Movatterモバイル変換

Ensure thatINSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases (Dean Rasheed)

The update path ofINSERT ... ON CONFLICT DO UPDATE requiresSELECT permission on the columns of the arbiter index, but it failed to check for that in the case of an arbiter specified by constraint name. In addition, for a table with row level security enabled, it failed to check updated rows against the table'sSELECT policies (regardless of how the arbiter index was specified). (CVE-2017-15099)

Fix crash due to rowtype mismatch injson{b}_populate_recordset() (Michael Paquier, Tom Lane)

These functions used the result rowtype specified in theFROM ... AS clause without checking that it matched the actual rowtype of the supplied tuple value. If it didn't, that would usually result in a crash, though disclosure of server memory contents seems possible as well. (CVE-2017-15098)

Fix sample server-start scripts to become$PGUSER before opening$PGLOG (Noah Misch)

Previously, the postmaster log file was opened while still running as root. The database owner could therefore mount an attack against another system user by making$PGLOG be a symbolic link to some other file, which would then become corrupted by appending log messages.

By default, these scripts are not installed anywhere. Users who have made use of them will need to manually recopy them, or apply the same changes to their modified versions. If the existing$PGLOG file is root-owned, it will need to be removed or renamed out of the way before restarting the server with the corrected script. (CVE-2017-12172)

Fix BRIN index summarization to handle concurrent table extension correctly (Álvaro Herrera)

Previously, a race condition allowed some table rows to be omitted from the index. It may be necessary to reindex existing BRIN indexes to recover from past occurrences of this problem.

Fix possible failures during concurrent updates of a BRIN index (Tom Lane)

These race conditions could result in errors like“invalid index offnum” or“inconsistent range map”.

Fix crash when logical decoding is invoked from a SPI-using function, in particular any function written in a PL language (Tom Lane)

Fix incorrect query results when multipleGROUPING SETS columns contain the same simple variable (Tom Lane)

Fix incorrect parallelization decisions for nested queries (Amit Kapila, Kuntal Ghosh)

Fix parallel query handling to not fail when a recently-used role is dropped (Amit Kapila)

Fixjson_build_array(),json_build_object(), and theirjsonb equivalents to handle explicitVARIADIC arguments correctly (Michael Paquier)

Properly reject attempts to convert infinite float values to typenumeric (Tom Lane, KaiGai Kohei)

Previously the behavior was platform-dependent.

Fix corner-case crashes when columns have been added to the end of a view (Tom Lane)

Record proper dependencies when a view or rule containsFieldSelect orFieldStore expression nodes (Tom Lane)

Lack of these dependencies could allow a column or data typeDROP to go through when it ought to fail, thereby causing later uses of the view or rule to get errors. This patch does not do anything to protect existing views/rules, only ones created in the future.

Correctly detect hashability of range data types (Tom Lane)

The planner mistakenly assumed that any range type could be hashed for use in hash joins or hash aggregation, but actually it must check whether the range's subtype has hash support. This does not affect any of the built-in range types, since they're all hashable anyway.

Correctly ignoreRelabelType expression nodes when determining relation distinctness (David Rowley)

This allows the intended optimization to occur when a subquery has a result column of typevarchar.

Prevent sharing transition states between ordered-set aggregates (David Rowley)

This causes a crash with the built-in ordered-set aggregates, and probably with user-written ones as well. v11 and later will include provisions for dealing with such cases safely, but in released branches, just disable the optimization.

Preventidle_in_transaction_session_timeout from being ignored when astatement_timeout occurred earlier (Lukas Fittl)

Fix low-probability loss ofNOTIFY messages due to XID wraparound (Marko Tiikkaja, Tom Lane)

If a session executed no queries, but merely listened for notifications, for more than 2 billion transactions, it started to miss some notifications from concurrently-committing transactions.

AvoidSIGBUS crash on Linux when a DSM memory request exceeds the space available intmpfs (Thomas Munro)

Reduce the frequency of data flush requests during bulk file copies to avoid performance problems on macOS, particularly with its new APFS file system (Tom Lane)

Prevent low-probability crash in processing of nested trigger firings (Tom Lane)

AllowCOPY'sFREEZE option to work when the transaction isolation level isREPEATABLE READ or higher (Noah Misch)

This case was unintentionally broken by a previous bug fix.

Correctly restore the umask setting when file creation fails inCOPY orlo_export() (Peter Eisentraut)

Give a better error message for duplicate column names inANALYZE (Nathan Bossart)

Add missing cases inGetCommandLogLevel(), preventing errors when certain SQL commands are used whilelog_statement is set toddl (Michael Paquier)

Fix mis-parsing of the last line in a non-newline-terminatedpg_hba.conf file (Tom Lane)

FixAggGetAggref() to return the correctAggref nodes to aggregate final functions whose transition calculations have been merged (Tom Lane)

Fixpg_dump to ensure that it emitsGRANT commands in a valid order (Stephen Frost)

Fixpg_basebackup's matching of tablespace paths to canonicalize both paths before comparing (Michael Paquier)

This is particularly helpful on Windows.

Fixlibpq to not require user's home directory to exist (Tom Lane)

In v10, failure to find the home directory while trying to read~/.pgpass was treated as a hard error, but it should just cause that file to not be found. Both v10 and previous release branches made the same mistake when reading~/.pg_service.conf, though this was less obvious since that file is not sought unless a service name is specified.

Fixlibpq to guard against integer overflow in the row count of aPGresult (Michael Paquier)

Fixecpg's handling of out-of-scope cursor declarations with pointer or array variables (Michael Meskes)

In ecpglib, correctly handle backslashes in string literals depending on whetherstandard_conforming_strings is set (Tsunakawa Takayuki)

Make ecpglib's Informix-compatibility mode ignore fractional digits in integer input strings, as expected (Gao Zengqi, Michael Meskes)

Fixecpg's regression tests to work reliably on Windows (Christian Ullrich, Michael Meskes)

Fix missing temp-install prerequisites forcheck-like Make targets (Noah Misch)

Some non-default test procedures that are meant to work likemake check failed to ensure that the temporary installation was up to date.

Sync our copy of the timezone library with IANA release tzcode2017c (Tom Lane)

This fixes various issues; the only one likely to be user-visible is that the default DST rules for a POSIX-style zone name, if noposixrules file exists in the timezone data directory, now match current US law rather than what it was a dozen years ago.

Update time zone data files totzdata release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, Sudan, Tonga, and Turks & Caicos Islands, plus historical corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, Namibia, and Pago Pago.