If you are used to patch Oracle databases you probably know how to use opatch to apply PSUs. How does PostgreSQL handle this? Do we need to patch the existing binaries to apply security fixes? The answer is: No.

Lets say you want to patch PostgreSQL from version 9.4.1 to version 9.4.5. What do you need to do?

For this little demo I’ll create a new database and a sample table in my 9.4.1 instance:

(postgres@[local]:5432) [postgres] > select version();
                                                         version                                                          
--------------------------------------------------------------------------------------------------------------------------
 PostgreSQL 9.4.1 on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.8.3 20140911 (Red Hat 4.8.3-9), 64-bit
(1 row)

Time: 0.483 ms
(postgres@[local]:5432) [postgres] > create database patch;
CREATE DATABASE
Time: 2533.745 ms
(postgres@[local]:5432) [postgres] > c patch
You are now connected to database "patch" as user "postgres".
(postgres@[local]:5432)  > create table test ( a int );
CREATE TABLE
Time: 2.430 ms
(postgres@[local]:5432)  > insert into test (a) values ( generate_series(1,100));
INSERT 0 100
Time: 0.959 ms

If I now want to bring this version to 9.4.5 the first step I’ll need to do is to install the 9.4.5 binaries in a separate path. The binaries for my 9.4.1 installation are located here:

postgres@oel7:/home/postgres/ [PG1] ps -ef | grep PG1
postgres  2645     1  0 10:51 ?        00:00:00 /u01/app/postgres/product/94/db_1/bin/postgres -D /u02/pgdata/PG1
postgres 14439 11550  0 11:04 pts/1    00:00:00 grep --color=auto PG1

I already installed the 9.4.5 binaries here:

postgres@oel7:/home/postgres/ [PG1] ls /u01/app/postgres/product/94/db_5
bin  include  lib  share

The only tasks I need to do from here on are a) stop the 9.4.1 version:

postgres@oel7:/home/postgres/ [PG1] which pg_ctl
/u01/app/postgres/product/94/db_1/bin/pg_ctl
postgres@oel7:/home/postgres/ [PG1] pg_ctl -D /u02/pgdata/PG1 stop -m fast
waiting for server to shut down.... done
server stopped
postgres@oel7:/home/postgres/ [PG1] ps -ef | grep PG1
postgres 14452 11550  0 11:06 pts/1    00:00:00 grep --color=auto PG1
postgres@oel7:/home/postgres/ [PG1] 

Once the old version is down I just can b) restart with the new binaries:

postgres@oel7:/home/postgres/ [PG1] which pg_ctl
/u01/app/postgres/product/94/db_5/bin/pg_ctl
postgres@oel7:/home/postgres/ [PG1] pg_ctl -D /u02/pgdata/PG1 start
server starting
postgres@oel7:/home/postgres/ [PG1] LOG:  database system was shut down at 2015-12-01 11:06:31 CET
LOG:  MultiXact member wraparound protections are now enabled
LOG:  database system is ready to accept connections
LOG:  autovacuum launcher started

That’s it. The new version is now 9.4.5:

(postgres@[local]:5432) [postgres] > select version();
                                                   version                                                    
--------------------------------------------------------------------------------------------------------------
 PostgreSQL 9.4.5 on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.8.3 20140911 (Red Hat 4.8.3-9), 64-bit
(1 row)

Time: 20.725 ms
(postgres@[local]:5432) [postgres] > c patch
You are now connected to database "patch" as user "postgres".
(postgres@[local]:5432)  > select count(*) from test;
 count 
-------
   100
(1 row)

Time: 104.297 ms

Usually, for minor versions, you can just install the new binaries and start the instance from there. But anyway, be sure to read the release notes before doing it.