1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>E.4. Release 13.1</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="release-13-2.html" title="E.3. Release 13.2" /><link rel="next" href="release-13.html" title="E.5. Release 13" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">E.4. Release 13.1</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="release-13-2.html" title="E.3. Release 13.2">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="release.html" title="Appendix E. Release Notes">Up</a></td><th width="60%" align="center">Appendix E. Release Notes</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="release-13.html" title="E.5. Release 13">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="RELEASE-13-1"><div class="titlepage"><div><div><h2 class="title" style="clear: both">E.4. Release 13.1</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="sect2"><a href="release-13-1.html#id-1.11.6.8.4">E.4.1. Migration to Version 13.1</a></span></dt><dt><span class="sect2"><a href="release-13-1.html#id-1.11.6.8.5">E.4.2. Changes</a></span></dt></dl></div><p><strong>Release date: </strong>2020-11-12</p><p>
This release contains a variety of fixes from 13.0.
For information about new features in major release 13, see
<a class="xref" href="release-13.html" title="E.5. Release 13">Section E.5</a>.
</p><div class="sect2" id="id-1.11.6.8.4"><div class="titlepage"><div><div><h3 class="title">E.4.1. Migration to Version 13.1</h3></div></div></div><p>
A dump/restore is not required for those running 13.X.
</p></div><div class="sect2" id="id-1.11.6.8.5"><div class="titlepage"><div><div><h3 class="title">E.4.2. Changes</h3></div></div></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
Block <code class="command">DECLARE CURSOR ... WITH HOLD</code> and firing of
deferred triggers within index expressions and materialized view
queries (Noah Misch)
</p><p>
This is essentially a leak in the <span class="quote">“<span class="quote">security restricted
operation</span>”</span> sandbox mechanism. An attacker having permission
to create non-temporary SQL objects could parlay this leak to
execute arbitrary SQL code as a superuser.
</p><p>
The <span class="productname">PostgreSQL</span> Project thanks
Etienne Stalmans for reporting this problem.
(CVE-2020-25695)
</p></li><li class="listitem"><p>
Fix usage of complex connection-string parameters
in <span class="application">pg_dump</span>,
<span class="application">pg_restore</span>,
<span class="application">clusterdb</span>,
<span class="application">reindexdb</span>,
and <span class="application">vacuumdb</span> (Tom Lane)
</p><p>
The <code class="option">-d</code> parameter
of <span class="application">pg_dump</span>
and <span class="application">pg_restore</span>, or
the <code class="option">--maintenance-db</code> parameter of the other
programs mentioned, can be a <span class="quote">“<span class="quote">connection string</span>”</span>
containing multiple connection parameters rather than just a
database name. In cases where these programs need to initiate
additional connections, such as parallel processing or processing of
multiple databases, the connection string was forgotten and just the
basic connection parameters (database name, host, port, and
username) were used for the additional connections. This could lead
to connection failures if the connection string included any other
essential information, such as non-default SSL or GSS parameters.
Worse, the connection might succeed but not be encrypted as
intended, or be vulnerable to man-in-the-middle attacks that the
intended connection parameters would have prevented.
(CVE-2020-25694)
</p></li><li class="listitem"><p>
When <span class="application">psql</span>'s <code class="command">\connect</code>
command re-uses connection parameters, ensure that all
non-overridden parameters from a previous connection string are
re-used (Tom Lane)
</p><p>
This avoids cases where reconnection might fail due to omission of
relevant parameters, such as non-default SSL or GSS options.
Worse, the reconnection might succeed but not be encrypted as
intended, or be vulnerable to man-in-the-middle attacks that the
intended connection parameters would have prevented.
This is largely the same problem as just cited
for <span class="application">pg_dump</span> et al,
although <span class="application">psql</span>'s behavior is more complex
since the user may intentionally override some connection
parameters.
(CVE-2020-25694)
</p></li><li class="listitem"><p>
Prevent <span class="application">psql</span>'s <code class="command">\gset</code>
command from modifying specially-treated variables (Noah Misch)
</p><p>
<code class="command">\gset</code> without a prefix would overwrite whatever
variables the server told it to. Thus, a compromised server could
set specially-treated variables such as <code class="varname">PROMPT1</code>,
giving the ability to execute arbitrary shell code in the user's
session.
</p><p>
The <span class="productname">PostgreSQL</span> Project thanks
Nick Cleaton for reporting this problem.
(CVE-2020-25696)
</p></li><li class="listitem"><p>
Fix unintended breakage of the replication protocol
(Álvaro Herrera)
</p><p>
A walsender reports two command-completion events
for <code class="literal">START_REPLICATION</code>. This was undocumented and
apparently unintentional; so we failed to notice that a late 13.0
change removed the duplicate event. However it turns out that
walreceivers require the extra event in some code paths. The most
practical fix is to decree that the extra event is part of the
protocol and resume generating it.
</p></li><li class="listitem"><p>
Ensure that SLRU directories are properly fsync'd during checkpoints
(Thomas Munro)
</p><p>
This prevents possible data loss in a subsequent operating system
crash.
</p></li><li class="listitem"><p>
Fix <code class="command">ALTER ROLE</code> for users with
the <code class="literal">BYPASSRLS</code> attribute (Tom Lane, Stephen Frost)
</p><p>
The <code class="literal">BYPASSRLS</code> attribute is only allowed to be
changed by superusers, but other <code class="command">ALTER ROLE</code>
operations, such as password changes, should be allowed with only
ordinary permission checks. The previous coding erroneously
restricted all changes on such a role to superusers.
</p></li><li class="listitem"><p>
Disallow <code class="command">ALTER TABLE ONLY ... DROP EXPRESSION</code> when
there are child tables (Peter Eisentraut)
</p><p>
The current implementation cannot handle this case correctly, so just
forbid it for now.
</p></li><li class="listitem"><p>
Ensure that <code class="command">ALTER TABLE ONLY ... ENABLE/DISABLE
TRIGGER</code> does not recurse to child tables
(Álvaro Herrera)
</p><p>
Previously the <code class="literal">ONLY</code> flag was ignored.
</p></li><li class="listitem"><p>
Allow <code class="command">LOCK TABLE</code> to succeed on a self-referential
view (Tom Lane)
</p><p>
It previously threw an error complaining about infinite recursion,
but there seems no need to disallow the case.
</p></li><li class="listitem"><p>
Retain statistics about an index across <code class="command">REINDEX
CONCURRENTLY</code> (Michael Paquier, Fabrízio de Royes Mello)
</p><p>
Non-concurrent reindexing has always preserved such statistics.
</p></li><li class="listitem"><p>
Fix incorrect progress reporting from <code class="command">REINDEX
CONCURRENTLY</code> (Matthias van de Meent, Michael Paquier)
</p></li><li class="listitem"><p>
Ensure that <code class="literal">GENERATED</code> columns are updated when
the column(s) they depend on are updated via a rule or an updatable
view (Tom Lane)
</p><p>
This fix also takes care of possible failure to fire a
column-specific trigger in such cases.
</p></li><li class="listitem"><p>
Fix failures with collation-dependent partition bound expressions
(Tom Lane)
</p></li><li class="listitem"><p>
Support hashing of text arrays (Peter Eisentraut)
</p><p>
Array hashing failed if the array element type is collatable.
Notably, this prevented using hash partitioning with a text array
column as partition key.
</p></li><li class="listitem"><p>
Prevent internal overflows in cross-type datetime
comparisons (Nikita Glukhov, Alexander Korotkov, Tom Lane)
</p><p>
Previously, comparing a date to a timestamp would fail if the date
is past the valid range for timestamps. There were also corner
cases involving overflow of close-to-the-limit timestamp values
during timezone rotation.
</p></li><li class="listitem"><p>
Fix off-by-one conversion of negative years to BC dates
in <code class="function">to_date()</code>
and <code class="function">to_timestamp()</code> (Dar Alathar-Yemen, Tom Lane)
</p><p>
Also, arrange for the combination of a negative year and an
explicit <span class="quote">“<span class="quote">BC</span>”</span> marker to cancel out and produce AD.
</p></li><li class="listitem"><p>
Allow the <code class="type">jsonpath</code> <code class="function">.datetime()</code>
method to accept ISO 8601-format timestamps (Nikita Glukhov)
</p><p>
This is not required by SQL, but it seems appropriate since
our <code class="function">to_json()</code> functions generate that timestamp
format for Javascript compatibility.
</p></li><li class="listitem"><p>
Ensure that standby servers will archive WAL timeline history files
when <code class="varname">archive_mode</code> is set
to <code class="literal">always</code> (Grigory Smolkin, Fujii Masao)
</p><p>
This oversight could lead to failure of subsequent PITR recovery
attempts.
</p></li><li class="listitem"><p>
Fix edge cases in detecting premature death of the postmaster on
platforms that use <code class="function">kqueue()</code> (Thomas Munro)
</p></li><li class="listitem"><p>
Avoid generating an incorrect incremental-sort plan when the sort key
is a volatile expression (James Coleman)
</p></li><li class="listitem"><p>
Fix possible crash when considering partition-wise joins
during GEQO planning (Tom Lane)
</p></li><li class="listitem"><p>
Fix possible infinite loop or corrupted output data in TOAST
decompression (Tom Lane)
</p></li><li class="listitem"><p>
Fix counting of the number of entries in B-tree indexes during
cleanup-only <code class="command">VACUUM</code>s (Peter Geoghegan)
</p></li><li class="listitem"><p>
Ensure that data is detoasted before being inserted into a BRIN
index (Tomas Vondra)
</p><p>
Index entries are not supposed to contain out-of-line TOAST
pointers, but BRIN didn't get that memo. This could lead to errors
like <span class="quote">“<span class="quote">missing chunk number 0 for toast value NNN</span>”</span>.
(If you are faced with such an error from an existing
index, <code class="command">REINDEX</code> should be enough to fix it.)
</p></li><li class="listitem"><p>
Fix buffered GiST index builds to work when the index has included
columns (Pavel Borisov)
</p></li><li class="listitem"><p>
Fix unportable use of <code class="function">getnameinfo()</code>
in <code class="structname">pg_hba_file_rules</code> view (Tom Lane)
</p><p>
On FreeBSD 11, and possibly other platforms, the
view's <code class="structfield">address</code>
and <code class="structfield">netmask</code> columns were always null due
to this error.
</p></li><li class="listitem"><p>
Avoid crash if <code class="varname">debug_query_string</code> is NULL
when starting a parallel worker (Noah Misch)
</p></li><li class="listitem"><p>
Avoid failures when a <code class="literal">BEFORE ROW UPDATE</code> trigger
returns the <span class="quote">“<span class="quote">old</span>”</span> row of a table having dropped
or <span class="quote">“<span class="quote">missing</span>”</span> columns (Amit Langote, Tom Lane)
</p><p>
This method of suppressing an update could result in crashes,
unexpected <code class="literal">CHECK</code> constraint failures, or
incorrect <code class="literal">RETURNING</code> output,
because <span class="quote">“<span class="quote">missing</span>”</span> columns would read as NULLs for those
purposes. (A column is <span class="quote">“<span class="quote">missing</span>”</span> for this purpose if
it was added by <code class="command">ALTER TABLE ADD COLUMN</code> with a
non-NULL, but constant, default value.) Dropped columns could cause
trouble as well.
</p></li><li class="listitem"><p>
Fix <code class="command">EXPLAIN</code>'s output for incremental sort plans
to have correct tag nesting in XML output mode (Daniel Gustafsson)
</p></li><li class="listitem"><p>
Avoid unnecessary failure when transferring very large payloads
through shared memory queues (Markus Wanner)
</p></li><li class="listitem"><p>
Fix omission of result data type coercion in some cases in
SQL-language functions (Tom Lane)
</p><p>
This could lead to wrong results or crashes, depending on the data
types involved.
</p></li><li class="listitem"><p>
Fix incorrect handling of template function attributes in JIT code
generation (Andres Freund)
</p><p>
This has been shown to cause crashes on <code class="literal">s390x</code>,
and very possibly there are other cases on other platforms.
</p></li><li class="listitem"><p>
Improve code generated for compare_exchange and fetch_add operations
on PPC (Noah Misch)
</p></li><li class="listitem"><p>
Fix relation cache memory leaks with RLS policies (Tom Lane)
</p></li><li class="listitem"><p>
Fix edge-case memory leak
in <code class="function">index_get_partition()</code> (Justin Pryzby)
</p></li><li class="listitem"><p>
Fix small memory leak when SIGHUP processing decides that a new GUC
variable value cannot be applied without a restart (Tom Lane)
</p></li><li class="listitem"><p>
Fix memory leaks
in <span class="application">PL/pgsql</span>'s <code class="command">CALL</code>
processing (Pavel Stehule, Tom Lane)
</p></li><li class="listitem"><p>
In <span class="application">libpq</span> for Windows,
call <code class="function">WSAStartup()</code> once per process
and <code class="function">WSACleanup()</code> not at all (Tom Lane,
Alexander Lakhin)
</p><p>
Previously, <span class="application">libpq</span>
invoked <code class="function">WSAStartup()</code> at connection start
and <code class="function">WSACleanup()</code> at connection cleanup.
However, it appears that calling <code class="function">WSACleanup()</code>
can interfere with other program operations; notably, we have
observed rare failures to emit expected output to stdout. There
appear to be no ill effects from omitting the call, so do that.
(This also eliminates a performance issue from repeated DLL loads and
unloads when a program performs a series of database connections.)
</p></li><li class="listitem"><p>
Fix <span class="application">ecpg</span> library's per-thread
initialization logic for Windows (Tom Lane, Alexander Lakhin)
</p><p>
Multi-threaded <span class="application">ecpg</span> applications could
suffer rare misbehavior due to incorrect locking.
</p></li><li class="listitem"><p>
Fix <span class="application">ecpg</span>'s mis-processing
of <code class="literal">B'...'</code> and <code class="literal">X'...'</code> literals
(Shenhao Wang)
</p></li><li class="listitem"><p>
On Windows, make <span class="application">psql</span> read the output of
a backtick command in text mode, not binary mode (Tom Lane)
</p><p>
This ensures proper handling of newlines.
</p></li><li class="listitem"><p>
Ensure that <span class="application">pg_dump</span> collects per-column
information about extension configuration tables (Fabrízio de
Royes Mello, Tom Lane)
</p><p>
Failure to do this led to crashes when
specifying <code class="option">--inserts</code>, or underspecified (though
usually correct) <code class="command">COPY</code> commands when
using <code class="command">COPY</code> to reload the tables' data.
</p></li><li class="listitem"><p>
Make <span class="application">pg_upgrade</span> check for pre-existence
of tablespace directories in the target cluster (Bruce Momjian)
</p></li><li class="listitem"><p>
Fix potential memory leak in <code class="filename">contrib/pgcrypto</code>
(Michael Paquier)
</p></li><li class="listitem"><p>
Add check for an unlikely failure case
in <code class="filename">contrib/pgcrypto</code> (Daniel Gustafsson)
</p></li><li class="listitem"><p>
Fix recently-added <code class="type">timetz</code> test case so it works when
the USA is not observing daylight savings time (Tom Lane)
</p></li><li class="listitem"><p>
Update time zone data files to <span class="application">tzdata</span>
release 2020d for DST law changes in Fiji, Morocco, Palestine, the
Canadian Yukon, Macquarie Island, and Casey Station (Antarctica);
plus historical corrections for France, Hungary, Monaco, and
Palestine.
</p></li><li class="listitem"><p>
Sync our copy of the timezone library with IANA tzcode release 2020d
(Tom Lane)
</p><p>
This absorbs upstream's change of <span class="application">zic</span>'s
default output option from <span class="quote">“<span class="quote">fat</span>”</span>
to <span class="quote">“<span class="quote">slim</span>”</span>. That's just cosmetic for our purposes, as
we continue to select the <span class="quote">“<span class="quote">fat</span>”</span> mode in pre-v13
branches. This change also ensures
that <code class="function">strftime()</code> does not
change <code class="varname">errno</code> unless it fails.
</p></li></ul></div></div></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="release-13-2.html" title="E.3. Release 13.2">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="release.html" title="Appendix E. Release Notes">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="release-13.html" title="E.5. Release 13">Next</a></td></tr><tr><td width="40%" align="left" valign="top">E.3. Release 13.2 </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> E.5. Release 13</td></tr></table></div></body></html>
|
