Prevent integer overflows in array subscripting calculations (Tom Lane)

The array code previously did not complain about cases where an array's lower bound plus length overflows an integer. This resulted in later entries in the array becoming inaccessible (since their subscripts could not be written as integers), but more importantly it confused subsequent assignment operations. This could lead to memory overwrites, with ensuing crashes or unwanted data modifications. (CVE-2021-32027)

Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists (Tom Lane)

If the UPDATE list contains any multi-column sub-selects (which give rise to junk columns in addition to the results proper), the UPDATE path would end up storing tuples that include the values of the extra junk columns. That's fairly harmless in the short run, but if new columns are added to the table then the values would become accessible, possibly leading to malfunctions if they don't match the datatypes of the added columns.

In addition, in versions supporting cross-partition updates, a cross-partition update triggered by such a case had the reverse problem: the junk columns were removed from the target list, typically causing an immediate crash due to malfunction of the multi-column sub-select mechanism. (CVE-2021-32028)

Allow ALTER ROLE/DATABASE ... SET to set the role, session_authorization, and temp_buffers parameters (Tom Lane)

Previously, over-eager validity checks might reject these commands, even if the values would have worked when used later. This created a command ordering hazard for dump/reload and upgrade scenarios.

Fix bug with coercing the result of a COLLATE expression to a non-collatable type (Tom Lane)

This led to a parse tree in which the COLLATE appears to be applied to a non-collatable value. While that normally has no real impact (since COLLATE has no effect at runtime), it was possible to construct views that would be rejected during dump/reload.

Disallow calling window functions and procedures via the “fast path” wire protocol message (Tom Lane)

Only plain functions are supported here. While trying to call an aggregate function failed already, calling a window function would crash, and calling a procedure would work only if the procedure did no transaction control.

Extend pg_identify_object_as_address() to support event triggers (Joel Jacobson)

Fix to_char()'s handling of Roman-numeral month format codes with negative intervals (Julien Rouhaud)

Previously, such cases would usually cause a crash.

Fix use of uninitialized value while parsing an \{m,n\} quantifier in a BRE-mode regular expression (Tom Lane)

This error could cause the quantifier to act non-greedy, that is behave like an {m,n}? quantifier would do in full regular expressions.

Avoid divide-by-zero when estimating selectivity of a regular expression with a very long fixed prefix (Tom Lane)

This typically led to a NaN selectivity value, causing assertion failures or strange planner behavior.

Fix access-off-the-end-of-the-table error in BRIN index bitmap scans (Tomas Vondra)

If the page range size used by a BRIN index isn't a power of two, there were corner cases in which a bitmap scan could try to fetch pages past the actual end of the table, leading to “could not open file” errors.

Ensure that locks are released while shutting down a standby server's startup process (Fujii Masao)

When a standby server is shut down while still in recovery, some locks might be left held. This causes assertion failures in debug builds; it's unclear whether any serious consequence could occur in production builds.

Ensure we default to wal_sync_method = fdatasync on recent FreeBSD (Thomas Munro)

FreeBSD 13 supports open_datasync, which would normally become the default choice. However, it's unclear whether that is actually an improvement for Postgres, so preserve the existing default for now.

Ensure we finish cleaning up when interrupted while detaching a DSM segment (Thomas Munro)

This error could result in temporary files not being cleaned up promptly after a parallel query.

Fix assorted minor memory leaks in the server (Tom Lane, Andres Freund)

Prevent infinite loop in libpq if a ParameterDescription message with a corrupt length is received (Tom Lane)

Fix psql to restore the previous behavior of \connect service=something (Tom Lane)

A previous bug fix caused environment variables (such as PGPORT) to override entries in the service file in this context. Restore the previous behavior, in which the priority is the other way around.

Fix race condition in detection of file modification by psql's \e and related commands (Laurenz Albe)

A very fast typist could fool the code's file-timestamp-based detection of whether the temporary edit file was changed.

Fix missed file version check in pg_restore (Tom Lane)

When reading a custom-format archive from a non-seekable source, pg_restore neglected to check the archive version. If it was fed a newer archive version than it can support, it would fail messily later on.

Add some more checks to pg_upgrade for user tables containing non-upgradable data types (Tom Lane)

Fix detection of some cases where a non-upgradable data type is embedded within a container type (such as an array or range). Also disallow upgrading when user tables contain columns of system-defined composite types, since those types' OIDs are not stable across versions.

Fix pg_waldump to count XACT records correctly when generating per-record statistics (Kyotaro Horiguchi)

Fix contrib/amcheck to not complain about the tuple flags HEAP_XMAX_LOCK_ONLY and HEAP_KEYS_UPDATED both being set (Julien Rouhaud)

This is a valid state after SELECT FOR UPDATE.

Adjust VPATH build rules to support recent Oracle Developer Studio compiler versions (Noah Misch)

Fix testing of PL/Python for Python 3 on Solaris (Noah Misch)