Navigation:
Browse pkgsrc
(this page)Log Message: The PostgreSQL Global Development Group has released an update to all supported \ versions of our database system, including 9.5.4, 9.4.9, 9.3.14, 9.2.18 and \ 9.1.23. This release fixes two security issues. It also patches a number of \ other bugs reported over the last three months. Users who rely on security \ isolation between database users should update as soon as possible. Other users \ should plan to update at the next convenient downtime. Security Issues --------------- Two security holes have been closed by this release: CVE-2016-5423: certain nested CASE expressions can cause the server to crash. CVE-2016-5424: database and role names with embedded special characters can \ allow code injection during administrative operations like pg_dumpall. The fix for the second issue also adds an option, -reuse-previous, to psql's \ \connect command. pg_dumpall will also refuse to handle database and role names \ containing line breaks after the update. For more information on these issues \ and how they affect backwards-compatibility, see the Release Notes. Bug Fixes and Improvements -------------------------- This update also fixes a number of bugs reported in the last few months. Some of \ these issues affect only version 9.5, but many affect all supported versions: Fix misbehaviors of IS NULL/IS NOT NULL with composite values Fix three areas where INSERT ... ON CONFLICT failed to work properly with other \ SQL features. Make INET and CIDR data types properly reject bad IPv6 values Prevent crash in "point ## lseg" operator for NaN input Avoid possible crash in pg_get_expr() Fix several one-byte buffer over-reads in to_number() Don't needlessly plan query if WITH NO DATA is specified Avoid crash-unsafe state in expensive heap_update() paths Fix hint bit update during WAL replay of row locking operations Avoid unnecessary "could not serialize access" with FOR KEY SHARE Avoid crash in postgres -C when the specified variable is a null string Fix two issues with logical decoding and subtransactions Ensure that backends see up-to-date statistics for shared catalogs Prevent possible failure when vacuuming multixact IDs in an upgraded database When a manual ANALYZE specifies columns, don't reset changes_since_analyze Fix ANALYZE's overestimation of n_distinct for columns with nulls Fix bug in b-tree mark/restore processing Fix building of large (bigger than shared_buffers) hash indexes Prevent infinite loop in GiST index build with NaN values Fix possible crash during a nearest-neighbor indexscan Fix "PANIC: failed to add BRIN tuple" error Prevent possible crash during background worker shutdown Many fixes for issues in parallel pg_dump and pg_restore Make pg_basebackup accept -Z 0 as no compression Make regression tests safe for Danish and Welsh locales
New packages: