple version) due to a race condition. This had consequences such as foreign-key checks failing to see a tuple that definitely exists but is being updated concurrently.

Fix potential data corruption when freezing a tuple whose XMAX is a multixact with exactly one still-interesting member (Teodor Sigaev)

Avoid integer overflow and ensuing crash when sorting more than one billion tuples in-memory (Sergey Koposov)

On Windows, retry process creation if we fail to reserve the address range for our shared memory in the new process (Tom Lane, Amit Kapila)

This is expected to fix infrequent child-process-launch failures that are probably due to interference from antivirus products.

Fix low-probability corruption of shared predicate-lock hash table in Windows builds (Thomas Munro, Tom Lane)

Avoid logging clean closure of an SSL connection as though it were a connection reset (Michael Paquier)

Prevent sending SSL session tickets to clients (Tom Lane)

This fix prevents reconnection failures with ticket-aware client-side SSL code.

Fix code for settingtcp_keepalives_idle on Solaris (Tom Lane)

Fix statistics collector to honor inquiry messages issued just after a postmaster shutdown and immediate restart (Tom Lane)

Statistics inquiries issued within half a second of the previous postmaster shutdown were effectively ignored.

Ensure that the statistics collector's receive buffer size is at least 100KB (Tom Lane)

This reduces the risk of dropped statistics data on older platforms whose default receive buffer size is less than that.

Fix possible creation of an invalid WAL segment when a standby is promoted just after it processes anXLOG_SWITCH WAL record (Andres Freund)

Fixwalsender to exit promptly when client requests shutdown (Tom Lane)

FixSIGHUP andSIGUSR1 handling in walsender processes (Petr Jelinek, Andres Freund)

Prevent walsender-triggered panics during shutdown checkpoints (Andres Freund, Michael Paquier)

Fix unnecessarily slow restarts ofwalreceiver processes due to race condition in postmaster (Tom Lane)

Fix leakage of small subtransactions spilled to disk during logical decoding (Andres Freund)

This resulted in temporary files consuming excessive disk space.

Reduce the work needed to build snapshots during creation of logical-decoding slots (Andres Freund, Petr Jelinek)

The previous algorithm was infeasibly expensive on a server with a lot of open transactions.

Fix race condition that could indefinitely delay creation of logical-decoding slots (Andres Freund, Petr Jelinek)

Reduce overhead in processing syscache invalidation events (Tom Lane)

This is particularly helpful for logical decoding, which triggers frequent cache invalidation.

Fix cases where anINSERT orUPDATE assigns to more than one element of a column that is of domain-over-array type (Tom Lane)

Allow window functions to be used in sub-SELECTs that are within the arguments of an aggregate function (Tom Lane)

Move autogenerated array types out of the way duringALTER ... RENAME (Vik Fearing)

Previously, we would rename a conflicting autogenerated array type out of the way duringCREATE; this fix extends that behavior to renaming operations.

Fix dangling pointer inALTER TABLE when there is a comment on a constraint belonging to the table (David Rowley)

Re-applying the comment to the reconstructed constraint could fail with a weird error message, or even crash.

Ensure thatALTER USER ... SET accepts all the syntax variants thatALTER ROLE ... SET does (Peter Eisentraut)

Properly update dependency info when changing a datatype I/O function's argument or return type fromopaque to the correct type (Heikki Linnakangas)

CREATE TYPE updates I/O functions declared in this long-obsolete style, but it forgot to record a dependency on the type, allowing a subsequentDROP TYPE to leave broken function definitions behind.

Reduce memory usage whenANALYZE processes atsvector column (Heikki Linnakangas)

Fix unnecessary precision loss and sloppy rounding when multiplying or dividingmoney values by integers or floats (Tom Lane)

Tighten checks for whitespace in functions that parse identifiers, such asregprocedurein() (Tom Lane)

Depending on the prevailing locale, these functions could misinterpret fragments of multibyte characters as whitespace.

Use relevant#define symbols from Perl while compilingPL/Perl (Ashutosh Sharma, Tom Lane)

This avoids portability problems, typically manifesting as a“handshake” mismatch during library load, when working with recent Perl versions.

Inlibpq, reset GSS/SASL and SSPI authentication state properly after a failed connection attempt (Michael Paquier)

Failure to do this meant that when falling back from SSL to non-SSL connections, a GSS/SASL failure in the SSL attempt would always cause the non-SSL attempt to fail. SSPI did not fail, but it leaked memory.

Inpsql, fix failure whenCOPY FROM STDIN is ended with a keyboard EOF signal and then anotherCOPY FROM STDIN is attempted (Thomas Munro)

This misbehavior was observed on BSD-derived platforms (including macOS), but not on most others.

Fixpg_dump andpg_restore to emitREFRESH MATERIALIZED VIEW commands last (Tom Lane)

This prevents errors during dump/restore when a materialized view refers to tables owned by a different user.

Improvepg_dump/pg_restore's reporting of error conditions originating inzlib (Vladimir Kunschikov, Álvaro Herrera)

Fixpg_dump with the--clean option to drop event triggers as expected (Tom Lane)

It also now correctly assigns ownership of event triggers; before, they were restored as being owned by the superuser running the restore script.

Fixpg_dump to not emit invalid SQL for an empty operator class (Daniel Gustafsson)

Fixpg_dump output to stdout on Windows (Kuntal Ghosh)

A compressed plain-text dump written to stdout would contain corrupt data due to failure to put the file descriptor into binary mode.

Fixpg_get_ruledef() to print correct output for theON SELECT rule of a view whose columns have been renamed (Tom Lane)

In some corner cases,pg_dump relies onpg_get_ruledef() to dump views, so that this error could result in dump/reload failures.

Fix dumping of outer joins with empty constraints, such as the result of aNATURAL LEFT JOIN with no common columns (Tom Lane)

Fix dumping of function expressions in theFROM clause in cases where the expression does not deparse into something that looks like a function call (Tom Lane)

Fixpg_basebackup output to stdout on Windows (Haribabu Kommi)

A backup written to stdout would contain corrupt data due to failure to put the file descriptor into binary mode.

Fixpg_rewind to correctly handle files exceeding 2GB (Kuntal Ghosh, Michael Paquier)

Ordinarily such files won't appear inPostgreSQL data directories, but they could be present in some cases.

Fixpg_upgrade to ensure that the ending WAL record does not havewal_level =minimum (Bruce Momjian)

This condition could prevent upgraded standby servers from reconnecting.

Fixpg_xlogdump's computation of WAL record length (Andres Freund)

Inpostgres_fdw, re-establish connections to remote servers afterALTER SERVER orALTER USER MAPPING commands (Kyotaro Horiguchi)

This ensures that option changes affecting connection parameters will be applied promptly.

Inpostgres_fdw, allow cancellation of remote transaction control commands (Robert Haas, Rafia Sabih)

This change allows us to quickly escape a wait for an unresponsive remote server in many more cases than previously.

IncreaseMAX_SYSCACHE_CALLBACKS to provide more room for extensions (Tom Lane)

Always use-fPIC, not-fpic, when building shared libraries with gcc (Tom Lane)

This supports larger extension libraries on platforms where it makes a difference.

Fix unescaped-braces issue in our build scripts for Microsoft MSVC, to avoid a warning or error from recent Perl versions (Andrew Dunstan)

In MSVC builds, handle the case where theopenssl library is not within aVC subdirectory (Andrew Dunstan)

In MSVC builds, add proper include path forlibxml2 header files (Andrew Dunstan)

This fixes a former need to move things around in standard Windows installations oflibxml2.

In MSVC builds, recognize a Tcl library that is namedtcl86.lib (Noah Misch)

In MSVC builds, honorPROVE_FLAGS settings onvcregress.pl's command line (Andrew Dunstan)