Release date: 2017-11-09
This release contains a variety of fixes from 9.2.23. For information about new features in the 9.2 major release, see Section E.107.
This is expected to be the last PostgreSQL release in the 9.2.X series. Users are encouraged to update to a newer release branch soon.
A dump/restore is not required for those running 9.2.X.
However, if you are upgrading from a version earlier than 9.2.22, see Section E.85.
      Fix sample server-start scripts to become $PGUSER
      before opening $PGLOG (Noah Misch)
     
      Previously, the postmaster log file was opened while still running as
      root.  The database owner could therefore mount an attack against
      another system user by making $PGLOG be a symbolic
      link to some other file, which would then become corrupted by appending
      log messages.
     
      By default, these scripts are not installed anywhere.  Users who have
      made use of them will need to manually recopy them, or apply the same
      changes to their modified versions.  If the
      existing $PGLOG file is root-owned, it will need to
      be removed or renamed out of the way before restarting the server with
      the corrected script.
      (CVE-2017-12172)
     
      Properly reject attempts to convert infinite float values to
      type numeric (Tom Lane, KaiGai Kohei)
     
Previously the behavior was platform-dependent.
Fix corner-case crashes when columns have been added to the end of a view (Tom Lane)
      Record proper dependencies when a view or rule
      contains FieldSelect
      or FieldStore expression nodes (Tom Lane)
     
      Lack of these dependencies could allow a column or data
      type DROP to go through when it ought to fail,
      thereby causing later uses of the view or rule to get errors.
      This patch does not do anything to protect existing views/rules,
      only ones created in the future.
     
Correctly detect hashability of range data types (Tom Lane)
The planner mistakenly assumed that any range type could be hashed for use in hash joins or hash aggregation, but actually it must check whether the range's subtype has hash support. This does not affect any of the built-in range types, since they're all hashable anyway.
      Fix low-probability loss of NOTIFY messages due to
      XID wraparound (Marko Tiikkaja, Tom Lane)
     
If a session executed no queries, but merely listened for notifications, for more than 2 billion transactions, it started to miss some notifications from concurrently-committing transactions.
Prevent low-probability crash in processing of nested trigger firings (Tom Lane)
      Correctly restore the umask setting when file creation fails
      in COPY or lo_export()
      (Peter Eisentraut)
     
      Give a better error message for duplicate column names
      in ANALYZE (Nathan Bossart)
     
Fix libpq to not require user's home directory to exist (Tom Lane)
      In v10, failure to find the home directory while trying to
      read ~/.pgpass was treated as a hard error,
      but it should just cause that file to not be found.  Both v10 and
      previous release branches made the same mistake when
      reading ~/.pg_service.conf, though this was less
      obvious since that file is not sought unless a service name is
      specified.
     
      Fix libpq to guard against integer
      overflow in the row count of a PGresult
      (Michael Paquier)
     
Sync our copy of the timezone library with IANA release tzcode2017c (Tom Lane)
      This fixes various issues; the only one likely to be user-visible
      is that the default DST rules for a POSIX-style zone name, if
      no posixrules file exists in the timezone data
      directory, now match current US law rather than what it was a dozen
      years ago.
     
Update time zone data files to tzdata release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, Sudan, Tonga, and Turks & Caicos Islands, plus historical corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, Namibia, and Pago Pago.