diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml
index f5dab31608b..4ab11e25a7d 100644
--- a/doc/src/sgml/release-9.1.sgml
+++ b/doc/src/sgml/release-9.1.sgml
@@ -1,6 +1,506 @@
+
+ Release 9.1.20
+
+
+ Release Date
+ 2016-02-11
+
+
+
+ This release contains a variety of fixes from 9.1.19.
+ For information about new features in the 9.1 major release, see
+ .
+
+
+
+ Migration to Version 9.1.20
+
+
+ A dump/restore is not required for those running 9.1.X.
+
+
+
+ However, if you are upgrading from a version earlier than 9.1.16,
+ see .
+
+
+
+
+
+ Changes
+
+
+
+
+
+ Perform an immediate shutdown if the postmaster.pid file
+ is removed (Tom Lane)
+
+
+
+ The postmaster now checks every minute or so
+ that postmaster.pid is still there and still contains its
+ own PID. If not, it performs an immediate shutdown, as though it had
+ received SIGQUIT. The main motivation for this change
+ is to ensure that failed buildfarm runs will get cleaned up without
+ manual intervention; but it also serves to limit the bad effects if a
+ DBA forcibly removes postmaster.pid and then starts a new
+ postmaster.
+
+
+
+
+
+ In SERIALIZABLE transaction isolation mode, serialization
+ anomalies could be missed due to race conditions during insertions
+ (Kevin Grittner, Thomas Munro)
+
+
+
+
+
+ Fix failure to emit appropriate WAL records when doing ALTER
+ TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier,
+ Andres Freund)
+
+
+
+ Even though the relation's data is unlogged, the move must be logged or
+ the relation will be inaccessible after a standby is promoted to master.
+
+
+
+
+
+ Fix possible misinitialization of unlogged relations at the end of
+ crash recovery (Andres Freund, Michael Paquier)
+
+
+
+
+
+ Fix ALTER COLUMN TYPE to reconstruct inherited check
+ constraints properly (Tom Lane)
+
+
+
+
+
+ Fix REASSIGN OWNED to change ownership of composite types
+ properly (Álvaro Herrera)
+
+
+
+
+
+ Fix REASSIGN OWNED and ALTER OWNER to correctly
+ update granted-permissions lists when changing owners of data types,
+ foreign data wrappers, or foreign servers (Bruce Momjian,
+ Álvaro Herrera)
+
+
+
+
+
+ Fix REASSIGN OWNED to ignore foreign user mappings,
+ rather than fail (Álvaro Herrera)
+
+
+
+
+
+ Add more defenses against bad planner cost estimates for GIN index
+ scans when the index's internal statistics are very out-of-date
+ (Tom Lane)
+
+
+
+
+
+ Make planner cope with hypothetical GIN indexes suggested by an index
+ advisor plug-in (Julien Rouhaud)
+
+
+
+
+
+ Fix dumping of whole-row Vars in ROW()
+ and VALUES() lists (Tom Lane)
+
+
+
+
+
+ Fix possible internal overflow in numeric division
+ (Dean Rasheed)
+
+
+
+
+
+ Fix enforcement of restrictions inside parentheses within regular
+ expression lookahead constraints (Tom Lane)
+
+
+
+ Lookahead constraints aren't allowed to contain backrefs, and
+ parentheses within them are always considered non-capturing, according
+ to the manual. However, the code failed to handle these cases properly
+ inside a parenthesized subexpression, and would give unexpected
+ results.
+
+
+
+
+
+ Conversion of regular expressions to indexscan bounds could produce
+ incorrect bounds from regexps containing lookahead constraints
+ (Tom Lane)
+
+
+
+
+
+ Fix regular-expression compiler to handle loops of constraint arcs
+ (Tom Lane)
+
+
+
+ The code added for CVE-2007-4772 was both incomplete, in that it didn't
+ handle loops involving more than one state, and incorrect, in that it
+ could cause assertion failures (though there seem to be no bad
+ consequences of that in a non-assert build). Multi-state loops would
+ cause the compiler to run until the query was canceled or it reached
+ the too-many-states error condition.
+
+
+
+
+
+ Improve memory-usage accounting in regular-expression compiler
+ (Tom Lane)
+
+
+
+ This causes the code to emit regular expression is too
+ complex errors in some cases that previously used unreasonable
+ amounts of time and memory.
+
+
+
+
+
+ Improve performance of regular-expression compiler (Tom Lane)
+
+
+
+
+
+ Make %h and %r escapes
+ in log_line_prefix work for messages emitted due
+ to log_connections (Tom Lane)
+
+
+
+ Previously, %h/%r started to work just after a
+ new session had emitted the connection received log message;
+ now they work for that message too.
+
+
+
+
+
+ On Windows, ensure the shared-memory mapping handle gets closed in
+ child processes that don't need it (Tom Lane, Amit Kapila)
+
+
+
+ This oversight resulted in failure to recover from crashes
+ whenever logging_collector is turned on.
+
+
+
+
+
+ Fix possible failure to detect socket EOF in non-blocking mode on
+ Windows (Tom Lane)
+
+
+
+ It's not entirely clear whether this problem can happen in pre-9.5
+ branches, but if it did, the symptom would be that a walsender process
+ would wait indefinitely rather than noticing a loss of connection.
+
+
+
+
+
+ Avoid leaking a token handle during SSPI authentication
+ (Christian Ullrich)
+
+
+
+
+
+ In psql, ensure that libreadline's idea
+ of the screen size is updated when the terminal window size changes
+ (Merlin Moncure)
+
+
+
+ Previously, libreadline did not notice if the window
+ was resized during query output, leading to strange behavior during
+ later input of multiline queries.
+
+
+
+
+
+ Fix psql's \det command to interpret its
+ pattern argument the same way as other \d commands with
+ potentially schema-qualified patterns do (Reece Hart)
+
+
+
+
+
+ Avoid possible crash in psql's \c command
+ when previous connection was via Unix socket and command specifies a
+ new hostname and same username (Tom Lane)
+
+
+
+
+
+ In pg_ctl start -w, test child process status directly
+ rather than relying on heuristics (Tom Lane, Michael Paquier)
+
+
+
+ Previously, pg_ctl relied on an assumption that the new
+ postmaster would always create postmaster.pid within five
+ seconds. But that can fail on heavily-loaded systems,
+ causing pg_ctl to report incorrectly that the
+ postmaster failed to start.
+
+
+
+ Except on Windows, this change also means that a pg_ctl start
+ -w done immediately after another such command will now reliably
+ fail, whereas previously it would report success if done within two
+ seconds of the first command.
+
+
+
+
+
+ In pg_ctl start -w, don't attempt to use a wildcard listen
+ address to connect to the postmaster (Kondo Yuta)
+
+
+
+ On Windows, pg_ctl would fail to detect postmaster
+ startup if listen_addresses is set to 0.0.0.0
+ or ::, because it would try to use that value verbatim as
+ the address to connect to, which doesn't work. Instead assume
+ that 127.0.0.1 or ::1, respectively, is the
+ right thing to use.
+
+
+
+
+
+ In pg_ctl on Windows, check service status to decide
+ where to send output, rather than checking if standard output is a
+ terminal (Michael Paquier)
+
+
+
+
+
+ In pg_dump and pg_basebackup, adopt
+ the GNU convention for handling tar-archive members exceeding 8GB
+ (Tom Lane)
+
+
+
+ The POSIX standard for tar file format does not allow
+ archive member files to exceed 8GB, but most modern implementations
+ of tar support an extension that fixes that. Adopt
+ this extension so that pg_dump with
+
+
+
+
+ Fix assorted corner-case bugs in pg_dump's processing
+ of extension member objects (Tom Lane)
+
+
+
+
+
+ Make pg_dump mark a view's triggers as needing to be
+ processed after its rule, to prevent possible failure during
+ parallel pg_restore (Tom Lane)
+
+
+
+
+
+ Ensure that relation option values are properly quoted
+ in pg_dump (Kouhei Sutou, Tom Lane)
+
+
+
+ A reloption value that isn't a simple identifier or number could lead
+ to dump/reload failures due to syntax errors in CREATE statements
+ issued by pg_dump. This is not an issue with any
+ reloption currently supported by core PostgreSQL, but
+ extensions could allow reloptions that cause the problem.
+
+
+
+
+
+ Fix pg_upgrade's file-copying code to handle errors
+ properly on Windows (Bruce Momjian)
+
+
+
+
+
+ Install guards in pgbench against corner-case overflow
+ conditions during evaluation of script-specified division or modulo
+ operators (Fabien Coelho, Michael Paquier)
+
+
+
+
+
+ Prevent certain PL/Java parameters from being set by
+ non-superusers (Noah Misch)
+
+
+
+ This change mitigates a PL/Java security bug
+ (CVE-2016-0766), which was fixed in PL/Java by marking
+ these parameters as superuser-only. To fix the security hazard for
+ sites that update PostgreSQL more frequently
+ than PL/Java, make the core code aware of them also.
+
+
+
+
+
+ Improve libpq's handling of out-of-memory situations
+ (Michael Paquier, Amit Kapila, Heikki Linnakangas)
+
+
+
+
+
+ Fix order of arguments
+ in ecpg-generated typedef statements
+ (Michael Meskes)
+
+
+
+
+
+ Use %g not %f format
+ in ecpg's PGTYPESnumeric_from_double()
+ (Tom Lane)
+
+
+
+
+
+ Fix ecpg-supplied header files to not contain comments
+ continued from a preprocessor directive line onto the next line
+ (Michael Meskes)
+
+
+
+ Such a comment is rejected by ecpg. It's not yet clear
+ whether ecpg itself should be changed.
+
+
+
+
+
+ Ensure that contrib/pgcrypto's crypt()
+ function can be interrupted by query cancel (Andreas Karlsson)
+
+
+
+
+
+ Accept flex versions later than 2.5.x
+ (Tom Lane, Michael Paquier)
+
+
+
+ Now that flex 2.6.0 has been released, the version checks in our build
+ scripts needed to be adjusted.
+
+
+
+
+
+ Install our missing script where PGXS builds can find it
+ (Jim Nasby)
+
+
+
+ This allows sane behavior in a PGXS build done on a machine where build
+ tools such as bison are missing.
+
+
+
+
+
+ Ensure that dynloader.h is included in the installed
+ header files in MSVC builds (Bruce Momjian, Michael Paquier)
+
+
+
+
+
+ Add variant regression test expected-output file to match behavior of
+ current libxml2 (Tom Lane)
+
+
+
+ The fix for libxml2's CVE-2015-7499 causes it not to
+ output error context reports in some cases where it used to do so.
+ This seems to be a bug, but we'll probably have to live with it for
+ some time, so work around it.
+
+
+
+
+
+ Update time zone data files to tzdata release 2016a for
+ DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
+ Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
+
+
+
+
+
+
+
+
Release 9.1.19
diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml
index bee0c9e6235..78154cb8eca 100644
--- a/doc/src/sgml/release-9.2.sgml
+++ b/doc/src/sgml/release-9.2.sgml
@@ -1,6 +1,537 @@
+
+ Release 9.2.15
+
+
+ Release Date
+ 2016-02-11
+
+
+
+ This release contains a variety of fixes from 9.2.14.
+ For information about new features in the 9.2 major release, see
+ .
+
+
+
+ Migration to Version 9.2.15
+
+
+ A dump/restore is not required for those running 9.2.X.
+
+
+
+ However, if you are upgrading from a version earlier than 9.2.11,
+ see .
+
+
+
+
+
+ Changes
+
+
+
+
+
+ Perform an immediate shutdown if the postmaster.pid file
+ is removed (Tom Lane)
+
+
+
+ The postmaster now checks every minute or so
+ that postmaster.pid is still there and still contains its
+ own PID. If not, it performs an immediate shutdown, as though it had
+ received SIGQUIT. The main motivation for this change
+ is to ensure that failed buildfarm runs will get cleaned up without
+ manual intervention; but it also serves to limit the bad effects if a
+ DBA forcibly removes postmaster.pid and then starts a new
+ postmaster.
+
+
+
+
+
+ In SERIALIZABLE transaction isolation mode, serialization
+ anomalies could be missed due to race conditions during insertions
+ (Kevin Grittner, Thomas Munro)
+
+
+
+
+
+ Fix failure to emit appropriate WAL records when doing ALTER
+ TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier,
+ Andres Freund)
+
+
+
+ Even though the relation's data is unlogged, the move must be logged or
+ the relation will be inaccessible after a standby is promoted to master.
+
+
+
+
+
+ Fix possible misinitialization of unlogged relations at the end of
+ crash recovery (Andres Freund, Michael Paquier)
+
+
+
+
+
+ Fix ALTER COLUMN TYPE to reconstruct inherited check
+ constraints properly (Tom Lane)
+
+
+
+
+
+ Fix REASSIGN OWNED to change ownership of composite types
+ properly (Álvaro Herrera)
+
+
+
+
+
+ Fix REASSIGN OWNED and ALTER OWNER to correctly
+ update granted-permissions lists when changing owners of data types,
+ foreign data wrappers, or foreign servers (Bruce Momjian,
+ Álvaro Herrera)
+
+
+
+
+
+ Fix REASSIGN OWNED to ignore foreign user mappings,
+ rather than fail (Álvaro Herrera)
+
+
+
+
+
+ Add more defenses against bad planner cost estimates for GIN index
+ scans when the index's internal statistics are very out-of-date
+ (Tom Lane)
+
+
+
+
+
+ Make planner cope with hypothetical GIN indexes suggested by an index
+ advisor plug-in (Julien Rouhaud)
+
+
+
+
+
+ Fix dumping of whole-row Vars in ROW()
+ and VALUES() lists (Tom Lane)
+
+
+
+
+
+ Fix possible internal overflow in numeric division
+ (Dean Rasheed)
+
+
+
+
+
+ Fix enforcement of restrictions inside parentheses within regular
+ expression lookahead constraints (Tom Lane)
+
+
+
+ Lookahead constraints aren't allowed to contain backrefs, and
+ parentheses within them are always considered non-capturing, according
+ to the manual. However, the code failed to handle these cases properly
+ inside a parenthesized subexpression, and would give unexpected
+ results.
+
+
+
+
+
+ Conversion of regular expressions to indexscan bounds could produce
+ incorrect bounds from regexps containing lookahead constraints
+ (Tom Lane)
+
+
+
+
+
+ Fix regular-expression compiler to handle loops of constraint arcs
+ (Tom Lane)
+
+
+
+ The code added for CVE-2007-4772 was both incomplete, in that it didn't
+ handle loops involving more than one state, and incorrect, in that it
+ could cause assertion failures (though there seem to be no bad
+ consequences of that in a non-assert build). Multi-state loops would
+ cause the compiler to run until the query was canceled or it reached
+ the too-many-states error condition.
+
+
+
+
+
+ Improve memory-usage accounting in regular-expression compiler
+ (Tom Lane)
+
+
+
+ This causes the code to emit regular expression is too
+ complex errors in some cases that previously used unreasonable
+ amounts of time and memory.
+
+
+
+
+
+ Improve performance of regular-expression compiler (Tom Lane)
+
+
+
+
+
+ Make %h and %r escapes
+ in log_line_prefix work for messages emitted due
+ to log_connections (Tom Lane)
+
+
+
+ Previously, %h/%r started to work just after a
+ new session had emitted the connection received log message;
+ now they work for that message too.
+
+
+
+
+
+ On Windows, ensure the shared-memory mapping handle gets closed in
+ child processes that don't need it (Tom Lane, Amit Kapila)
+
+
+
+ This oversight resulted in failure to recover from crashes
+ whenever logging_collector is turned on.
+
+
+
+
+
+ Fix possible failure to detect socket EOF in non-blocking mode on
+ Windows (Tom Lane)
+
+
+
+ It's not entirely clear whether this problem can happen in pre-9.5
+ branches, but if it did, the symptom would be that a walsender process
+ would wait indefinitely rather than noticing a loss of connection.
+
+
+
+
+
+ Avoid leaking a token handle during SSPI authentication
+ (Christian Ullrich)
+
+
+
+
+
+ In psql, ensure that libreadline's idea
+ of the screen size is updated when the terminal window size changes
+ (Merlin Moncure)
+
+
+
+ Previously, libreadline did not notice if the window
+ was resized during query output, leading to strange behavior during
+ later input of multiline queries.
+
+
+
+
+
+ Fix psql's \det command to interpret its
+ pattern argument the same way as other \d commands with
+ potentially schema-qualified patterns do (Reece Hart)
+
+
+
+
+
+ Avoid possible crash in psql's \c command
+ when previous connection was via Unix socket and command specifies a
+ new hostname and same username (Tom Lane)
+
+
+
+
+
+ In pg_ctl start -w, test child process status directly
+ rather than relying on heuristics (Tom Lane, Michael Paquier)
+
+
+
+ Previously, pg_ctl relied on an assumption that the new
+ postmaster would always create postmaster.pid within five
+ seconds. But that can fail on heavily-loaded systems,
+ causing pg_ctl to report incorrectly that the
+ postmaster failed to start.
+
+
+
+ Except on Windows, this change also means that a pg_ctl start
+ -w done immediately after another such command will now reliably
+ fail, whereas previously it would report success if done within two
+ seconds of the first command.
+
+
+
+
+
+ In pg_ctl start -w, don't attempt to use a wildcard listen
+ address to connect to the postmaster (Kondo Yuta)
+
+
+
+ On Windows, pg_ctl would fail to detect postmaster
+ startup if listen_addresses is set to 0.0.0.0
+ or ::, because it would try to use that value verbatim as
+ the address to connect to, which doesn't work. Instead assume
+ that 127.0.0.1 or ::1, respectively, is the
+ right thing to use.
+
+
+
+
+
+ In pg_ctl on Windows, check service status to decide
+ where to send output, rather than checking if standard output is a
+ terminal (Michael Paquier)
+
+
+
+
+
+ In pg_dump and pg_basebackup, adopt
+ the GNU convention for handling tar-archive members exceeding 8GB
+ (Tom Lane)
+
+
+
+ The POSIX standard for tar file format does not allow
+ archive member files to exceed 8GB, but most modern implementations
+ of tar support an extension that fixes that. Adopt
+ this extension so that pg_dump with
+
+
+
+
+ Fix assorted corner-case bugs in pg_dump's processing
+ of extension member objects (Tom Lane)
+
+
+
+
+
+ Make pg_dump mark a view's triggers as needing to be
+ processed after its rule, to prevent possible failure during
+ parallel pg_restore (Tom Lane)
+
+
+
+
+
+ Ensure that relation option values are properly quoted
+ in pg_dump (Kouhei Sutou, Tom Lane)
+
+
+
+ A reloption value that isn't a simple identifier or number could lead
+ to dump/reload failures due to syntax errors in CREATE statements
+ issued by pg_dump. This is not an issue with any
+ reloption currently supported by core PostgreSQL, but
+ extensions could allow reloptions that cause the problem.
+
+
+
+
+
+ Fix pg_upgrade's file-copying code to handle errors
+ properly on Windows (Bruce Momjian)
+
+
+
+
+
+ Install guards in pgbench against corner-case overflow
+ conditions during evaluation of script-specified division or modulo
+ operators (Fabien Coelho, Michael Paquier)
+
+
+
+
+
+ Fix failure to localize messages emitted
+ by pg_receivexlog and pg_recvlogical
+ (Ioseph Kim)
+
+
+
+
+
+ Avoid dump/reload problems when using both plpython2
+ and plpython3 (Tom Lane)
+
+
+
+ In principle, both versions of PL/Python can be used in
+ the same database, though not in the same session (because the two
+ versions of libpython cannot safely be used concurrently).
+ However, pg_restore and pg_upgrade both
+ do things that can fall foul of the same-session restriction. Work
+ around that by changing the timing of the check.
+
+
+
+
+
+ Fix PL/Python regression tests to pass with Python 3.5
+ (Peter Eisentraut)
+
+
+
+
+
+ Prevent certain PL/Java parameters from being set by
+ non-superusers (Noah Misch)
+
+
+
+ This change mitigates a PL/Java security bug
+ (CVE-2016-0766), which was fixed in PL/Java by marking
+ these parameters as superuser-only. To fix the security hazard for
+ sites that update PostgreSQL more frequently
+ than PL/Java, make the core code aware of them also.
+
+
+
+
+
+ Improve libpq's handling of out-of-memory situations
+ (Michael Paquier, Amit Kapila, Heikki Linnakangas)
+
+
+
+
+
+ Fix order of arguments
+ in ecpg-generated typedef statements
+ (Michael Meskes)
+
+
+
+
+
+ Use %g not %f format
+ in ecpg's PGTYPESnumeric_from_double()
+ (Tom Lane)
+
+
+
+
+
+ Fix ecpg-supplied header files to not contain comments
+ continued from a preprocessor directive line onto the next line
+ (Michael Meskes)
+
+
+
+ Such a comment is rejected by ecpg. It's not yet clear
+ whether ecpg itself should be changed.
+
+
+
+
+
+ Ensure that contrib/pgcrypto's crypt()
+ function can be interrupted by query cancel (Andreas Karlsson)
+
+
+
+
+
+ Accept flex versions later than 2.5.x
+ (Tom Lane, Michael Paquier)
+
+
+
+ Now that flex 2.6.0 has been released, the version checks in our build
+ scripts needed to be adjusted.
+
+
+
+
+
+ Install our missing script where PGXS builds can find it
+ (Jim Nasby)
+
+
+
+ This allows sane behavior in a PGXS build done on a machine where build
+ tools such as bison are missing.
+
+
+
+
+
+ Ensure that dynloader.h is included in the installed
+ header files in MSVC builds (Bruce Momjian, Michael Paquier)
+
+
+
+
+
+ Add variant regression test expected-output file to match behavior of
+ current libxml2 (Tom Lane)
+
+
+
+ The fix for libxml2's CVE-2015-7499 causes it not to
+ output error context reports in some cases where it used to do so.
+ This seems to be a bug, but we'll probably have to live with it for
+ some time, so work around it.
+
+
+
+
+
+ Update time zone data files to tzdata release 2016a for
+ DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
+ Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
+
+
+
+
+
+
+
+
Release 9.2.14
diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml
index b637908f592..0f4907daa99 100644
--- a/doc/src/sgml/release-9.3.sgml
+++ b/doc/src/sgml/release-9.3.sgml
@@ -1,6 +1,616 @@
+
+ Release 9.3.11
+
+
+ Release Date
+ 2016-02-11
+
+
+
+ This release contains a variety of fixes from 9.3.10.
+ For information about new features in the 9.3 major release, see
+ .
+
+
+
+ Migration to Version 9.3.11
+
+
+ A dump/restore is not required for those running 9.3.X.
+
+
+
+ However, if you are upgrading from a version earlier than 9.3.9,
+ see .
+
+
+
+
+
+ Changes
+
+
+
+
+
+ Perform an immediate shutdown if the postmaster.pid file
+ is removed (Tom Lane)
+
+
+
+ The postmaster now checks every minute or so
+ that postmaster.pid is still there and still contains its
+ own PID. If not, it performs an immediate shutdown, as though it had
+ received SIGQUIT. The main motivation for this change
+ is to ensure that failed buildfarm runs will get cleaned up without
+ manual intervention; but it also serves to limit the bad effects if a
+ DBA forcibly removes postmaster.pid and then starts a new
+ postmaster.
+
+
+
+
+
+ In SERIALIZABLE transaction isolation mode, serialization
+ anomalies could be missed due to race conditions during insertions
+ (Kevin Grittner, Thomas Munro)
+
+
+
+
+
+ Fix failure to emit appropriate WAL records when doing ALTER
+ TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier,
+ Andres Freund)
+
+
+
+ Even though the relation's data is unlogged, the move must be logged or
+ the relation will be inaccessible after a standby is promoted to master.
+
+
+
+
+
+ Fix possible misinitialization of unlogged relations at the end of
+ crash recovery (Andres Freund, Michael Paquier)
+
+
+
+
+
+ Ensure walsender slots are fully re-initialized when being re-used
+ (Magnus Hagander)
+
+
+
+
+
+ Fix ALTER COLUMN TYPE to reconstruct inherited check
+ constraints properly (Tom Lane)
+
+
+
+
+
+ Fix REASSIGN OWNED to change ownership of composite types
+ properly (Álvaro Herrera)
+
+
+
+
+
+ Fix REASSIGN OWNED and ALTER OWNER to correctly
+ update granted-permissions lists when changing owners of data types,
+ foreign data wrappers, or foreign servers (Bruce Momjian,
+ Álvaro Herrera)
+
+
+
+
+
+ Fix REASSIGN OWNED to ignore foreign user mappings,
+ rather than fail (Álvaro Herrera)
+
+
+
+
+
+ Fix possible crash after doing query rewrite for an updatable view
+ (Stephen Frost)
+
+
+
+
+
+ Fix planner's handling of LATERAL references (Tom
+ Lane)
+
+
+
+ This fixes some corner cases that led to failed to build any
+ N-way joins or could not devise a query plan planner
+ failures.
+
+
+
+
+
+ Add more defenses against bad planner cost estimates for GIN index
+ scans when the index's internal statistics are very out-of-date
+ (Tom Lane)
+
+
+
+
+
+ Make planner cope with hypothetical GIN indexes suggested by an index
+ advisor plug-in (Julien Rouhaud)
+
+
+
+
+
+ Speed up generation of unique table aliases in EXPLAIN and
+ rule dumping, and ensure that generated aliases do not
+ exceed NAMEDATALEN (Tom Lane)
+
+
+
+
+
+ Fix dumping of whole-row Vars in ROW()
+ and VALUES() lists (Tom Lane)
+
+
+
+
+
+ Fix possible internal overflow in numeric division
+ (Dean Rasheed)
+
+
+
+
+
+ Fix enforcement of restrictions inside parentheses within regular
+ expression lookahead constraints (Tom Lane)
+
+
+
+ Lookahead constraints aren't allowed to contain backrefs, and
+ parentheses within them are always considered non-capturing, according
+ to the manual. However, the code failed to handle these cases properly
+ inside a parenthesized subexpression, and would give unexpected
+ results.
+
+
+
+
+
+ Conversion of regular expressions to indexscan bounds could produce
+ incorrect bounds from regexps containing lookahead constraints
+ (Tom Lane)
+
+
+
+
+
+ Fix regular-expression compiler to handle loops of constraint arcs
+ (Tom Lane)
+
+
+
+ The code added for CVE-2007-4772 was both incomplete, in that it didn't
+ handle loops involving more than one state, and incorrect, in that it
+ could cause assertion failures (though there seem to be no bad
+ consequences of that in a non-assert build). Multi-state loops would
+ cause the compiler to run until the query was canceled or it reached
+ the too-many-states error condition.
+
+
+
+
+
+ Improve memory-usage accounting in regular-expression compiler
+ (Tom Lane)
+
+
+
+ This causes the code to emit regular expression is too
+ complex errors in some cases that previously used unreasonable
+ amounts of time and memory.
+
+
+
+
+
+ Improve performance of regular-expression compiler (Tom Lane)
+
+
+
+
+
+ Make %h and %r escapes
+ in log_line_prefix work for messages emitted due
+ to log_connections (Tom Lane)
+
+
+
+ Previously, %h/%r started to work just after a
+ new session had emitted the connection received log message;
+ now they work for that message too.
+
+
+
+
+
+ On Windows, ensure the shared-memory mapping handle gets closed in
+ child processes that don't need it (Tom Lane, Amit Kapila)
+
+
+
+ This oversight resulted in failure to recover from crashes
+ whenever logging_collector is turned on.
+
+
+
+
+
+ Fix possible failure to detect socket EOF in non-blocking mode on
+ Windows (Tom Lane)
+
+
+
+ It's not entirely clear whether this problem can happen in pre-9.5
+ branches, but if it did, the symptom would be that a walsender process
+ would wait indefinitely rather than noticing a loss of connection.
+
+
+
+
+
+ Avoid leaking a token handle during SSPI authentication
+ (Christian Ullrich)
+
+
+
+
+
+ In psql, ensure that libreadline's idea
+ of the screen size is updated when the terminal window size changes
+ (Merlin Moncure)
+
+
+
+ Previously, libreadline did not notice if the window
+ was resized during query output, leading to strange behavior during
+ later input of multiline queries.
+
+
+
+
+
+ Fix psql's \det command to interpret its
+ pattern argument the same way as other \d commands with
+ potentially schema-qualified patterns do (Reece Hart)
+
+
+
+
+
+ Avoid possible crash in psql's \c command
+ when previous connection was via Unix socket and command specifies a
+ new hostname and same username (Tom Lane)
+
+
+
+
+
+ In pg_ctl start -w, test child process status directly
+ rather than relying on heuristics (Tom Lane, Michael Paquier)
+
+
+
+ Previously, pg_ctl relied on an assumption that the new
+ postmaster would always create postmaster.pid within five
+ seconds. But that can fail on heavily-loaded systems,
+ causing pg_ctl to report incorrectly that the
+ postmaster failed to start.
+
+
+
+ Except on Windows, this change also means that a pg_ctl start
+ -w done immediately after another such command will now reliably
+ fail, whereas previously it would report success if done within two
+ seconds of the first command.
+
+
+
+
+
+ In pg_ctl start -w, don't attempt to use a wildcard listen
+ address to connect to the postmaster (Kondo Yuta)
+
+
+
+ On Windows, pg_ctl would fail to detect postmaster
+ startup if listen_addresses is set to 0.0.0.0
+ or ::, because it would try to use that value verbatim as
+ the address to connect to, which doesn't work. Instead assume
+ that 127.0.0.1 or ::1, respectively, is the
+ right thing to use.
+
+
+
+
+
+ In pg_ctl on Windows, check service status to decide
+ where to send output, rather than checking if standard output is a
+ terminal (Michael Paquier)
+
+
+
+
+
+ In pg_dump and pg_basebackup, adopt
+ the GNU convention for handling tar-archive members exceeding 8GB
+ (Tom Lane)
+
+
+
+ The POSIX standard for tar file format does not allow
+ archive member files to exceed 8GB, but most modern implementations
+ of tar support an extension that fixes that. Adopt
+ this extension so that pg_dump with
+
+
+
+
+ Fix assorted corner-case bugs in pg_dump's processing
+ of extension member objects (Tom Lane)
+
+
+
+
+
+ Make pg_dump mark a view's triggers as needing to be
+ processed after its rule, to prevent possible failure during
+ parallel pg_restore (Tom Lane)
+
+
+
+
+
+ Ensure that relation option values are properly quoted
+ in pg_dump (Kouhei Sutou, Tom Lane)
+
+
+
+ A reloption value that isn't a simple identifier or number could lead
+ to dump/reload failures due to syntax errors in CREATE statements
+ issued by pg_dump. This is not an issue with any
+ reloption currently supported by core PostgreSQL, but
+ extensions could allow reloptions that cause the problem.
+
+
+
+
+
+ Avoid repeated password prompts during parallel pg_dump
+ (Zeus Kronion)
+
+
+
+
+
+ Fix pg_upgrade's file-copying code to handle errors
+ properly on Windows (Bruce Momjian)
+
+
+
+
+
+ Install guards in pgbench against corner-case overflow
+ conditions during evaluation of script-specified division or modulo
+ operators (Fabien Coelho, Michael Paquier)
+
+
+
+
+
+ Fix failure to localize messages emitted
+ by pg_receivexlog and pg_recvlogical
+ (Ioseph Kim)
+
+
+
+
+
+ Avoid dump/reload problems when using both plpython2
+ and plpython3 (Tom Lane)
+
+
+
+ In principle, both versions of PL/Python can be used in
+ the same database, though not in the same session (because the two
+ versions of libpython cannot safely be used concurrently).
+ However, pg_restore and pg_upgrade both
+ do things that can fall foul of the same-session restriction. Work
+ around that by changing the timing of the check.
+
+
+
+
+
+ Fix PL/Python regression tests to pass with Python 3.5
+ (Peter Eisentraut)
+
+
+
+
+
+ Fix premature clearing of libpq's input buffer when
+ socket EOF is seen (Tom Lane)
+
+
+
+ This mistake caused libpq to sometimes not report the
+ backend's final error message before reporting server closed the
+ connection unexpectedly.
+
+
+
+
+
+ Prevent certain PL/Java parameters from being set by
+ non-superusers (Noah Misch)
+
+
+
+ This change mitigates a PL/Java security bug
+ (CVE-2016-0766), which was fixed in PL/Java by marking
+ these parameters as superuser-only. To fix the security hazard for
+ sites that update PostgreSQL more frequently
+ than PL/Java, make the core code aware of them also.
+
+
+
+
+
+ Improve libpq's handling of out-of-memory situations
+ (Michael Paquier, Amit Kapila, Heikki Linnakangas)
+
+
+
+
+
+ Fix order of arguments
+ in ecpg-generated typedef statements
+ (Michael Meskes)
+
+
+
+
+
+ Use %g not %f format
+ in ecpg's PGTYPESnumeric_from_double()
+ (Tom Lane)
+
+
+
+
+
+ Fix ecpg-supplied header files to not contain comments
+ continued from a preprocessor directive line onto the next line
+ (Michael Meskes)
+
+
+
+ Such a comment is rejected by ecpg. It's not yet clear
+ whether ecpg itself should be changed.
+
+
+
+
+
+ Fix hstore_to_json_loose()'s test for whether
+ an hstore value can be converted to a JSON number (Tom Lane)
+
+
+
+ Previously this function could be fooled by non-alphanumeric trailing
+ characters, leading to emitting syntactically-invalid JSON.
+
+
+
+
+
+ Ensure that contrib/pgcrypto's crypt()
+ function can be interrupted by query cancel (Andreas Karlsson)
+
+
+
+
+
+ Accept flex versions later than 2.5.x
+ (Tom Lane, Michael Paquier)
+
+
+
+ Now that flex 2.6.0 has been released, the version checks in our build
+ scripts needed to be adjusted.
+
+
+
+
+
+ Improve reproducibility of build output by ensuring filenames are given
+ to the linker in a fixed order (Christoph Berg)
+
+
+
+ This avoids possible bitwise differences in the produced executable
+ files from one build to the next.
+
+
+
+
+
+ Install our missing script where PGXS builds can find it
+ (Jim Nasby)
+
+
+
+ This allows sane behavior in a PGXS build done on a machine where build
+ tools such as bison are missing.
+
+
+
+
+
+ Ensure that dynloader.h is included in the installed
+ header files in MSVC builds (Bruce Momjian, Michael Paquier)
+
+
+
+
+
+ Add variant regression test expected-output file to match behavior of
+ current libxml2 (Tom Lane)
+
+
+
+ The fix for libxml2's CVE-2015-7499 causes it not to
+ output error context reports in some cases where it used to do so.
+ This seems to be a bug, but we'll probably have to live with it for
+ some time, so work around it.
+
+
+
+
+
+ Update time zone data files to tzdata release 2016a for
+ DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
+ Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
+
+
+
+
+
+
+
+
Release 9.3.10
diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml
index 2c4c6422525..7ba54a924ee 100644
--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@@ -491,16 +491,6 @@ Branch: REL9_1_STABLE [b00c79b5b] 2015-10-16 14:43:18 -0400
-
-
Make %h and %r escapes
@@ -558,16 +548,6 @@ Branch: REL9_1_STABLE [d05103b77] 2016-01-04 17:41:33 -0500
-
-
Avoid leaking a token handle during SSPI authentication
@@ -605,16 +585,6 @@ Branch: REL9_1_STABLE [db462a44e] 2015-12-17 16:55:51 -0500
-
-
Fix psql's \det command to interpret its
@@ -699,16 +669,6 @@ Branch: REL9_1_STABLE [87deb55a4] 2015-11-08 17:31:24 -0500
-
-
In pg_ctl on Windows, check service status to decide
@@ -750,16 +710,6 @@ Branch: REL9_1_STABLE [6df62ef43] 2015-11-23 00:32:01 -0500
-
-
Fix assorted corner-case bugs in pg_dump's processing
@@ -767,29 +717,6 @@ Branch: REL9_1_STABLE [5108013db] 2016-01-13 18:55:27 -0500
-
-
-
-
- Fix improper quoting of domain constraint names
- in pg_dump (Elvis Pranskevichus)
-
-
-
-
-
Make pg_dump mark a view's triggers as needing to be
@@ -867,16 +794,6 @@ Branch: REL9_1_STABLE [c36064e43] 2015-11-24 17:18:27 -0500
-
-
Install guards in pgbench against corner-case overflow
@@ -885,19 +802,6 @@ Branch: REL9_1_STABLE [4c8b07d3c] 2016-02-03 09:25:34 -0500
-
-
-
-
- Suppress useless warning message when pg_receivexlog
- connects to a pre-9.4 server (Marco Nenciarini)
-
-
-
-
Avoid dump/reload problems when using both plpython2
@@ -933,15 +826,22 @@ Branch: REL9_5_STABLE [5ef26b8de] 2016-01-11 20:06:47 -0500
- In principle, both versions of PL/Python can be used in the same
- database, though not in the same session (because the two versions of
- libpython cannot safely be used concurrently).
+ In principle, both versions of PL/Python can be used in
+ the same database, though not in the same session (because the two
+ versions of libpython cannot safely be used concurrently).
However, pg_restore and pg_upgrade both
do things that can fall foul of the same-session restriction. Work
around that by changing the timing of the check.
+
+
+ Fix PL/Python regression tests to pass with Python 3.5
+ (Peter Eisentraut)
+
+
+
-
-
-
-
- Fix PL/Python regression tests to pass with Python 3.5
- (Peter Eisentraut)
-
-
-
Fix premature clearing of libpq's input buffer when
@@ -979,6 +863,21 @@ Branch: REL9_5_STABLE [a66c1fcdd] 2016-01-08 11:39:28 -0500
+
+
+ Prevent certain PL/Java parameters from being set by
+ non-superusers (Noah Misch)
+
+
+
+ This change mitigates a PL/Java security bug
+ (CVE-2016-0766), which was fixed in PL/Java by marking
+ these parameters as superuser-only. To fix the security hazard for
+ sites that update PostgreSQL more frequently
+ than PL/Java, make the core code aware of them also.
+
+
+
-
Fix ecpg-supplied header files to not contain comments
@@ -1053,14 +943,6 @@ Branch: REL9_1_STABLE [79782b407] 2016-02-01 13:19:43 +0100
-
-
Fix hstore_to_json_loose()'s test for whether
@@ -1090,16 +972,6 @@ Branch: REL9_1_STABLE [1b6102eb7] 2015-12-27 13:03:19 -0300
-
-
In contrib/postgres_fdw, fix bugs triggered by use
@@ -1135,27 +1007,6 @@ Branch: REL9_2_STABLE [7f94a5c10] 2015-12-10 10:19:31 -0500
-
-
-
-
- Fix ill-advised restriction of NAMEDATALEN to be less
- than 256 (Robert Haas, Tom Lane)
-
-
-
-
-
Improve reproducibility of build output by ensuring filenames are given
@@ -1190,20 +1041,10 @@ Branch: REL9_1_STABLE [2a37a103b] 2015-12-11 16:14:48 -0500
-
-
Ensure that dynloader.h is included in the installed
- header files in MSVC builds (Michael Paquier)
+ header files in MSVC builds (Bruce Momjian, Michael Paquier)
@@ -1231,16 +1072,6 @@ Branch: REL9_1_STABLE [386dcd539] 2015-12-11 19:08:40 -0500
-
-
Update time zone data files to tzdata release 2016a for
diff --git a/doc/src/sgml/release-9.5.sgml b/doc/src/sgml/release-9.5.sgml
index f47b7c262e2..6639be53bf3 100644
--- a/doc/src/sgml/release-9.5.sgml
+++ b/doc/src/sgml/release-9.5.sgml
@@ -1,6 +1,403 @@
+
+ Release 9.5.1
+
+
+ Release Date
+ 2016-02-11
+
+
+
+ This release contains a variety of fixes from 9.5.0.
+ For information about new features in the 9.5 major release, see
+ .
+
+
+
+ Migration to Version 9.5.1
+
+
+ A dump/restore is not required for those running 9.5.X.
+
+
+
+
+ Changes
+
+
+
+
+
+
+
+ Fix an oversight that caused hash joins to miss joining to some tuples
+ of the inner relation in rare cases (Tomas Vondra, Tom Lane)
+
+
+
+
+
+
+
+ Make %h and %r escapes
+ in log_line_prefix work for messages emitted due
+ to log_connections (Tom Lane)
+
+
+
+ Previously, %h/%r started to work just after a
+ new session had emitted the connection received log message;
+ now they work for that message too.
+
+
+
+
+
+
+
+ Avoid leaking a token handle during SSPI authentication
+ (Christian Ullrich)
+
+
+
+
+
+
+
+ Fix psql's \det command to interpret its
+ pattern argument the same way as other \d commands with
+ potentially schema-qualified patterns do (Reece Hart)
+
+
+
+
+
+
+
+ In pg_ctl on Windows, check service status to decide
+ where to send output, rather than checking if standard output is a
+ terminal (Michael Paquier)
+
+
+
+
+
+
+
+ Fix assorted corner-case bugs in pg_dump's processing
+ of extension member objects (Tom Lane)
+
+
+
+
+
+
+
+ Fix improper quoting of domain constraint names
+ in pg_dump (Elvis Pranskevichus)
+
+
+
+
+
+
+
+ Make pg_dump mark a view's triggers as needing to be
+ processed after its rule, to prevent possible failure during
+ parallel pg_restore (Tom Lane)
+
+
+
+
+
+
+
+ Install guards in pgbench against corner-case overflow
+ conditions during evaluation of script-specified division or modulo
+ operators (Fabien Coelho, Michael Paquier)
+
+
+
+
+
+
+
+ Suppress useless warning message when pg_receivexlog
+ connects to a pre-9.4 server (Marco Nenciarini)
+
+
+
+
+
+
+
+ Avoid dump/reload problems when using both plpython2
+ and plpython3 (Tom Lane)
+
+
+
+ In principle, both versions of PL/Python can be used in
+ the same database, though not in the same session (because the two
+ versions of libpython cannot safely be used concurrently).
+ However, pg_restore and pg_upgrade both
+ do things that can fall foul of the same-session restriction. Work
+ around that by changing the timing of the check.
+
+
+
+
+
+
+
+ Fix PL/Python regression tests to pass with Python 3.5
+ (Peter Eisentraut)
+
+
+
+
+
+
+
+ Prevent certain PL/Java parameters from being set by
+ non-superusers (Noah Misch)
+
+
+
+ This change mitigates a PL/Java security bug
+ (CVE-2016-0766), which was fixed in PL/Java by marking
+ these parameters as superuser-only. To fix the security hazard for
+ sites that update PostgreSQL more frequently
+ than PL/Java, make the core code aware of them also.
+
+
+
+
+
+
+
+ Fix ecpg-supplied header files to not contain comments
+ continued from a preprocessor directive line onto the next line
+ (Michael Meskes)
+
+
+
+ Such a comment is rejected by ecpg. It's not yet clear
+ whether ecpg itself should be changed.
+
+
+
+
+
+
+
+ Fix hstore_to_json_loose()'s test for whether
+ an hstore value can be converted to a JSON number (Tom Lane)
+
+
+
+ Previously this function could be fooled by non-alphanumeric trailing
+ characters, leading to emitting syntactically-invalid JSON.
+
+
+
+
+
+
+
+ In contrib/postgres_fdw, fix bugs triggered by use
+ of tableoid in data-modifying commands (Etsuro Fujita,
+ Robert Haas)
+
+
+
+
+
+
+
+ Fix ill-advised restriction of NAMEDATALEN to be less
+ than 256 (Robert Haas, Tom Lane)
+
+
+
+
+
+
+
+ Improve reproducibility of build output by ensuring filenames are given
+ to the linker in a fixed order (Christoph Berg)
+
+
+
+ This avoids possible bitwise differences in the produced executable
+ files from one build to the next.
+
+
+
+
+
+
+
+ Ensure that dynloader.h is included in the installed
+ header files in MSVC builds (Bruce Momjian, Michael Paquier)
+
+
+
+
+
+
+
+ Update time zone data files to tzdata release 2016a for
+ DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal
+ Territory (Zabaykalsky Krai), plus historical corrections for Pakistan.
+
+
+
+
+
+
+
+
Release 9.5