From 60b1d6c2a736a1279b297f698cf507d5c81fa31a Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 4 Feb 2019 19:18:50 -0500 Subject: [PATCH] Doc: in each release branch, keep only that branch's own release notes. Historically we've had each release branch include all prior branches' notes, including minor-release changes, back to the beginning of the project. That's basically an O(N^2) proposition, and it was starting to catch up with us: as of HEAD the back-branch release notes alone accounted for nearly 30% of the documentation. While there's certainly some value in easy access to back-branch notes, this is getting out of hand. Hence, switch over to the rule that each branch contains only its own release notes. So as to not make older notes too hard to find, each branch will provide URLs for the immediately preceding branches' release notes on the project website. There might be value in providing aggregated notes across all branches somewhere on the website, but that's a task for another day. Discussion: https://postgr.es/m/cbd4aeb5-2d9c-8b84-e968-9e09393d4c83@postgresql.org --- doc/src/sgml/filelist.sgml | 13 - doc/src/sgml/release-7.4.sgml | 4622 ---------- doc/src/sgml/release-8.0.sgml | 5421 ------------ doc/src/sgml/release-8.1.sgml | 5444 ------------ doc/src/sgml/release-8.2.sgml | 7077 ---------------- doc/src/sgml/release-8.3.sgml | 8549 ------------------- doc/src/sgml/release-8.4.sgml | 10080 ---------------------- doc/src/sgml/release-9.0.sgml | 11091 ------------------------ doc/src/sgml/release-9.1.sgml | 11763 -------------------------- doc/src/sgml/release-9.2.sgml | 12201 -------------------------- doc/src/sgml/release-9.3.sgml | 14551 -------------------------------- doc/src/sgml/release-9.4.sgml | 13157 ----------------------------- doc/src/sgml/release-9.5.sgml | 11192 ------------------------ doc/src/sgml/release-old.sgml | 6657 --------------- doc/src/sgml/release.sgml | 91 +- 15 files changed, 74 insertions(+), 121835 deletions(-) delete mode 100644 doc/src/sgml/release-7.4.sgml delete mode 100644 doc/src/sgml/release-8.0.sgml delete mode 100644 doc/src/sgml/release-8.1.sgml delete mode 100644 doc/src/sgml/release-8.2.sgml delete mode 100644 doc/src/sgml/release-8.3.sgml delete mode 100644 doc/src/sgml/release-8.4.sgml delete mode 100644 doc/src/sgml/release-9.0.sgml delete mode 100644 doc/src/sgml/release-9.1.sgml delete mode 100644 doc/src/sgml/release-9.2.sgml delete mode 100644 doc/src/sgml/release-9.3.sgml delete mode 100644 doc/src/sgml/release-9.4.sgml delete mode 100644 doc/src/sgml/release-9.5.sgml delete mode 100644 doc/src/sgml/release-old.sgml diff --git a/doc/src/sgml/filelist.sgml b/doc/src/sgml/filelist.sgml index 69649a7da4..a2769f0c0f 100644 --- a/doc/src/sgml/filelist.sgml +++ b/doc/src/sgml/filelist.sgml @@ -169,19 +169,6 @@ - - - - - - - - - - - - - diff --git a/doc/src/sgml/release-7.4.sgml b/doc/src/sgml/release-7.4.sgml deleted file mode 100644 index 1b5796c958..0000000000 --- a/doc/src/sgml/release-7.4.sgml +++ /dev/null @@ -1,4622 +0,0 @@ - - - - - Release 7.4.30 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 7.4.29. - For information about new features in the 7.4 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 7.4.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 7.4.30 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.26, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - - - - - Release 7.4.29 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 7.4.28. - For information about new features in the 7.4 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 7.4.X release series in July 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 7.4.29 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.26, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Update pl/perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in pl/python (Andreas Freund, Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including OS X. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - - - - - Release 7.4.28 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 7.4.27. - For information about new features in the 7.4 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 7.4.X release series in July 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 7.4.28 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.26, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - - - - - Release 7.4.27 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 7.4.26. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.27 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.26, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - - - - - Release 7.4.26 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 7.4.25. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.26 - - - A dump/restore is not required for those running 7.4.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 7.4.26. - Also, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - - - - - Release 7.4.25 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 7.4.24. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.25 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 7.4.24 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 7.4.23. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.24 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Fix uninitialized variables in contrib/tsearch2's - get_covers() function (Teodor) - - - - - - Fix bug in to_char()'s handling of TH - format codes (Andreas Scherbaum) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - - - - - Release 7.4.23 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 7.4.22. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.23 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix incorrect tsearch2 headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Fix ecpg's parsing of CREATE USER (Michael) - - - - - - - - - - Release 7.4.22 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 7.4.21. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.22 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - - - - - Release 7.4.21 - - - Release date: - 2008-06-12 - - - - This release contains one serious bug fix over 7.4.20. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.21 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - - - - - Release 7.4.20 - - - Release date: - never released - - - - This release contains a variety of fixes from 7.4.19. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.20 - - - A dump/restore is not required for those running 7.4.X. - However, if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix a few datatype input functions - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix DatumGetBool macro to not fail with gcc - 4.3 (Tom) - - - - This problem affects old style (V0) C functions that - return boolean. The fix is already in 8.3, but the need to - back-patch it was not realized at the time. - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Fix display of constant expressions in ORDER BY - and GROUP BY (Tom) - - - - An explicitly casted constant would be shown incorrectly. This could - for example lead to corruption of a view definition during - dump and reload. - - - - - - Fix libpq to handle NOTICE messages correctly - during COPY OUT (Tom) - - - - This failure has only been observed to occur when a user-defined - datatype's output routine issues a NOTICE, but there is no - guarantee it couldn't happen due to other causes. - - - - - - - - - - Release 7.4.19 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 7.4.18, - including fixes for significant security issues. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.19 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Repair assorted bugs in the regular-expression package (Tom, Will Drewry) - - - - Suitably crafted regular-expression patterns could cause crashes, - infinite or near-infinite looping, and/or massive memory consumption, - all of which pose denial-of-service hazards for applications that - accept regex search patterns from untrustworthy sources. - (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 7.4.18 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Fix planner failure in some cases of WHERE false AND var IN - (SELECT ...) (Tom) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Fix PL/Python to not crash on long exception messages (Alvaro) - - - - - - ecpg parser fixes (Michael) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Fix tsvector and tsquery output routines to - escape backslashes correctly (Teodor, Bruce) - - - - - - Fix crash of to_tsvector() on huge input strings (Teodor) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - - - - - Release 7.4.18 - - - Release date: - 2007-09-17 - - - - This release contains fixes from 7.4.17. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.18 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Fix excessive logging of SSL error messages (Tom) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Prevent CLUSTER from failing - due to attempting to process temporary tables of other sessions (Alvaro) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - - - - - Release 7.4.17 - - - Release date: - 2007-04-23 - - - - This release contains fixes from 7.4.16, - including a security fix. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.17 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - /contrib/tsearch2 crash fixes (Teodor) - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - Fix PANIC during enlargement of a hash index (bug introduced in 7.4.15) - (Tom) - - - - - - - - - - Release 7.4.16 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 7.4.15, including - a security fix. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.16 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Remove security vulnerability that allowed connected users - to read backend memory (Tom) - - - The vulnerability involves suppressing the normal check that a SQL - function returns the data type it's declared to, or changing the - data type of a table column used in a SQL function (CVE-2007-0555). - This error can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix rare bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Fix for rare Assert() crash triggered by UNION (Tom) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - - - - - Release 7.4.15 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 7.4.14. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.15 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - - - - - Improve handling of getaddrinfo() on AIX (Tom) - - - - This fixes a problem with starting the statistics collector, - among other things. - - - - - - Fix failed to re-find parent key errors in - VACUUM (Tom) - - - - - - Fix bugs affecting multi-gigabyte hash indexes (Tom) - - - - - - Fix error when constructing an ARRAY[] made up of multiple - empty elements (Tom) - - - - - - to_number() and to_char(numeric) - are now STABLE, not IMMUTABLE, for - new initdb installs (Tom) - - - - This is because lc_numeric can potentially - change the output of these functions. - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - - - - - Release 7.4.14 - - - Release date: - 2006-10-16 - - - - This release contains a variety of fixes from 7.4.13. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.14 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - - Changes - - -Fix core dump when an untyped literal is taken as -ANYARRAY -Fix string_to_array() to handle overlapping - matches for the separator string -For example, string_to_array('123xx456xxx789', 'xx'). - -Fix corner cases in pattern matching for - psql's \d commands -Fix index-corrupting bugs in /contrib/ltree - (Teodor) -Fix backslash escaping in /contrib/dbmirror -Adjust regression tests for recent changes in US DST laws - - - - - - - - Release 7.4.13 - - - Release date: - 2006-05-23 - - - - This release contains a variety of fixes from 7.4.12, - including patches for extremely serious security issues. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.13 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 might require changes in application - code. If you have applications that embed untrustworthy strings - into SQL commands, you should examine them as soon as possible to - ensure that they are using recommended escaping techniques. In - most cases, applications should be using subroutines provided by - libraries or drivers (such as libpq's - PQescapeStringConn()) to perform string escaping, - rather than relying on ad hoc code to do it. - - - - - Changes - - -Change the server to reject invalidly-encoded multibyte -characters in all cases (Tatsuo, Tom) -While PostgreSQL has been moving in this direction for -some time, the checks are now applied uniformly to all encodings and all -textual input, and are now always errors not merely warnings. This change -defends against SQL-injection attacks of the type described in CVE-2006-2313. - - -Reject unsafe uses of \' in string literals -As a server-side defense against SQL-injection attacks of the type -described in CVE-2006-2314, the server now only accepts '' and not -\' as a representation of ASCII single quote in SQL string -literals. By default, \' is rejected only when -client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, -GB18030, or UHC), which is the scenario in which SQL injection is possible. -A new configuration parameter backslash_quote is available to -adjust this behavior when needed. Note that full security against -CVE-2006-2314 might require client-side changes; the purpose of -backslash_quote is in part to make it obvious that insecure -clients are insecure. - - -Modify libpq's string-escaping routines to be -aware of encoding considerations and -standard_conforming_strings -This fixes libpq-using applications for the security -issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs -them against the planned changeover to SQL-standard string literal syntax. -Applications that use multiple PostgreSQL connections -concurrently should migrate to PQescapeStringConn() and -PQescapeByteaConn() to ensure that escaping is done correctly -for the settings in use in each database connection. Applications that -do string escaping by hand should be modified to rely on library -routines instead. - - -Fix some incorrect encoding conversion functions -win1251_to_iso, alt_to_iso, -euc_tw_to_big5, euc_tw_to_mic, -mic_to_euc_tw were all broken to varying -extents. - - -Clean up stray remaining uses of \' in strings -(Bruce, Jan) - -Fix bug that sometimes caused OR'd index scans to -miss rows they should have returned - -Fix WAL replay for case where a btree index has been -truncated - -Fix SIMILAR TO for patterns involving -| (Tom) - -Fix server to use custom DH SSL parameters correctly (Michael -Fuhr) - -Fix for Bonjour on Intel Macs (Ashley Clark) - -Fix various minor memory leaks - - - - - - - Release 7.4.12 - - - Release date: - 2006-02-14 - - - - This release contains a variety of fixes from 7.4.11. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.12 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.11, - see . - - - - - Changes - - - -Fix potential crash in SET -SESSION AUTHORIZATION (CVE-2006-0553) -An unprivileged user could crash the server process, resulting in -momentary denial of service to other users, if the server has been compiled -with Asserts enabled (which is not the default). -Thanks to Akio Ishida for reporting this problem. - - -Fix bug with row visibility logic in self-inserted -rows (Tom) -Under rare circumstances a row inserted by the current command -could be seen as already valid, when it should not be. Repairs bug -created in 7.4.9 and 7.3.11 releases. - - -Fix race condition that could lead to file already -exists errors during pg_clog file creation -(Tom) - -Properly check DOMAIN constraints for -UNKNOWN parameters in prepared statements -(Neil) - -Fix to allow restoring dumps that have cross-schema -references to custom operators (Tom) - -Portability fix for testing presence of finite -and isinf during configure (Tom) - - - - - - - - Release 7.4.11 - - - Release date: - 2006-01-09 - - - - This release contains a variety of fixes from 7.4.10. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.11 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.8, - see . - Also, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the locale or - plperl issues described below. - - - - - Changes - - - -Fix for protocol-level Describe messages issued -outside a transaction or in a failed transaction (Tom) - -Fix character string comparison for locales that consider -different character combinations as equal, such as Hungarian (Tom) -This might require REINDEX to fix existing indexes on -textual columns. - -Set locale environment variables during postmaster startup -to ensure that plperl won't change the locale later -This fixes a problem that occurred if the postmaster was -started with environment variables specifying a different locale than what -initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You might need -REINDEX to fix existing indexes on -textual columns if this has happened to you. - -Fix longstanding bug in strpos() and regular expression -handling in certain rarely used Asian multi-byte character sets (Tatsuo) - - -Fix bug in /contrib/pgcrypto gen_salt, -which caused it not to use all available salt space for MD5 and -XDES algorithms (Marko Kreen, Solar Designer) -Salts for Blowfish and standard DES are unaffected. - -Fix /contrib/dblink to throw an error, -rather than crashing, when the number of columns specified is different from -what's actually returned by the query (Joe) - - - - - - - - Release 7.4.10 - - - Release date: - 2005-12-12 - - - - This release contains a variety of fixes from 7.4.9. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.10 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.8, - see . - - - - - Changes - - - -Fix race condition in transaction log management -There was a narrow window in which an I/O operation could be initiated -for the wrong page, leading to an Assert failure or data -corruption. - - -Prevent failure if client sends Bind protocol message -when current transaction is already aborted - -/contrib/ltree fixes (Teodor) - -AIX and HPUX compile fixes (Tom) - -Fix longstanding planning error for outer joins -This bug sometimes caused a bogus error RIGHT JOIN is -only supported with merge-joinable join conditions. - -Prevent core dump in pg_autovacuum when a -table has been dropped - - - - - - - Release 7.4.9 - - - Release date: - 2005-10-04 - - - - This release contains a variety of fixes from 7.4.8. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.9 - - - A dump/restore is not required for those running 7.4.X. However, - if you are upgrading from a version earlier than 7.4.8, - see . - - - - - Changes - - -Fix error that allowed VACUUM to remove -ctid chains too soon, and add more checking in code that follows -ctid links -This fixes a long-standing problem that could cause crashes in very rare -circumstances. -Fix CHAR() to properly pad spaces to the specified -length when using a multiple-byte character set (Yoshiyuki Asaba) -In prior releases, the padding of CHAR() was incorrect -because it only padded to the specified number of bytes without -considering how many characters were stored. -Fix the sense of the test for read-only transaction -in COPY -The code formerly prohibited COPY TO, where it should -prohibit COPY FROM. - -Fix planning problem with outer-join ON clauses that reference -only the inner-side relation -Further fixes for x FULL JOIN y ON true corner -cases -Make array_in and array_recv more -paranoid about validating their OID parameter -Fix missing rows in queries like UPDATE a=... WHERE -a... with GiST index on column a -Improve robustness of datetime parsing -Improve checking for partially-written WAL -pages -Improve robustness of signal handling when SSL is -enabled -Don't try to open more than max_files_per_process -files during postmaster startup -Various memory leakage fixes -Various portability improvements -Fix PL/pgSQL to handle var := var correctly when -the variable is of pass-by-reference type -Update contrib/tsearch2 to use current Snowball -code - - - - - - - Release 7.4.8 - - - Release date: - 2005-05-09 - - - - This release contains a variety of fixes from 7.4.7, including several - security-related issues. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.8 - - - A dump/restore is not required for those running 7.4.X. However, - it is one possible way of handling two significant security problems - that have been found in the initial contents of 7.4.X system - catalogs. A dump/initdb/reload sequence using 7.4.8's initdb will - automatically correct these problems. - - - - The larger security problem is that the built-in character set encoding - conversion functions can be invoked from SQL commands by unprivileged - users, but the functions were not designed for such use and are not - secure against malicious choices of arguments. The fix involves changing - the declared parameter list of these functions so that they can no longer - be invoked from SQL commands. (This does not affect their normal use - by the encoding conversion machinery.) - - - - The lesser problem is that the contrib/tsearch2 module - creates several functions that are misdeclared to return - internal when they do not accept internal arguments. - This breaks type safety for all functions using internal - arguments. - - - - It is strongly recommended that all installations repair these errors, - either by initdb or by following the manual repair procedures given - below. The errors at least allow unprivileged database users to crash - their server process, and might allow unprivileged users to gain the - privileges of a database superuser. - - - - If you wish not to do an initdb, perform the following procedures instead. - As the database superuser, do: - - -BEGIN; -UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype -WHERE pronamespace = 11 AND pronargs = 5 - AND proargtypes[2] = 'cstring'::regtype; --- The command should report having updated 90 rows; --- if not, rollback and investigate instead of committing! -COMMIT; - - - Next, if you have installed contrib/tsearch2, do: - - -BEGIN; -UPDATE pg_proc SET proargtypes[0] = 'internal'::regtype -WHERE oid IN ( - 'dex_init(text)'::regprocedure, - 'snb_en_init(text)'::regprocedure, - 'snb_ru_init(text)'::regprocedure, - 'spell_init(text)'::regprocedure, - 'syn_init(text)'::regprocedure -); --- The command should report having updated 5 rows; --- if not, rollback and investigate instead of committing! -COMMIT; - - - If this command fails with a message like function - "dex_init(text)" does not exist, then either tsearch2 - is not installed in this database, or you already did the update. - - - - The above procedures must be carried out in each database - of an installation, including template1, and ideally - including template0 as well. If you do not fix the - template databases then any subsequently created databases will contain - the same errors. template1 can be fixed in the same way - as any other database, but fixing template0 requires - additional steps. First, from any database issue: - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; - - Next connect to template0 and perform the above repair - procedures. Finally, do: - --- re-freeze template0: -VACUUM FREEZE; --- and protect it against future alterations: -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - Changes - - -Change encoding function signature to prevent -misuse -Change contrib/tsearch2 to avoid unsafe use of -INTERNAL function results -Repair ancient race condition that allowed a transaction to be -seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner -than for other purposes -This is an extremely serious bug since it could lead to apparent -data inconsistencies being briefly visible to applications. -Repair race condition between relation extension and -VACUUM -This could theoretically have caused loss of a page's worth of -freshly-inserted data, although the scenario seems of very low probability. -There are no known cases of it having caused more than an Assert failure. - -Fix comparisons of TIME WITH TIME ZONE values - -The comparison code was wrong in the case where the ---enable-integer-datetimes configuration switch had been used. -NOTE: if you have an index on a TIME WITH TIME ZONE column, -it will need to be REINDEXed after installing this update, because -the fix corrects the sort order of column values. - -Fix EXTRACT(EPOCH) for -TIME WITH TIME ZONE values -Fix mis-display of negative fractional seconds in -INTERVAL values - -This error only occurred when the ---enable-integer-datetimes configuration switch had been used. - -Ensure operations done during backend shutdown are counted by -statistics collector - -This is expected to resolve reports of pg_autovacuum -not vacuuming the system catalogs often enough — it was not being -told about catalog deletions caused by temporary table removal during -backend exit. - -Additional buffer overrun checks in plpgsql -(Neil) -Fix pg_dump to dump trigger names containing % -correctly (Neil) -Fix contrib/pgcrypto for newer OpenSSL builds -(Marko Kreen) -Still more 64-bit fixes for -contrib/intagg -Prevent incorrect optimization of functions returning -RECORD -Prevent to_char(interval) from dumping core for -month-related formats -Prevent crash on COALESCE(NULL,NULL) -Fix array_map to call PL functions correctly -Fix permission checking in ALTER DATABASE RENAME -Fix ALTER LANGUAGE RENAME -Make RemoveFromWaitQueue clean up after itself - -This fixes a lock management error that would only be visible if a transaction -was kicked out of a wait for a lock (typically by query cancel) and then the -holder of the lock released it within a very narrow window. - -Fix problem with untyped parameter appearing in -INSERT ... SELECT -Fix CLUSTER failure after -ALTER TABLE SET WITHOUT OIDS - - - - - - - Release 7.4.7 - - - Release date: - 2005-01-31 - - - - This release contains a variety of fixes from 7.4.6, including several - security-related issues. - For information about new features in the 7.4 major release, see - . - - - - Migration to Version 7.4.7 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Disallow LOAD to non-superusers - -On platforms that will automatically execute initialization functions of a -shared library (this includes at least Windows and ELF-based Unixen), -LOAD can be used to make the server execute arbitrary code. -Thanks to NGS Software for reporting this. -Check that creator of an aggregate function has the right to -execute the specified transition functions - -This oversight made it possible to bypass denial of EXECUTE -permission on a function. -Fix security and 64-bit issues in -contrib/intagg -Add needed STRICT marking to some contrib functions (Kris -Jurka) -Avoid buffer overrun when plpgsql cursor declaration has too -many parameters (Neil) -Fix planning error for FULL and RIGHT outer joins - -The result of the join was mistakenly supposed to be sorted the same as the -left input. This could not only deliver mis-sorted output to the user, but -in case of nested merge joins could give outright wrong answers. - -Fix plperl for quote marks in tuple fields -Fix display of negative intervals in SQL and GERMAN -datestyles -Make age(timestamptz) do calculation in local timezone not -GMT - - - - - - - Release 7.4.6 - - - Release date: - 2004-10-22 - - - - This release contains a variety of fixes from 7.4.5. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.6 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Repair possible failure to update hint bits on disk - -Under rare circumstances this oversight could lead to -could not access transaction status failures, which qualifies -it as a potential-data-loss bug. - -Ensure that hashed outer join does not miss tuples - -Very large left joins using a hash join plan could fail to output unmatched -left-side rows given just the right data distribution. - -Disallow running pg_ctl as root - -This is to guard against any possible security issues. - -Avoid using temp files in /tmp in make_oidjoins_check - -This has been reported as a security issue, though it's hardly worthy of -concern since there is no reason for non-developers to use this script anyway. - -Prevent forced backend shutdown from re-emitting prior command -result - -In rare cases, a client might think that its last command had succeeded when -it really had been aborted by forced database shutdown. - -Repair bug in pg_stat_get_backend_idset - -This could lead to misbehavior in some of the system-statistics views. - -Fix small memory leak in postmaster -Fix expected both swapped tables to have TOAST -tables bug - -This could arise in cases such as CLUSTER after ALTER TABLE DROP COLUMN. - -Prevent pg_ctl restart from adding -D multiple times -Fix problem with NULL values in GiST indexes -:: is no longer interpreted as a variable in an -ECPG prepare statement - - - - - - - Release 7.4.5 - - - Release date: - 2004-08-18 - - - - This release contains one serious bug fix over 7.4.4. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.5 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Repair possible crash during concurrent B-tree index insertions - -This patch fixes a rare case in which concurrent insertions into a B-tree index -could result in a server panic. No permanent damage would result, but it's -still worth a re-release. The bug does not exist in pre-7.4 releases. - - - - - - - - Release 7.4.4 - - - Release date: - 2004-08-16 - - - - This release contains a variety of fixes from 7.4.3. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.4 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Prevent possible loss of committed transactions during crash - -Due to insufficient interlocking between transaction commit and checkpointing, -it was possible for transactions committed just before the most recent -checkpoint to be lost, in whole or in part, following a database crash and -restart. This is a serious bug that has existed -since PostgreSQL 7.1. - -Check HAVING restriction before evaluating result list of an -aggregate plan -Avoid crash when session's current user ID is deleted -Fix hashed crosstab for zero-rows case (Joe) -Force cache update after renaming a column in a foreign key -Pretty-print UNION queries correctly -Make psql handle \r\n newlines properly in COPY IN -pg_dump handled ACLs with grant options incorrectly -Fix thread support for OS X and Solaris -Updated JDBC driver (build 215) with various fixes -ECPG fixes -Translation updates (various contributors) - - - - - - - Release 7.4.3 - - - Release date: - 2004-06-14 - - - - This release contains a variety of fixes from 7.4.2. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.3 - - - A dump/restore is not required for those running 7.4.X. - - - - - Changes - - -Fix temporary memory leak when using non-hashed aggregates (Tom) -ECPG fixes, including some for Informix compatibility (Michael) -Fixes for compiling with thread-safety, particularly Solaris (Bruce) -Fix error in COPY IN termination when using the old network protocol (ljb) -Several important fixes in pg_autovacuum, including fixes for -large tables, unsigned oids, stability, temp tables, and debug mode -(Matthew T. O'Connor) -Fix problem with reading tar-format dumps on NetBSD and BSD/OS (Bruce) -Several JDBC fixes -Fix ALTER SEQUENCE RESTART where last_value equals the restart value (Tom) -Repair failure to recalculate nested sub-selects (Tom) -Fix problems with non-constant expressions in LIMIT/OFFSET -Support FULL JOIN with no join clause, such as X FULL JOIN Y ON TRUE (Tom) -Fix another zero-column table bug (Tom) -Improve handling of non-qualified identifiers in GROUP BY clauses in sub-selects (Tom) - -Select-list aliases within the sub-select will now take precedence over -names from outer query levels. - -Do not generate NATURAL CROSS JOIN when decompiling rules (Tom) -Add checks for invalid field length in binary COPY (Tom) - - This fixes a difficult-to-exploit security hole. - -Avoid locking conflict between ANALYZE and LISTEN/NOTIFY -Numerous translation updates (various contributors) - - - - - - - Release 7.4.2 - - - Release date: - 2004-03-08 - - - - This release contains a variety of fixes from 7.4.1. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.2 - - - A dump/restore is not required for those running 7.4.X. However, - it might be advisable as the easiest method of incorporating fixes for - two errors that have been found in the initial contents of 7.4.X system - catalogs. A dump/initdb/reload sequence using 7.4.2's initdb will - automatically correct these problems. - - - - The more severe of the two errors is that data type anyarray - has the wrong alignment label; this is a problem because the - pg_statistic system catalog uses anyarray - columns. The mislabeling can cause planner misestimations and even - crashes when planning queries that involve WHERE clauses on - double-aligned columns (such as float8 and timestamp). - It is strongly recommended that all installations repair this error, - either by initdb or by following the manual repair procedure given - below. - - - - The lesser error is that the system view pg_settings - ought to be marked as having public update access, to allow - UPDATE pg_settings to be used as a substitute for - SET. This can also be fixed either by initdb or manually, - but it is not necessary to fix unless you want to use UPDATE - pg_settings. - - - - If you wish not to do an initdb, the following procedure will work - for fixing pg_statistic. As the database superuser, - do: - - --- clear out old data in pg_statistic: -DELETE FROM pg_statistic; -VACUUM pg_statistic; --- this should update 1 row: -UPDATE pg_type SET typalign = 'd' WHERE oid = 2277; --- this should update 6 rows: -UPDATE pg_attribute SET attalign = 'd' WHERE atttypid = 2277; --- --- At this point you MUST start a fresh backend to avoid a crash! --- --- repopulate pg_statistic: -ANALYZE; - - - This can be done in a live database, but beware that all backends - running in the altered database must be restarted before it is safe to - repopulate pg_statistic. - - - - To repair the pg_settings error, simply do: - -GRANT SELECT, UPDATE ON pg_settings TO PUBLIC; - - - - - The above procedures must be carried out in each database - of an installation, including template1, and ideally - including template0 as well. If you do not fix the - template databases then any subsequently created databases will contain - the same errors. template1 can be fixed in the same way - as any other database, but fixing template0 requires - additional steps. First, from any database issue: - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; - - Next connect to template0 and perform the above repair - procedures. Finally, do: - --- re-freeze template0: -VACUUM FREEZE; --- and protect it against future alterations: -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - Changes - - - Release 7.4.2 incorporates all the fixes included in release 7.3.6, - plus the following fixes: - - - -Fix pg_statistics alignment bug that could crash optimizer -See above for details about this problem. -Allow non-super users to update pg_settings -Fix several optimizer bugs, most of which led to -variable not found in subplan target lists errors -Avoid out-of-memory failure during startup of large multiple -index scan -Fix multibyte problem that could lead to out of -memory error during COPY IN -Fix problems with SELECT INTO / CREATE -TABLE AS from tables without OIDs -Fix problems with alter_table regression test -during parallel testing -Fix problems with hitting open file limit, especially on OS X (Tom) -Partial fix for Turkish-locale issues -initdb will succeed now in Turkish locale, but there are still some -inconveniences associated with the i/I problem. -Make pg_dump set client encoding on restore -Other minor pg_dump fixes -Allow ecpg to again use C keywords as column names (Michael) -Added ecpg WHENEVER NOT_FOUND to -SELECT/INSERT/UPDATE/DELETE (Michael) -Fix ecpg crash for queries calling set-returning functions (Michael) -Various other ecpg fixes (Michael) -Fixes for Borland compiler -Thread build improvements (Bruce) -Various other build fixes -Various JDBC fixes - - - - - - - Release 7.4.1 - - - Release date: - 2003-12-22 - - - - This release contains a variety of fixes from 7.4. - For information about new features in the 7.4 major release, see - . - - - - - Migration to Version 7.4.1 - - - A dump/restore is not required for those - running 7.4. - - - - If you want to install the fixes in the information schema - you need to reload it into the database. - This is either accomplished by initializing a new cluster - by running initdb, or by running the following - sequence of SQL commands in each database (ideally including - template1) as a superuser in - psql, after installing the new release: - -DROP SCHEMA information_schema CASCADE; -\i /usr/local/pgsql/share/information_schema.sql - - Substitute your installation path in the second command. - - - - - - Changes - - -Fixed bug in CREATE SCHEMA parsing in ECPG (Michael) -Fix compile error when and are used together (Peter) -Fix for subqueries that used hash joins (Tom) - - Certain subqueries that used hash joins would crash because of - improperly shared structures. - -Fix free space map compaction bug (Tom) - - This fixes a bug where compaction of the free space map could lead - to a database server shutdown. - - -Fix for Borland compiler build of libpq (Bruce) -Fix netmask() and hostmask() to return the maximum-length masklen (Tom) - - Fix these functions to return values consistent with pre-7.4 - releases. - - -Several contrib/pg_autovacuum fixes - - Fixes include improper variable initialization, missing vacuum after - TRUNCATE, and duration computation overflow for long vacuums. - - -Allow compile of contrib/cube under Cygwin (Jason Tishler) -Fix Solaris use of password file when no passwords are defined (Tom) - - Fix crash on Solaris caused by use of any type of password - authentication when no passwords were defined. - - -JDBC fix for thread problems, other fixes -Fix for bytea index lookups (Joe) -Fix information schema for bit data types (Peter) -Force zero_damaged_pages to be on during recovery from WAL -Prevent some obscure cases of variable not in subplan target lists -Make PQescapeBytea and byteaout consistent with each other (Joe) -Escape bytea output for bytes > 0x7e(Joe) - - If different client encodings are used for bytea output and input, it - is possible for bytea values to be corrupted by the differing - encodings. This fix escapes all bytes that might be affected. - - -Added missing SPI_finish() calls to dblink's get_tuple_of_interest() (Joe) -New Czech FAQ -Fix information schema view constraint_column_usage for foreign keys (Peter) -ECPG fixes (Michael) -Fix bug with multiple IN subqueries and joins in the subqueries (Tom) -Allow COUNT('x') to work (Tom) -Install ECPG include files for Informix compatibility into separate directory (Peter) - - Some names of ECPG include files for Informix compatibility conflicted with operating system include files. - By installing them in their own directory, name conflicts have been reduced. - - -Fix SSL memory leak (Neil) - - This release fixes a bug in 7.4 where SSL didn't free all memory it allocated. - - -Prevent pg_service.conf from using service name as default dbname (Bruce) -Fix local ident authentication on FreeBSD (Tom) - - - - - - - Release 7.4 - - - Release date: - 2003-11-17 - - - - Overview - - - Major changes in this release: - - - - - - IN / NOT IN subqueries are - now much more efficient - - - - - In previous releases, IN/NOT - IN subqueries were joined to the upper query by - sequentially scanning the subquery looking for a match. The - 7.4 code uses the same sophisticated techniques used by - ordinary joins and so is much faster. An - IN will now usually be as fast as or faster - than an equivalent EXISTS subquery; this - reverses the conventional wisdom that applied to previous - releases. - - - - - - - Improved GROUP BY processing by using hash buckets - - - - - In previous releases, rows to be grouped had to be sorted - first. The 7.4 code can do GROUP BY - without sorting, by accumulating results into a hash table - with one entry per group. It will still use the sort - technique, however, if the hash table is estimated to be too - large to fit in sort_mem. - - - - - - - New multikey hash join capability - - - - - In previous releases, hash joins could only occur on single - keys. This release allows multicolumn hash joins. - - - - - - - Queries using the explicit JOIN syntax are - now better optimized - - - - - Prior releases evaluated queries using the explicit - JOIN syntax only in the order implied by - the syntax. 7.4 allows full optimization of these queries, - meaning the optimizer considers all possible join orderings - and chooses the most efficient. Outer joins, however, must - still follow the declared ordering. - - - - - - - Faster and more powerful regular expression code - - - - - The entire regular expression module has been replaced with a - new version by Henry Spencer, originally written for Tcl. The - code greatly improves performance and supports several flavors - of regular expressions. - - - - - - - Function-inlining for simple SQL functions - - - - - Simple SQL functions can now be inlined by including their SQL - in the main query. This improves performance by eliminating - per-call overhead. That means simple SQL functions now - behave like macros. - - - - - - - Full support for IPv6 connections and IPv6 address data types - - - - - Previous releases allowed only IPv4 connections, and the IP - data types only supported IPv4 addresses. This release adds - full IPv6 support in both of these areas. - - - - - - - Major improvements in SSL performance and reliability - - - - - Several people very familiar with the SSL API have overhauled - our SSL code to improve SSL key negotiation and error - recovery. - - - - - - - Make free space map efficiently reuse empty index pages, - and other free space management improvements - - - - - In previous releases, B-tree index pages that were left empty - because of deleted rows could only be reused by rows with - index values similar to the rows originally indexed on that - page. In 7.4, VACUUM records empty index - pages and allows them to be reused for any future index rows. - - - - - - - SQL-standard information schema - - - - - The information schema provides a standardized and stable way - to access information about the schema objects defined in a - database. - - - - - - - Cursors conform more closely to the SQL standard - - - - - The commands FETCH and - MOVE have been overhauled to conform more - closely to the SQL standard. - - - - - - - Cursors can exist outside transactions - - - - - These cursors are also called holdable cursors. - - - - - - - New client-to-server protocol - - - - - The new protocol adds error codes, more status information, - faster startup, better support for binary data transmission, - parameter values separated from SQL commands, prepared - statements available at the protocol level, and cleaner - recovery from COPY failures. The older - protocol is still supported by both server and clients. - - - - - - - libpq and - ECPG applications are now fully - thread-safe - - - - - While previous libpq releases - already supported threads, this release improves thread safety - by fixing some non-thread-safe code that was used during - database connection startup. The configure - option must be used to - enable this feature. - - - - - - - New version of full-text indexing - - - - - A new full-text indexing suite is available in - contrib/tsearch2. - - - - - - - New autovacuum tool - - - - - The new autovacuum tool in - contrib/autovacuum monitors the database - statistics tables for - INSERT/UPDATE/DELETE - activity and automatically vacuums tables when needed. - - - - - - - Array handling has been improved and moved into the server core - - - - - Many array limitations have been removed, and arrays behave - more like fully-supported data types. - - - - - - - - - Migration to Version 7.4 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - - - The server-side autocommit setting was removed and - reimplemented in client applications and languages. - Server-side autocommit was causing too many problems with - languages and applications that wanted to control their own - autocommit behavior, so autocommit was removed from the server - and added to individual client APIs as appropriate. - - - - - - Error message wording has changed substantially in this - release. Significant effort was invested to make the messages - more consistent and user-oriented. If your applications try to - detect different error conditions by parsing the error message, - you are strongly encouraged to use the new error code facility instead. - - - - - - Inner joins using the explicit JOIN syntax - might behave differently because they are now better - optimized. - - - - - - A number of server configuration parameters have been renamed - for clarity, primarily those related to - logging. - - - - - - FETCH 0 or MOVE 0 now - does nothing. In prior releases, FETCH 0 - would fetch all remaining rows, and MOVE 0 - would move to the end of the cursor. - - - - - - FETCH and MOVE now return - the actual number of rows fetched/moved, or zero if at the - beginning/end of the cursor. Prior releases would return the - row count passed to the command, not the number of rows - actually fetched or moved. - - - - - - COPY now can process files that use - carriage-return or carriage-return/line-feed end-of-line - sequences. Literal carriage-returns and line-feeds are no - longer accepted in data values; use \r and - \n instead. - - - - - - Trailing spaces are now trimmed when converting from type - char(n) to - varchar(n) or text. - This is what most people always expected to happen anyway. - - - - - - The data type float(p) now - measures p in binary digits, not decimal - digits. The new behavior follows the SQL standard. - - - - - - Ambiguous date values now must match the ordering specified by - the datestyle setting. In prior releases, a - date specification of 10/20/03 was interpreted as a - date in October even if datestyle specified that - the day should be first. 7.4 will throw an error if a date - specification is invalid for the current setting of - datestyle. - - - - - - The functions oidrand, - oidsrand, and - userfntest have been removed. These - functions were determined to be no longer useful. - - - - - - String literals specifying time-varying date/time values, such - as 'now' or 'today' will - no longer work as expected in column default expressions; they - now cause the time of the table creation to be the default, not - the time of the insertion. Functions such as - now(), current_timestamp, or - current_date should be used instead. - - - - In previous releases, there was special code so that strings - such as 'now' were interpreted at - INSERT time and not at table creation time, but - this work around didn't cover all cases. Release 7.4 now - requires that defaults be defined properly using functions such - as now() or current_timestamp. These - will work in all situations. - - - - - - The dollar sign ($) is no longer allowed in - operator names. It can instead be a non-first character in - identifiers. This was done to improve compatibility with other - database systems, and to avoid syntax problems when parameter - placeholders ($n) are written - adjacent to operators. - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - release 7.4 and the previous major release. - - - - Server Operation Changes - - - - - Allow IPv6 server connections (Nigel Kukard, Johan Jordaan, - Bruce, Tom, Kurt Roeckx, Andrew Dunstan) - - - - - - Fix SSL to handle errors cleanly (Nathan Mueller) - - - In prior releases, certain SSL API error reports were not - handled correctly. This release fixes those problems. - - - - - - SSL protocol security and performance improvements (Sean Chittenden) - - - SSL key renegotiation was happening too frequently, causing poor - SSL performance. Also, initial key handling was improved. - - - - - - Print lock information when a deadlock is detected (Tom) - - - This allows easier debugging of deadlock situations. - - - - - - Update /tmp socket modification times - regularly to avoid their removal (Tom) - - - This should help prevent /tmp directory - cleaner administration scripts from removing server socket - files. - - - - Enable PAM for Mac OS X (Aaron Hillegass) - - - Make B-tree indexes fully WAL-safe (Tom) - - In prior releases, under certain rare cases, a server crash - could cause B-tree indexes to become corrupt. This release - removes those last few rare cases. - - - - Allow B-tree index compaction and empty page reuse (Tom) - - - - Fix inconsistent index lookups during split of first root page (Tom) - - - In prior releases, when a single-page index split into two - pages, there was a brief period when another database session - could miss seeing an index entry. This release fixes that rare - failure case. - - - - Improve free space map allocation logic (Tom) - - - Preserve free space information between server restarts (Tom) - - In prior releases, the free space map was not saved when the - postmaster was stopped, so newly started servers had no free - space information. This release saves the free space map, and - reloads it when the server is restarted. - - - - Add start time to pg_stat_activity (Neil) - New code to detect corrupt disk pages; erase with zero_damaged_pages (Tom) - New client/server protocol: faster, no username length limit, allow clean exit from COPY (Tom) - Add transaction status, table ID, column ID to client/server protocol (Tom) - Add binary I/O to client/server protocol (Tom) - Remove autocommit server setting; move to client applications (Tom) - New error message wording, error codes, and three levels of error detail (Tom, Joe, Peter) - - - - - Performance Improvements - - - Add hashing for GROUP BY aggregates (Tom) - Make nested-loop joins be smarter about multicolumn indexes (Tom) - Allow multikey hash joins (Tom) - Improve constant folding (Tom) - Add ability to inline simple SQL functions (Tom) - - - Reduce memory usage for queries using complex functions (Tom) - - In prior releases, functions returning allocated memory would - not free it until the query completed. This release allows the - freeing of function-allocated memory when the function call - completes, reducing the total memory used by functions. - - - - - Improve GEQO optimizer performance (Tom) - - This release fixes several inefficiencies in the way the GEQO optimizer - manages potential query paths. - - - - - - Allow IN/NOT IN to be handled via hash - tables (Tom) - - - - - - Improve NOT IN (subquery) - performance (Tom) - - - - - - Allow most IN subqueries to be processed as - joins (Tom) - - - - - - Pattern matching operations can use indexes regardless of - locale (Peter) - - - There is no way for non-ASCII locales to use the standard - indexes for LIKE comparisons. This release - adds a way to create a special index for - LIKE. - - - - - Allow the postmaster to preload libraries using preload_libraries (Joe) - - For shared libraries that require a long time to load, this - option is available so the library can be preloaded in the - postmaster and inherited by all database sessions. - - - - - - Improve optimizer cost computations, particularly for subqueries (Tom) - - - - - - Avoid sort when subquery ORDER BY matches upper query (Tom) - - - - - - Deduce that WHERE a.x = b.y AND b.y = 42 also - means a.x = 42 (Tom) - - - - - - Allow hash/merge joins on complex joins (Tom) - - - - - - Allow hash joins for more data types (Tom) - - - - - - Allow join optimization of explicit inner joins, disable with - join_collapse_limit (Tom) - - - - - - Add parameter from_collapse_limit to control - conversion of subqueries to joins (Tom) - - - - - - Use faster and more powerful regular expression code from Tcl - (Henry Spencer, Tom) - - - - - - Use bit-mapped relation sets in the optimizer (Tom) - - - - - Improve connection startup time (Tom) - - The new client/server protocol requires fewer network packets to - start a database session. - - - - - - Improve trigger/constraint performance (Stephan) - - - - - - Improve speed of col IN (const, const, const, ...) (Tom) - - - - - - Fix hash indexes which were broken in rare cases (Tom) - - - - Improve hash index concurrency and speed (Tom) - - Prior releases suffered from poor hash index performance, - particularly for high concurrency situations. This release fixes - that, and the development group is interested in reports - comparing B-tree and hash index performance. - - - - - Align shared buffers on 32-byte boundary for copy speed improvement (Manfred Spraul) - - Certain CPU's perform faster data copies when addresses are - 32-byte aligned. - - - - - Data type numeric reimplemented for better performance (Tom) - - numeric used to be stored in base 100. The new code - uses base 10000, for significantly better performance. - - - - - - - Server Configuration Changes - - - - Rename server parameter server_min_messages to log_min_messages (Bruce) - - This was done so most parameters that control the server logs - begin with log_. - - - - Rename show_*_stats to log_*_stats (Bruce) - Rename show_source_port to log_source_port (Bruce) - Rename hostname_lookup to log_hostname (Bruce) - - - Add checkpoint_warning to warn of excessive checkpointing (Bruce) - - In prior releases, it was difficult to determine if checkpoint - was happening too frequently. This feature adds a warning to the - server logs when excessive checkpointing happens. - - - - New read-only server parameters for localization (Tom) - - - - Change debug server log messages to output as DEBUG - rather than LOG (Bruce) - - - - - Prevent server log variables from being turned off by non-superusers (Bruce) - - This is a security feature so non-superusers cannot disable - logging that was enabled by the administrator. - - - - - - log_min_messages/client_min_messages now - controls debug_* output (Bruce) - - - This centralizes client debug information so all debug output - can be sent to either the client or server logs. - - - - - Add Mac OS X Rendezvous server support (Chris Campbell) - - This allows Mac OS X hosts to query the network for available - PostgreSQL servers. - - - - - - Add ability to print only slow statements using - log_min_duration_statement - (Christopher) - - - This is an often requested debugging feature that allows - administrators to see only slow queries in their server logs. - - - - - Allow pg_hba.conf to accept netmasks in CIDR format (Andrew Dunstan) - - This allows administrators to merge the host IP address and - netmask fields into a single CIDR field in pg_hba.conf. - - - - New read-only parameter is_superuser (Tom) - - - New parameter log_error_verbosity to control error detail (Tom) - - This works with the new error reporting feature to supply - additional error information like hints, file names and line - numbers. - - - - - postgres --describe-config now dumps server config variables (Aizaz Ahmed, Peter) - - This option is useful for administration tools that need to know - the configuration variable names and their minimums, maximums, - defaults, and descriptions. - - - - - - Add new columns in pg_settings: - context, type, source, - min_val, max_val (Joe) - - - - - - Make default shared_buffers 1000 and - max_connections 100, if possible (Tom) - - - Prior versions defaulted to 64 shared buffers so PostgreSQL - would start on even very old systems. This release tests the - amount of shared memory allowed by the platform and selects more - reasonable default values if possible. Of course, users are - still encouraged to evaluate their resource load and size - shared_buffers accordingly. - - - - - - New pg_hba.conf record type - hostnossl to prevent SSL connections (Jon - Jensen) - - - In prior releases, there was no way to prevent SSL connections - if both the client and server supported SSL. This option allows - that capability. - - - - - - Remove parameter geqo_random_seed - (Tom) - - - - - - Add server parameter regex_flavor to control regular expression processing (Tom) - - - - - - Make pg_ctl better handle nonstandard ports (Greg) - - - - - - - Query Changes - - - New SQL-standard information schema (Peter) - Add read-only transactions (Peter) - Print key name and value in foreign-key violation messages (Dmitry Tkach) - - - Allow users to see their own queries in pg_stat_activity (Kevin Brown) - - In prior releases, only the superuser could see query strings - using pg_stat_activity. Now ordinary users - can see their own query strings. - - - - - Fix aggregates in subqueries to match SQL standard (Tom) - - The SQL standard says that an aggregate function appearing - within a nested subquery belongs to the outer query if its - argument contains only outer-query variables. Prior - PostgreSQL releases did not handle - this fine point correctly. - - - - - Add option to prevent auto-addition of tables referenced in query (Nigel J. Andrews) - - By default, tables mentioned in the query are automatically - added to the FROM clause if they are not already - there. This is compatible with historic - POSTGRES behavior but is contrary to - the SQL standard. This option allows selecting - standard-compatible behavior. - - - - - Allow UPDATE ... SET col = DEFAULT (Rod) - - This allows UPDATE to set a column to its - declared default value. - - - - - Allow expressions to be used in LIMIT/OFFSET (Tom) - - In prior releases, LIMIT/OFFSET could - only use constants, not expressions. - - - - - Implement CREATE TABLE AS EXECUTE (Neil, Peter) - - - - - - Object Manipulation Changes - - - - Make CREATE SEQUENCE grammar more conforming to SQL:2003 (Neil) - - - - Add statement-level triggers (Neil) - - While this allows a trigger to fire at the end of a statement, - it does not allow the trigger to access all rows modified by the - statement. This capability is planned for a future release. - - - - - Add check constraints for domains (Rod) - - This greatly increases the usefulness of domains by allowing - them to use check constraints. - - - - - Add ALTER DOMAIN (Rod) - - This allows manipulation of existing domains. - - - - - Fix several zero-column table bugs (Tom) - - PostgreSQL supports zero-column tables. This fixes various bugs - that occur when using such tables. - - - - - Have ALTER TABLE ... ADD PRIMARY KEY add not-null constraint (Rod) - - In prior releases, ALTER TABLE ... ADD - PRIMARY would add a unique index, but not a not-null - constraint. That is fixed in this release. - - - - Add ALTER TABLE ... WITHOUT OIDS (Rod) - - This allows control over whether new and updated rows will have - an OID column. This is most useful for saving storage space. - - - - - - Add ALTER SEQUENCE to modify minimum, maximum, - increment, cache, cycle values (Rod) - - - - - Add ALTER TABLE ... CLUSTER ON (Alvaro Herrera) - - This command is used by pg_dump to record the - cluster column for each table previously clustered. This - information is used by database-wide cluster to cluster all - previously clustered tables. - - - - Improve automatic type casting for domains (Rod, Tom) - Allow dollar signs in identifiers, except as first character (Tom) - Disallow dollar signs in operator names, so x=$1 works (Tom) - - - - Allow copying table schema using LIKE - subtable, also SQL:2003 - feature INCLUDING DEFAULTS (Rod) - - - - - - Add WITH GRANT OPTION clause to - GRANT (Peter) - - - This enabled GRANT to give other users the - ability to grant privileges on an object. - - - - - - - Utility Command Changes - - - - Add ON COMMIT clause to CREATE TABLE for temporary tables (Gavin) - - This adds the ability for a table to be dropped or all rows - deleted on transaction commit. - - - - - Allow cursors outside transactions using WITH HOLD (Neil) - - In previous releases, cursors were removed at the end of the - transaction that created them. Cursors can now be created with - the WITH HOLD option, which allows them to - continue to be accessed after the creating transaction has - committed. - - - - - FETCH 0 and MOVE 0 now do nothing (Bruce) - - In previous releases, FETCH 0 fetched all - remaining rows, and MOVE 0 moved to the end - of the cursor. - - - - - - Cause FETCH and MOVE to - return the number of rows fetched/moved, or zero if at the - beginning/end of cursor, per SQL standard (Bruce) - - - In prior releases, the row count returned by - FETCH and MOVE did not - accurately reflect the number of rows processed. - - - - - Properly handle SCROLL with cursors, or - report an error (Neil) - - Allowing random access (both forward and backward scrolling) to - some kinds of queries cannot be done without some additional - work. If SCROLL is specified when the cursor - is created, this additional work will be performed. Furthermore, - if the cursor has been created with NO SCROLL, - no random access is allowed. - - - - - - Implement SQL-compatible options FIRST, - LAST, ABSOLUTE n, - RELATIVE n for - FETCH and MOVE (Tom) - - - - - Allow EXPLAIN on DECLARE CURSOR (Tom) - - - - Allow CLUSTER to use index marked as pre-clustered by default (Alvaro Herrera) - - - - Allow CLUSTER to cluster all tables (Alvaro Herrera) - - This allows all previously clustered tables in a database to be - reclustered with a single command. - - - - Prevent CLUSTER on partial indexes (Tom) - - Allow DOS and Mac line-endings in COPY files (Bruce) - - - - Disallow literal carriage return as a data value, - backslash-carriage-return and \r are still allowed - (Bruce) - - - - - COPY changes (binary, \.) (Tom) - - - - Recover from COPY failure cleanly (Tom) - - - - Prevent possible memory leaks in COPY (Tom) - - - - Make TRUNCATE transaction-safe (Rod) - - TRUNCATE can now be used inside a - transaction. If the transaction aborts, the changes made by the - TRUNCATE are automatically rolled back. - - - - - - Allow prepare/bind of utility commands like - FETCH and EXPLAIN (Tom) - - - - - Add EXPLAIN EXECUTE (Neil) - - - - Improve VACUUM performance on indexes by reducing WAL traffic (Tom) - - - - Functional indexes have been generalized into indexes on expressions (Tom) - - In prior releases, functional indexes only supported a simple - function applied to one or more column names. This release - allows any type of scalar expression. - - - - - - Have SHOW TRANSACTION ISOLATION match input - to SET TRANSACTION ISOLATION - (Tom) - - - - - - Have COMMENT ON DATABASE on nonlocal - database generate a warning, rather than an error (Rod) - - - - Database comments are stored in database-local tables so - comments on a database have to be stored in each database. - - - - - - Improve reliability of LISTEN/NOTIFY (Tom) - - - - - Allow REINDEX to reliably reindex nonshared system catalog indexes (Tom) - - This allows system tables to be reindexed without the - requirement of a standalone session, which was necessary in - previous releases. The only tables that now require a standalone - session for reindexing are the global system tables - pg_database, pg_shadow, and - pg_group. - - - - - - - Data Type and Function Changes - - - - - New server parameter extra_float_digits to - control precision display of floating-point numbers (Pedro - Ferreira, Tom) - - - This controls output precision which was causing regression - testing problems. - - - - Allow +1300 as a numeric time-zone specifier, for FJST (Tom) - - - - Remove rarely used functions oidrand, - oidsrand, and userfntest functions - (Neil) - - - - - Add md5() function to main server, already in contrib/pgcrypto (Joe) - - An MD5 function was frequently requested. For more complex - encryption capabilities, use - contrib/pgcrypto. - - - - Increase date range of timestamp (John Cochran) - - - - Change EXTRACT(EPOCH FROM timestamp) so - timestamp without time zone is assumed to be in - local time, not GMT (Tom) - - - - Trap division by zero in case the operating system doesn't prevent it (Tom) - Change the numeric data type internally to base 10000 (Tom) - New hostmask() function (Greg Wickham) - Fixes for to_char() and to_timestamp() (Karel) - - - - Allow functions that can take any argument data type and return - any data type, using anyelement and - anyarray (Joe) - - - This allows the creation of functions that can work with any - data type. - - - - - - Arrays can now be specified as ARRAY[1,2,3], - ARRAY[['a','b'],['c','d']], or - ARRAY[ARRAY[ARRAY[2]]] (Joe) - - - - - - Allow proper comparisons for arrays, including ORDER - BY and DISTINCT support - (Joe) - - - - Allow indexes on array columns (Joe) - Allow array concatenation with || (Joe) - - - - Allow WHERE qualification - expr op ANY/SOME/ALL - (array_expr) (Joe) - - - This allows arrays to behave like a list of values, for purposes - like SELECT * FROM tab WHERE col IN - (array_val). - - - - - - New array functions array_append, - array_cat, array_lower, - array_prepend, array_to_string, - array_upper, string_to_array (Joe) - - - - Allow user defined aggregates to use polymorphic functions (Joe) - Allow assignments to empty arrays (Joe) - - - - Allow 60 in seconds fields of time, - timestamp, and interval input values - (Tom) - - - Sixty-second values are needed for leap seconds. - - - - Allow cidr data type to be cast to text (Tom) - - Disallow invalid time zone names in SET TIMEZONE - - - - Trim trailing spaces when char is cast to - varchar or text (Tom) - - - - - - Make float(p) measure the precision - p in binary digits, not decimal digits - (Tom) - - - - - Add IPv6 support to the inet and cidr data types (Michael Graff) - - - - Add family() function to report whether address is IPv4 or IPv6 (Michael Graff) - - - - - Have SHOW datestyle generate output similar - to that used by SET datestyle (Tom) - - - - - - Make EXTRACT(TIMEZONE) and SET/SHOW - TIME ZONE follow the SQL convention for the sign of - time zone offsets, i.e., positive is east from UTC (Tom) - - - - - Fix date_trunc('quarter', ...) (Böjthe Zoltán) - - Prior releases returned an incorrect value for this function call. - - - - - Make initcap() more compatible with Oracle (Mike Nolan) - - initcap() now uppercases a letter appearing - after any non-alphanumeric character, rather than only after - whitespace. - - - - - Allow only datestyle field order for date values not in ISO-8601 format (Greg) - - - - - Add new datestyle values MDY, - DMY, and YMD to set input field order; - honor US and European for backward - compatibility (Tom) - - - - - - String literals like 'now' or - 'today' will no longer work as a column - default. Use functions such as now(), - current_timestamp instead. (change - required for prepared statements) (Tom) - - - - - Treat NaN as larger than any other value in min()/max() (Tom) - - NaN was already sorted after ordinary numeric values for most - purposes, but min() and max() didn't - get this right. - - - - - Prevent interval from suppressing :00 - seconds display - - - - - New functions pg_get_triggerdef(prettyprint) - and pg_conversion_is_visible() (Christopher) - - - - - Allow time to be specified as 040506 or 0405 (Tom) - - - - - Input date order must now be YYYY-MM-DD (with 4-digit year) or - match datestyle - - - - - - Make pg_get_constraintdef support - unique, primary-key, and check constraints (Christopher) - - - - - - - Server-Side Language Changes - - - - - Prevent PL/pgSQL crash when RETURN NEXT is - used on a zero-row record variable (Tom) - - - - - - Make PL/Python's spi_execute interface - handle null values properly (Andrew Bosma) - - - - - Allow PL/pgSQL to declare variables of composite types without %ROWTYPE (Tom) - - - - Fix PL/Python's _quote() function to handle big integers - - - - Make PL/Python an untrusted language, now called plpythonu (Kevin Jacobs, Tom) - - The Python language no longer supports a restricted execution - environment, so the trusted version of PL/Python was removed. If - this situation changes, a version of PL/Python that can be used - by non-superusers will be readded. - - - - - Allow polymorphic PL/pgSQL functions (Joe, Tom) - - - - Allow polymorphic SQL functions (Joe) - - - - - Improved compiled function caching mechanism in PL/pgSQL with - full support for polymorphism (Joe) - - - - - - Add new parameter $0 in PL/pgSQL representing the - function's actual return type (Joe) - - - - - - Allow PL/Tcl and PL/Python to use the same trigger on multiple tables (Tom) - - - - - - Fixed PL/Tcl's spi_prepare to accept fully - qualified type names in the parameter type list - (Jan) - - - - - - - psql Changes - - - - Add \pset pager always to always use pager (Greg) - - This forces the pager to be used even if the number of rows is - less than the screen height. This is valuable for rows that - wrap across several screen rows. - - - - Improve tab completion (Rod, Ross Reedstrom, Ian Barwick) - Reorder \? help into groupings (Harald Armin Massa, Bruce) - Add backslash commands for listing schemas, casts, and conversions (Christopher) - - - - \encoding now changes based on the server parameter - client_encoding (Tom) - - - In previous versions, \encoding was not aware - of encoding changes made using SET - client_encoding. - - - - - Save editor buffer into readline history (Ross) - - When \e is used to edit a query, the result is saved - in the readline history for retrieval using the up arrow. - - - - Improve \d display (Christopher) - Enhance HTML mode to be more standards-conforming (Greg) - - - New \set AUTOCOMMIT off capability (Tom) - - This takes the place of the removed server parameter autocommit. - - - - - New \set VERBOSITY to control error detail (Tom) - - This controls the new error reporting details. - - - - New prompt escape sequence %x to show transaction status (Tom) - Long options for psql are now available on all platforms - - - - - pg_dump Changes - - - Multiple pg_dump fixes, including tar format and large objects - Allow pg_dump to dump specific schemas (Neil) - - - Make pg_dump preserve column storage characteristics (Christopher) - - This preserves ALTER TABLE ... SET STORAGE information. - - - - Make pg_dump preserve CLUSTER characteristics (Christopher) - - - - Have pg_dumpall use GRANT/REVOKE to dump database-level privileges (Tom) - - - - - - Allow pg_dumpall to support the options - - - Prevent pg_dump from lowercasing identifiers specified on the command line (Tom) - - - - pg_dump options - and now do nothing, all dumps - use SET SESSION AUTHORIZATION - - - pg_dump no longer reconnects to switch users, but instead always - uses SET SESSION AUTHORIZATION. This will - reduce password prompting during restores. - - - - - Long options for pg_dump are now available on all platforms - - PostgreSQL now includes its own - long-option processing routines. - - - - - - - libpq Changes - - - - - Add function PQfreemem for freeing memory on - Windows, suggested for NOTIFY (Bruce) - - - Windows requires that memory allocated in a library be freed by - a function in the same library, hence - free() doesn't work for freeing memory - allocated by libpq. PQfreemem is the proper - way to free libpq memory, especially on Windows, and is - recommended for other platforms as well. - - - - - Document service capability, and add sample file (Bruce) - - This allows clients to look up connection information in a - central file on the client machine. - - - - - - Make PQsetdbLogin have the same defaults as - PQconnectdb (Tom) - - - - Allow libpq to cleanly fail when result sets are too large (Tom) - - - - Improve performance of function PQunescapeBytea (Ben Lamb) - - - - - - Allow thread-safe libpq with configure - option (Lee Kindness, - Philip Yarra) - - - - - - Allow function pqInternalNotice to accept a - format string and arguments instead of just a preformatted - message (Tom, Sean Chittenden) - - - - - - Control SSL negotiation with sslmode values - disable, allow, - prefer, and require (Jon - Jensen) - - - - - Allow new error codes and levels of text (Tom) - - - - Allow access to the underlying table and column of a query result (Tom) - - This is helpful for query-builder applications that want to know - the underlying table and column names associated with a specific - result set. - - - - Allow access to the current transaction status (Tom) - Add ability to pass binary data directly to the server (Tom) - - - - Add function PQexecPrepared and - PQsendQueryPrepared functions which perform - bind/execute of previously prepared statements (Tom) - - - - - - - JDBC Changes - - - Allow setNull on updateable result sets - Allow executeBatch on a prepared statement (Barry) - Support SSL connections (Barry) - Handle schema names in result sets (Paul Sorenson) - Add refcursor support (Nic Ferrier) - - - - - Miscellaneous Interface Changes - - - - Prevent possible memory leak or core dump during libpgtcl shutdown (Tom) - - - Add Informix compatibility to ECPG (Michael) - - This allows ECPG to process embedded C programs that were - written using certain Informix extensions. - - - - - Add type decimal to ECPG that is fixed length, for Informix (Michael) - - - - - Allow thread-safe embedded SQL programs with - configure option - (Lee Kindness, Bruce) - - - This allows multiple threads to access the database at the same - time. - - - - - Moved Python client PyGreSQL to (Marc) - - - - - - Source Code Changes - - - Prevent need for separate platform geometry regression result files (Tom) - Improved PPC locking primitive (Reinhard Max) - New function palloc0 to allocate and clear memory (Bruce) - Fix locking code for s390x CPU (64-bit) (Tom) - Allow OpenBSD to use local ident credentials (William Ahern) - Make query plan trees read-only to executor (Tom) - Add Darwin startup scripts (David Wheeler) - Allow libpq to compile with Borland C++ compiler (Lester Godwin, Karl Waclawek) - Use our own version of getopt_long() if needed (Peter) - Convert administration scripts to C (Peter) - Bison >= 1.85 is now required to build the PostgreSQL grammar, if building from CVS - Merge documentation into one book (Peter) - Add Windows compatibility functions (Bruce) - Allow client interfaces to compile under MinGW (Bruce) - New ereport() function for error reporting (Tom) - Support Intel compiler on Linux (Peter) - Improve Linux startup scripts (Slawomir Sudnik, Darko Prenosil) - Add support for AMD Opteron and Itanium (Jeffrey W. Baker, Bruce) - - Remove option from configure - - This was no longer needed now that we have CREATE CONVERSION. - - - - Generate a compile error if spinlock code is not found (Bruce) - - Platforms without spinlock code will now fail to compile, rather - than silently using semaphores. This failure can be disabled - with a new configure option. - - - - - - - Contrib Changes - - - Change dbmirror license to BSD - Improve earthdistance (Bruno Wolff III) - Portability improvements to pgcrypto (Marko Kreen) - Prevent crash in xml (John Gray, Michael Richards) - Update oracle - Update mysql - Update cube (Bruno Wolff III) - Update earthdistance to use cube (Bruno Wolff III) - Update btree_gist (Oleg) - New tsearch2 full-text search module (Oleg, Teodor) - Add hash-based crosstab function to tablefuncs (Joe) - Add serial column to order connectby() siblings in tablefuncs (Nabil Sayegh,Joe) - Add named persistent connections to dblink (Shridhar Daithanka) - New pg_autovacuum allows automatic VACUUM (Matthew T. O'Connor) - Make pgbench honor environment variables PGHOST, PGPORT, PGUSER (Tatsuo) - Improve intarray (Teodor Sigaev) - Improve pgstattuple (Rod) - Fix bug in metaphone() in fuzzystrmatch - Improve adddepend (Rod) - Update spi/timetravel (Böjthe Zoltán) - Fix dbase - Remove array module because features now included by default (Joe) - - - - diff --git a/doc/src/sgml/release-8.0.sgml b/doc/src/sgml/release-8.0.sgml deleted file mode 100644 index 4f04024d2e..0000000000 --- a/doc/src/sgml/release-8.0.sgml +++ /dev/null @@ -1,5421 +0,0 @@ - - - - - Release 8.0.26 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.0.25. - For information about new features in the 8.0 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.0.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.0.26 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.22, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - - - - - Release 8.0.25 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.0.24. - For information about new features in the 8.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.0.X release series in July 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.0.25 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.22, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Update pl/perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in pl/python (Andreas Freund, Tom) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including OS X. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - - - - - - - Release 8.0.24 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.0.23. - For information about new features in the 8.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.0.X release series in July 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.0.24 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.22, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.0.23 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.0.22. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.23 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.22, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.0.22 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.0.21. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.22 - - - A dump/restore is not required for those running 8.0.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 8.0.22. - Also, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, - Argentina/San_Luis, Cuba, Jordan (historical correction only), - Mauritius, Morocco, Palestine, Syria, Tunisia. - - - - - - - - - - Release 8.0.21 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 8.0.20. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.21 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 8.0.20 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 8.0.19. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.20 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Fix uninitialized variables in contrib/tsearch2's - get_covers() function (Teodor) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - Update time zone data files to tzdata release 2009a (for - Kathmandu and historical DST corrections in Switzerland, Cuba) - - - - - - - - - - Release 8.0.19 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 8.0.18. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.19 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix possible crash when deeply nested functions are invoked from - a trigger (Tom) - - - - - - Ensure an error is reported when a newly-defined PL/pgSQL trigger - function is invoked as a normal function (Tom) - - - - - - Fix incorrect tsearch2 headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Fix ecpg's parsing of CREATE USER (Michael) - - - - - - Fix recent breakage of pg_ctl restart (Tom) - - - - - - Update time zone data files to tzdata release 2008i (for - DST law changes in Argentina, Brazil, Mauritius, Syria) - - - - - - - - - - Release 8.0.18 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 8.0.17. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.18 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Widen local lock counters from 32 to 64 bits (Tom) - - - - This responds to reports that the counters could overflow in - sufficiently long transactions, leading to unexpected lock is - already held errors. - - - - - - Add checks in executor startup to ensure that the tuples produced by an - INSERT or UPDATE will match the target table's - current rowtype (Tom) - - - - ALTER COLUMN TYPE, followed by re-use of a previously - cached plan, could produce this type of situation. The check protects - against data corruption and/or crashes that could ensue. - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful - about the encoding of data sent to or from Tcl (Tom) - - - - - - Fix PL/Python to work with Python 2.5 - - - - This is a back-port of fixes made during the 8.2 development cycle. - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - Fix pg_ctl to properly preserve postmaster - command-line arguments across a restart (Bruce) - - - - - - Update time zone data files to tzdata release 2008f (for - DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, - Pakistan, Palestine, and Paraguay) - - - - - - - - - - Release 8.0.17 - - - Release date: - 2008-06-12 - - - - This release contains one serious bug fix over 8.0.16. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.17 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - - - - - Release 8.0.16 - - - Release date: - never released - - - - This release contains a variety of fixes from 8.0.15. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.16 - - - A dump/restore is not required for those running 8.0.X. - However, if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new - column is correctly checked to see if it's been initialized to all - non-nulls (Brendan Jurd) - - - - Previous versions neglected to check this requirement at all. - - - - - - Fix possible CREATE TABLE failure when inheriting the - same constraint from multiple parent relations that - inherited that constraint from a common ancestor (Tom) - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix a few datatype input functions - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Update time zone data files to tzdata release 2008c (for - DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, - Argentina/San_Luis, and Chile) - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix core dump in contrib/xml2's - xpath_table() function when the input query returns a - NULL value (Tom) - - - - - - Fix contrib/xml2's makefile to not override - CFLAGS (Tom) - - - - - - Fix DatumGetBool macro to not fail with gcc - 4.3 (Tom) - - - - This problem affects old style (V0) C functions that - return boolean. The fix is already in 8.3, but the need to - back-patch it was not realized at the time. - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Fix rare crash when an error occurs during a query using a hash index - (Heikki) - - - - - - Fix input of datetime values for February 29 in years BC (Tom) - - - - The former coding was mistaken about which years were leap years. - - - - - - Fix unrecognized node type error in some variants of - ALTER OWNER (Tom) - - - - - - Fix pg_ctl to correctly extract the postmaster's port - number from command-line options (Itagaki Takahiro, Tom) - - - - Previously, pg_ctl start -w could try to contact the - postmaster on the wrong port, leading to bogus reports of startup - failure. - - - - - - Use - - - This is known to be necessary when building PostgreSQL - with gcc 4.3 or later. - - - - - - Fix display of constant expressions in ORDER BY - and GROUP BY (Tom) - - - - An explicitly casted constant would be shown incorrectly. This could - for example lead to corruption of a view definition during - dump and reload. - - - - - - Fix libpq to handle NOTICE messages correctly - during COPY OUT (Tom) - - - - This failure has only been observed to occur when a user-defined - datatype's output routine issues a NOTICE, but there is no - guarantee it couldn't happen due to other causes. - - - - - - - - - - Release 8.0.15 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 8.0.14, - including fixes for significant security issues. - For information about new features in the 8.0 major release, see - . - - - - This is the last 8.0.X release for which the PostgreSQL - community will produce binary packages for Windows. - Windows users are encouraged to move to 8.2.X or later, - since there are Windows-specific fixes in 8.2.X that - are impractical to back-port. 8.0.X will continue to - be supported on other platforms. - - - - Migration to Version 8.0.15 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Repair assorted bugs in the regular-expression package (Tom, Will Drewry) - - - - Suitably crafted regular-expression patterns could cause crashes, - infinite or near-infinite looping, and/or massive memory consumption, - all of which pose denial-of-service hazards for applications that - accept regex search patterns from untrustworthy sources. - (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 8.0.14 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Update time zone data files to tzdata release 2007k - (in particular, recent Argentina changes) (Tom) - - - - - - Fix planner failure in some cases of WHERE false AND var IN - (SELECT ...) (Tom) - - - - - - Preserve the tablespace of indexes that are - rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) - - - - - - Make archive recovery always start a new WAL timeline, rather than only - when a recovery stop time was used (Simon) - - - - This avoids a corner-case risk of trying to overwrite an existing - archived copy of the last WAL segment, and seems simpler and cleaner - than the original definition. - - - - - - Make VACUUM not use all of maintenance_work_mem - when the table is too small for it to be useful (Alvaro) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Fix PL/Perl to cope when platform's Perl defines type bool - as int rather than char (Tom) - - - - While this could theoretically happen anywhere, no standard build of - Perl did things this way ... until Mac OS X 10.5. - - - - - - Fix PL/Python to not crash on long exception messages (Alvaro) - - - - - - Fix pg_dump to correctly handle inheritance child tables - that have default expressions different from their parent's (Tom) - - - - - - ecpg parser fixes (Michael) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Fix tsvector and tsquery output routines to - escape backslashes correctly (Teodor, Bruce) - - - - - - Fix crash of to_tsvector() on huge input strings (Teodor) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - - - - - Release 8.0.14 - - - Release date: - 2007-09-17 - - - - This release contains a variety of fixes from 8.0.13. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.14 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Fix excessive logging of SSL error messages (Tom) - - - - - - Fix logging so that log messages are never interleaved when using - the syslogger process (Andrew) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Fix incorrect handling of some foreign-key corner cases (Tom) - - - - - - Prevent CLUSTER from failing - due to attempting to process temporary tables of other sessions (Alvaro) - - - - - - Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) - - - - - - Windows socket improvements (Magnus) - - - - - - Suppress timezone name (%Z) in log timestamps on Windows - because of possible encoding mismatches (Tom) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - - - - - Release 8.0.13 - - - Release date: - 2007-04-23 - - - - This release contains a variety of fixes from 8.0.12, - including a security fix. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.13 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - /contrib/tsearch2 crash fixes (Teodor) - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - Fix PANIC during enlargement of a hash index (bug introduced in 8.0.10) - (Tom) - - - - - - Fix POSIX-style timezone specs to follow new USA DST rules (Tom) - - - - - - - - - - Release 8.0.12 - - - Release date: - 2007-02-07 - - - - This release contains one fix from 8.0.11. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.12 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Remove overly-restrictive check for type length in constraints and - functional indexes(Tom) - - - - - - - - - - Release 8.0.11 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 8.0.10, including - a security fix. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.11 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Remove security vulnerabilities that allowed connected users - to read backend memory (Tom) - - - The vulnerabilities involve suppressing the normal check that a SQL - function returns the data type it's declared to, and changing the - data type of a table column (CVE-2007-0555, CVE-2007-0556). These - errors can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix rare bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Fix for rare Assert() crash triggered by UNION (Tom) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - - - - - Release 8.0.10 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 8.0.9. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.10 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - - - - - Improve handling of getaddrinfo() on AIX (Tom) - - - - This fixes a problem with starting the statistics collector, - among other things. - - - - - - Fix failed to re-find parent key errors in - VACUUM (Tom) - - - - - - Fix race condition for truncation of a large relation across a - gigabyte boundary by VACUUM (Tom) - - - - - - Fix bugs affecting multi-gigabyte hash indexes (Tom) - - - - - - Fix possible deadlock in Windows signal handling (Teodor) - - - - - - Fix error when constructing an ARRAY[] made up of multiple - empty elements (Tom) - - - - - - Fix ecpg memory leak during connection (Michael) - - - - - - to_number() and to_char(numeric) - are now STABLE, not IMMUTABLE, for - new initdb installs (Tom) - - - - This is because lc_numeric can potentially - change the output of these functions. - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - Update timezone database - - - - This affects Australian and Canadian daylight-savings rules in - particular. - - - - - - - - - - Release 8.0.9 - - - Release date: - 2006-10-16 - - - - This release contains a variety of fixes from 8.0.8. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.9 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - - Changes - - -Fix crash when referencing NEW row -values in rule WHERE expressions (Tom) -Fix core dump when an untyped literal is taken as -ANYARRAY -Fix mishandling of AFTER triggers when query contains a SQL -function returning multiple rows (Tom) -Fix ALTER TABLE ... TYPE to recheck -NOT NULL for USING clause (Tom) -Fix string_to_array() to handle overlapping - matches for the separator string -For example, string_to_array('123xx456xxx789', 'xx'). - -Fix corner cases in pattern matching for - psql's \d commands -Fix index-corrupting bugs in /contrib/ltree - (Teodor) -Numerous robustness fixes in ecpg (Joachim -Wieland) -Fix backslash escaping in /contrib/dbmirror -Fix instability of statistics collection on Win32 (Tom, Andrew) -Fixes for AIX and -Intel compilers (Tom) - - - - - - - Release 8.0.8 - - - Release date: - 2006-05-23 - - - - This release contains a variety of fixes from 8.0.7, - including patches for extremely serious security issues. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.8 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 might require changes in application - code. If you have applications that embed untrustworthy strings - into SQL commands, you should examine them as soon as possible to - ensure that they are using recommended escaping techniques. In - most cases, applications should be using subroutines provided by - libraries or drivers (such as libpq's - PQescapeStringConn()) to perform string escaping, - rather than relying on ad hoc code to do it. - - - - - Changes - - -Change the server to reject invalidly-encoded multibyte -characters in all cases (Tatsuo, Tom) -While PostgreSQL has been moving in this direction for -some time, the checks are now applied uniformly to all encodings and all -textual input, and are now always errors not merely warnings. This change -defends against SQL-injection attacks of the type described in CVE-2006-2313. - - -Reject unsafe uses of \' in string literals -As a server-side defense against SQL-injection attacks of the type -described in CVE-2006-2314, the server now only accepts '' and not -\' as a representation of ASCII single quote in SQL string -literals. By default, \' is rejected only when -client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, -GB18030, or UHC), which is the scenario in which SQL injection is possible. -A new configuration parameter backslash_quote is available to -adjust this behavior when needed. Note that full security against -CVE-2006-2314 might require client-side changes; the purpose of -backslash_quote is in part to make it obvious that insecure -clients are insecure. - - -Modify libpq's string-escaping routines to be -aware of encoding considerations and -standard_conforming_strings -This fixes libpq-using applications for the security -issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs -them against the planned changeover to SQL-standard string literal syntax. -Applications that use multiple PostgreSQL connections -concurrently should migrate to PQescapeStringConn() and -PQescapeByteaConn() to ensure that escaping is done correctly -for the settings in use in each database connection. Applications that -do string escaping by hand should be modified to rely on library -routines instead. - - -Fix some incorrect encoding conversion functions -win1251_to_iso, alt_to_iso, -euc_tw_to_big5, euc_tw_to_mic, -mic_to_euc_tw were all broken to varying -extents. - - -Clean up stray remaining uses of \' in strings -(Bruce, Jan) - -Fix bug that sometimes caused OR'd index scans to -miss rows they should have returned - -Fix WAL replay for case where a btree index has been -truncated - -Fix SIMILAR TO for patterns involving -| (Tom) - -Fix SELECT INTO and CREATE TABLE AS to -create tables in the default tablespace, not the base directory (Kris -Jurka) - -Fix server to use custom DH SSL parameters correctly (Michael -Fuhr) - -Fix for Bonjour on Intel Macs (Ashley Clark) - -Fix various minor memory leaks - -Fix problem with password prompting on some Win32 systems -(Robert Kinberg) - - - - - - - Release 8.0.7 - - - Release date: - 2006-02-14 - - - - This release contains a variety of fixes from 8.0.6. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.7 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.6, - see . - - - - - Changes - - - -Fix potential crash in SET -SESSION AUTHORIZATION (CVE-2006-0553) -An unprivileged user could crash the server process, resulting in -momentary denial of service to other users, if the server has been compiled -with Asserts enabled (which is not the default). -Thanks to Akio Ishida for reporting this problem. - - -Fix bug with row visibility logic in self-inserted -rows (Tom) -Under rare circumstances a row inserted by the current command -could be seen as already valid, when it should not be. Repairs bug -created in 8.0.4, 7.4.9, and 7.3.11 releases. - - -Fix race condition that could lead to file already -exists errors during pg_clog and pg_subtrans file creation -(Tom) - -Fix cases that could lead to crashes if a cache-invalidation -message arrives at just the wrong time (Tom) - -Properly check DOMAIN constraints for -UNKNOWN parameters in prepared statements -(Neil) - -Ensure ALTER COLUMN TYPE will process -FOREIGN KEY, UNIQUE, and PRIMARY KEY -constraints in the proper order (Nakano Yoshihisa) - -Fixes to allow restoring dumps that have cross-schema -references to custom operators or operator classes (Tom) - -Allow pg_restore to continue properly after a -COPY failure; formerly it tried to treat the remaining -COPY data as SQL commands (Stephen Frost) - -Fix pg_ctl unregister crash -when the data directory is not specified (Magnus) - -Fix ecpg crash on AMD64 and PPC -(Neil) - -Recover properly if error occurs during argument passing -in PL/python (Neil) - -Fix PL/perl's handling of locales on -Win32 to match the backend (Andrew) - -Fix crash when log_min_messages is set to -DEBUG3 or above in postgresql.conf on Win32 -(Bruce) - -Fix pgxs -L library path -specification for Win32, Cygwin, OS X, AIX (Bruce) - -Check that SID is enabled while checking for Win32 admin -privileges (Magnus) - -Properly reject out-of-range date inputs (Kris -Jurka) - -Portability fix for testing presence of finite -and isinf during configure (Tom) - - - - - - - - Release 8.0.6 - - - Release date: - 2006-01-09 - - - - This release contains a variety of fixes from 8.0.5. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.6 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.3, - see . - Also, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the locale or - plperl issues described below. - - - - - Changes - - - -Fix Windows code so that postmaster will continue rather -than exit if there is no more room in ShmemBackendArray (Magnus) -The previous behavior could lead to a denial-of-service situation if too -many connection requests arrive close together. This applies -only to the Windows port. - -Fix bug introduced in 8.0 that could allow ReadBuffer -to return an already-used page as new, potentially causing loss of -recently-committed data (Tom) - -Fix for protocol-level Describe messages issued -outside a transaction or in a failed transaction (Tom) - -Fix character string comparison for locales that consider -different character combinations as equal, such as Hungarian (Tom) -This might require REINDEX to fix existing indexes on -textual columns. - -Set locale environment variables during postmaster startup -to ensure that plperl won't change the locale later -This fixes a problem that occurred if the postmaster was -started with environment variables specifying a different locale than what -initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You might need -REINDEX to fix existing indexes on -textual columns if this has happened to you. - -Allow more flexible relocation of installation -directories (Tom) -Previous releases supported relocation only if all installation -directory paths were the same except for the last component. - -Fix longstanding bug in strpos() and regular expression -handling in certain rarely used Asian multi-byte character sets (Tatsuo) - - -Various fixes for functions returning RECORDs -(Tom) - -Fix bug in /contrib/pgcrypto gen_salt, -which caused it not to use all available salt space for MD5 and -XDES algorithms (Marko Kreen, Solar Designer) -Salts for Blowfish and standard DES are unaffected. - -Fix /contrib/dblink to throw an error, -rather than crashing, when the number of columns specified is different from -what's actually returned by the query (Joe) - - - - - - - - Release 8.0.5 - - - Release date: - 2005-12-12 - - - - This release contains a variety of fixes from 8.0.4. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.5 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.3, - see . - - - - - Changes - - - -Fix race condition in transaction log management -There was a narrow window in which an I/O operation could be initiated -for the wrong page, leading to an Assert failure or data -corruption. - - -Fix bgwriter problems after recovering from errors -(Tom) - -The background writer was found to leak buffer pins after write errors. -While not fatal in itself, this might lead to mysterious blockages of -later VACUUM commands. - - - -Prevent failure if client sends Bind protocol message -when current transaction is already aborted - -/contrib/ltree fixes (Teodor) - -AIX and HPUX compile fixes (Tom) - -Retry file reads and writes after Windows -NO_SYSTEM_RESOURCES error (Qingqing Zhou) - -Fix intermittent failure when log_line_prefix -includes %i - -Fix psql performance issue with long scripts -on Windows (Merlin Moncure) - -Fix missing updates of pg_group flat -file - -Fix longstanding planning error for outer joins -This bug sometimes caused a bogus error RIGHT JOIN is -only supported with merge-joinable join conditions. - -Postpone timezone initialization until after -postmaster.pid is created -This avoids confusing startup scripts that expect the pid file to appear -quickly. - -Prevent core dump in pg_autovacuum when a -table has been dropped - -Fix problems with whole-row references (foo.*) -to subquery results - - - - - - - Release 8.0.4 - - - Release date: - 2005-10-04 - - - - This release contains a variety of fixes from 8.0.3. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.4 - - - A dump/restore is not required for those running 8.0.X. However, - if you are upgrading from a version earlier than 8.0.3, - see . - - - - - Changes - - -Fix error that allowed VACUUM to remove -ctid chains too soon, and add more checking in code that follows -ctid links -This fixes a long-standing problem that could cause crashes in very rare -circumstances. -Fix CHAR() to properly pad spaces to the specified -length when using a multiple-byte character set (Yoshiyuki Asaba) -In prior releases, the padding of CHAR() was incorrect -because it only padded to the specified number of bytes without -considering how many characters were stored. -Force a checkpoint before committing CREATE -DATABASE -This should fix recent reports of index is not a btree -failures when a crash occurs shortly after CREATE -DATABASE. -Fix the sense of the test for read-only transaction -in COPY -The code formerly prohibited COPY TO, where it should -prohibit COPY FROM. - -Handle consecutive embedded newlines in COPY -CSV-mode input -Fix date_trunc(week) for dates near year -end -Fix planning problem with outer-join ON clauses that reference -only the inner-side relation -Further fixes for x FULL JOIN y ON true corner -cases -Fix overenthusiastic optimization of x IN (SELECT -DISTINCT ...) and related cases -Fix mis-planning of queries with small LIMIT -values due to poorly thought out fuzzy cost -comparison -Make array_in and array_recv more -paranoid about validating their OID parameter -Fix missing rows in queries like UPDATE a=... WHERE -a... with GiST index on column a -Improve robustness of datetime parsing -Improve checking for partially-written WAL -pages -Improve robustness of signal handling when SSL is -enabled -Improve MIPS and M68K spinlock code -Don't try to open more than max_files_per_process -files during postmaster startup -Various memory leakage fixes -Various portability improvements -Update timezone data files -Improve handling of DLL load failures on Windows -Improve random-number generation on Windows -Make psql -f filename return a nonzero exit code -when opening the file fails -Change pg_dump to handle inherited check -constraints more reliably -Fix password prompting in pg_restore on -Windows -Fix PL/pgSQL to handle var := var correctly when -the variable is of pass-by-reference type -Fix PL/Perl %_SHARED so it's actually -shared -Fix contrib/pg_autovacuum to allow sleep -intervals over 2000 sec -Update contrib/tsearch2 to use current Snowball -code - - - - - - - Release 8.0.3 - - - Release date: - 2005-05-09 - - - - This release contains a variety of fixes from 8.0.2, including several - security-related issues. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.3 - - - A dump/restore is not required for those running 8.0.X. However, - it is one possible way of handling two significant security problems - that have been found in the initial contents of 8.0.X system - catalogs. A dump/initdb/reload sequence using 8.0.3's initdb will - automatically correct these problems. - - - - The larger security problem is that the built-in character set encoding - conversion functions can be invoked from SQL commands by unprivileged - users, but the functions were not designed for such use and are not - secure against malicious choices of arguments. The fix involves changing - the declared parameter list of these functions so that they can no longer - be invoked from SQL commands. (This does not affect their normal use - by the encoding conversion machinery.) - - - - The lesser problem is that the contrib/tsearch2 module - creates several functions that are improperly declared to return - internal when they do not accept internal arguments. - This breaks type safety for all functions using internal - arguments. - - - - It is strongly recommended that all installations repair these errors, - either by initdb or by following the manual repair procedure given - below. The errors at least allow unprivileged database users to crash - their server process, and might allow unprivileged users to gain the - privileges of a database superuser. - - - - If you wish not to do an initdb, perform the same manual repair - procedures shown in the 7.4.8 release - notes. - - - - - Changes - - -Change encoding function signature to prevent -misuse -Change contrib/tsearch2 to avoid unsafe use of -INTERNAL function results -Guard against incorrect second parameter to -record_out -Repair ancient race condition that allowed a transaction to be -seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner -than for other purposes -This is an extremely serious bug since it could lead to apparent -data inconsistencies being briefly visible to applications. -Repair race condition between relation extension and -VACUUM -This could theoretically have caused loss of a page's worth of -freshly-inserted data, although the scenario seems of very low probability. -There are no known cases of it having caused more than an Assert failure. - -Fix comparisons of TIME WITH TIME ZONE values - -The comparison code was wrong in the case where the ---enable-integer-datetimes configuration switch had been used. -NOTE: if you have an index on a TIME WITH TIME ZONE column, -it will need to be REINDEXed after installing this update, because -the fix corrects the sort order of column values. - -Fix EXTRACT(EPOCH) for -TIME WITH TIME ZONE values -Fix mis-display of negative fractional seconds in -INTERVAL values - -This error only occurred when the ---enable-integer-datetimes configuration switch had been used. - -Fix pg_dump to dump trigger names containing % -correctly (Neil) -Still more 64-bit fixes for -contrib/intagg -Prevent incorrect optimization of functions returning -RECORD -Prevent crash on COALESCE(NULL,NULL) -Fix Borland makefile for libpq -Fix contrib/btree_gist for timetz type -(Teodor) -Make pg_ctl check the PID found in -postmaster.pid to see if it is still a live -process -Fix pg_dump/pg_restore problems caused -by addition of dump timestamps -Fix interaction between materializing holdable cursors and -firing deferred triggers during transaction commit -Fix memory leak in SQL functions returning pass-by-reference -data types - - - - - - - Release 8.0.2 - - - Release date: - 2005-04-07 - - - - This release contains a variety of fixes from 8.0.1. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.2 - - - A dump/restore is not required for those running 8.0.*. - This release updates the major version number of the - PostgreSQL libraries, so it might be - necessary to re-link some user applications if they cannot - find the properly-numbered shared library. - - - - - Changes - - -Increment the major version number of all interface -libraries (Bruce) - -This should have been done in 8.0.0. It is required so 7.4.X versions -of PostgreSQL client applications, like psql, -can be used on the same machine as 8.0.X applications. This might require -re-linking user applications that use these libraries. - -Add Windows-only wal_sync_method setting of - - -This setting causes PostgreSQL to write through -any disk-drive write cache when writing to WAL. -This behavior was formerly called - -Enable the wal_sync_method setting of - - -Because the default is no longer - -New cache management algorithm 2Q replaces -ARC (Tom) - -This was done to avoid a pending US patent on ARC. The -2Q code might be a few percentage points slower than -ARC for some work loads. A better cache management algorithm -will appear in 8.1. - -Planner adjustments to improve behavior on freshly-created -tables (Tom) -Allow plpgsql to assign to an element of an array that is -initially NULL (Tom) - -Formerly the array would remain NULL, but now it becomes a -single-element array. The main SQL engine was changed to handle -UPDATE of a null array value this way in 8.0, but the similar -case in plpgsql was overlooked. - - -Convert \r\n and \r to \n -in plpython function bodies (Michael Fuhr) - - This prevents syntax errors when plpython code is written on a Windows or - Mac client. - - -Allow SPI cursors to handle utility commands that return rows, -such as EXPLAIN (Tom) -Fix CLUSTER failure after ALTER TABLE -SET WITHOUT OIDS (Tom) -Reduce memory usage of ALTER TABLE ADD COLUMN -(Neil) -Fix ALTER LANGUAGE RENAME (Tom) -Document the Windows-only register and -unregister options of pg_ctl (Magnus) -Ensure operations done during backend shutdown are counted by -statistics collector - -This is expected to resolve reports of pg_autovacuum -not vacuuming the system catalogs often enough — it was not being -told about catalog deletions caused by temporary table removal during -backend exit. - -Change the Windows default for configuration parameter -log_destination to - -By default, a server running on Windows will now send log output to the -Windows event logger rather than standard error. - -Make Kerberos authentication work on Windows (Magnus) -Allow ALTER DATABASE RENAME by superusers -who aren't flagged as having CREATEDB privilege (Tom) -Modify WAL log entries for CREATE and -DROP DATABASE to not specify absolute paths (Tom) -This allows point-in-time recovery on a different machine with possibly -different database location. Note that CREATE TABLESPACE still -poses a hazard in such situations. - -Fix crash from a backend exiting with an open transaction -that created a table and opened a cursor on it (Tom) -Fix array_map() so it can call PL functions -(Tom) -Several contrib/tsearch2 and -contrib/btree_gist fixes (Teodor) - -Fix crash of some contrib/pgcrypto -functions on some platforms (Marko Kreen) -Fix contrib/intagg for 64-bit platforms -(Tom) -Fix ecpg bugs in parsing of CREATE statement -(Michael) -Work around gcc bug on powerpc and amd64 causing problems in -ecpg (Christof Petig) -Do not use locale-aware versions of upper(), -lower(), and initcap() when the locale is -C (Bruce) - - This allows these functions to work on platforms that generate errors - for non-7-bit data when the locale is C. - -Fix quote_ident() to quote names that match keywords (Tom) -Fix to_date() to behave reasonably when -CC and YY fields are both used (Karel) -Prevent to_char(interval) from failing -when given a zero-month interval (Tom) -Fix wrong week returned by date_trunc('week') -(Bruce) - -date_trunc('week') -returned the wrong year for the first few days of January in some years. - -Use the correct default mask length for class D -addresses in INET data types (Tom) - - - - - - - Release 8.0.1 - - - Release date: - 2005-01-31 - - - - This release contains a variety of fixes from 8.0.0, including several - security-related issues. - For information about new features in the 8.0 major release, see - . - - - - Migration to Version 8.0.1 - - - A dump/restore is not required for those running 8.0.0. - - - - - Changes - - -Disallow LOAD to non-superusers - -On platforms that will automatically execute initialization functions of a -shared library (this includes at least Windows and ELF-based Unixen), -LOAD can be used to make the server execute arbitrary code. -Thanks to NGS Software for reporting this. -Check that creator of an aggregate function has the right to -execute the specified transition functions - -This oversight made it possible to bypass denial of EXECUTE -permission on a function. -Fix security and 64-bit issues in -contrib/intagg -Add needed STRICT marking to some contrib functions (Kris -Jurka) -Avoid buffer overrun when plpgsql cursor declaration has too -many parameters (Neil) -Make ALTER TABLE ADD COLUMN enforce domain -constraints in all cases -Fix planning error for FULL and RIGHT outer joins - -The result of the join was mistakenly supposed to be sorted the same as the -left input. This could not only deliver mis-sorted output to the user, but -in case of nested merge joins could give outright wrong answers. - -Improve planning of grouped aggregate queries -ROLLBACK TO savepoint -closes cursors created since the savepoint -Fix inadequate backend stack size on Windows -Avoid SHGetSpecialFolderPath() on Windows -(Magnus) -Fix some problems in running pg_autovacuum as a Windows -service (Dave Page) -Multiple minor bug fixes in -pg_dump/pg_restore -Fix ecpg segfault with named structs used in -typedefs (Michael) - - - - - - - Release 8.0 - - - Release date: - 2005-01-19 - - - - Overview - - - Major changes in this release: - - - - - - Microsoft Windows Native Server - - - - - This is the first PostgreSQL release - to run natively on Microsoft Windows as - a server. It can run as a Windows service. This - release supports NT-based Windows releases like - Windows 2000 SP4, Windows XP, and - Windows 2003. Older releases like - Windows 95, Windows 98, and - Windows ME are not supported because these operating - systems do not have the infrastructure to support - PostgreSQL. A separate installer - project has been created to ease installation on - Windows — see . - - - - Although tested throughout our release cycle, the Windows port - does not have the benefit of years of use in production - environments that PostgreSQL has on - Unix platforms. Therefore it should be treated with the same - level of caution as you would a new product. - - - - Previous releases required the Unix emulation toolkit - Cygwin in order to run the server on Windows - operating systems. PostgreSQL has - supported native clients on Windows for many years. - - - - - - - Savepoints - - - - - Savepoints allow specific parts of a transaction to be aborted - without affecting the remainder of the transaction. Prior - releases had no such capability; there was no way to recover - from a statement failure within a transaction except by - aborting the whole transaction. This feature is valuable for - application writers who require error recovery within a - complex transaction. - - - - - - - Point-In-Time Recovery - - - - - In previous releases there was no way to recover from disk - drive failure except to restore from a previous backup or use - a standby replication server. Point-in-time recovery allows - continuous backup of the server. You can recover either to - the point of failure or to some transaction in the past. - - - - - - - Tablespaces - - - - - Tablespaces allow administrators to select different file systems - for storage of individual tables, indexes, and databases. - This improves performance and control over disk space - usage. Prior releases used initlocation and - manual symlink management for such tasks. - - - - - - - Improved Buffer Management, CHECKPOINT, - VACUUM - - - - - This release has a more intelligent buffer replacement strategy, - which will make better use of available shared buffers and - improve performance. The performance impact of vacuum and - checkpoints is also lessened. - - - - - - - Change Column Types - - - - - A column's data type can now be changed with ALTER - TABLE. - - - - - - - New Perl Server-Side Language - - - - - A new version of the plperl server-side language now - supports a persistent shared storage area, triggers, returning records - and arrays of records, and SPI calls to access the database. - - - - - - - Comma-separated-value (CSV) support in COPY - - - - - COPY can now read and write - comma-separated-value files. It has the flexibility to - interpret nonstandard quoting and separation characters too. - - - - - - - - - Migration to Version 8.0 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - - - - In - - - - - Functions declared - - - - - Nondeferred - - - - - Server configuration parameters virtual_host and - tcpip_socket have been replaced with a more general - parameter listen_addresses. Also, the server now listens on - localhost by default, which eliminates the need for the - -i postmaster switch in many scenarios. - - - - - - Server configuration parameters SortMem and - VacuumMem have been renamed to work_mem - and maintenance_work_mem to better reflect their - use. The original names are still supported in - SET and SHOW. - - - - - - Server configuration parameters log_pid, - log_timestamp, and log_source_port have been - replaced with a more general parameter log_line_prefix. - - - - - - Server configuration parameter syslog has been - replaced with a more logical log_destination variable to - control the log output destination. - - - - - - Server configuration parameter log_statement has been - changed so it can selectively log just database modification or - data definition statements. Server configuration parameter - log_duration now prints only when log_statement - prints the query. - - - - - - Server configuration parameter max_expr_depth parameter has - been replaced with max_stack_depth which measures the - physical stack size rather than the expression nesting depth. This - helps prevent session termination due to stack overflow caused by - recursive functions. - - - - - - The length() function no longer counts trailing spaces in - CHAR(n) values. - - - - - - Casting an integer to BIT(N) selects the rightmost N bits of the - integer, not the leftmost N bits as before. - - - - - - Updating an element or slice of a NULL array value now produces - a nonnull array result, namely an array containing - just the assigned-to positions. - - - - - - Syntax checking of array input values has been tightened up - considerably. Junk that was previously allowed in odd places with - odd results now causes an error. Empty-string element values - must now be written as "", rather than writing nothing. - Also changed behavior with respect to whitespace surrounding - array elements: trailing whitespace is now ignored, for symmetry - with leading whitespace (which has always been ignored). - - - - - - Overflow in integer arithmetic operations is now detected and - reported as an error. - - - - - - The arithmetic operators associated with the single-byte - "char" data type have been removed. - - - - - - The extract() function (also called - date_part) now returns the proper year for BC dates. - It previously returned one less than the correct year. The - function now also returns the proper values for millennium and - century. - - - - - - CIDR values now must have their nonmasked bits be zero. - For example, we no longer allow - 204.248.199.1/31 as a CIDR value. Such - values should never have been accepted by - PostgreSQL and will now be rejected. - - - - - - EXECUTE now returns a completion tag that - matches the executed statement. - - - - - - psql's \copy command now reads or - writes to the query's stdin/stdout, rather than - psql's stdin/stdout. The previous - behavior can be accessed via new - - - - - - The JDBC client interface has been removed from the core - distribution, and is now hosted at . - - - - - - The Tcl client interface has also been removed. There are several - Tcl interfaces now hosted at . - - - - - - The server now uses its own time zone database, rather than the - one supplied by the operating system. This will provide consistent - behavior across all platforms. In most cases, there should be - little noticeable difference in time zone behavior, except that - the time zone names used by SET/SHOW - TimeZone might be different from what your platform provides. - - - - - - Configure's threading option no longer requires - users to run tests or edit configuration files; threading options - are now detected automatically. - - - - - - Now that tablespaces have been implemented, - initlocation has been removed. - - - - - - The API for user-defined GiST indexes has been changed. The - Union and PickSplit methods are now passed a pointer to a - special GistEntryVector structure, - rather than a bytea. - - - - - - - - Deprecated Features - - - Some aspects of PostgreSQL's behavior - have been determined to be suboptimal. For the sake of backward - compatibility these have not been removed in 8.0, but they are - considered deprecated and will be removed in the next major - release. - - - - - - The 8.1 release will remove the to_char() function - for intervals. - - - - - - The server now warns of empty strings passed to - oid/float4/float8 data - types, but continues to interpret them as zeroes as before. - In the next major release, empty strings will be considered - invalid input for these data types. - - - - - - By default, tables in PostgreSQL 8.0 - and earlier are created with OIDs. In the next release, - this will not be the case: to create a table - that contains OIDs, the - - - - - - - Changes - - - Below you will find a detailed account of the changes between - release 8.0 and the previous major release. - - - - Performance Improvements - - - - - Support cross-data-type index usage (Tom) - - - Before this change, many queries would not use an index if the data - types did not match exactly. This improvement makes index usage more - intuitive and consistent. - - - - - - New buffer replacement strategy that improves caching (Jan) - - - Prior releases used a least-recently-used (LRU) cache to keep - recently referenced pages in memory. The LRU algorithm - did not consider the number of times a specific cache entry was - accessed, so large table scans could force out useful cache pages. - The new cache algorithm uses four separate lists to track most - recently used and most frequently used cache pages and dynamically - optimize their replacement based on the work load. This should - lead to much more efficient use of the shared buffer cache. - Administrators who have tested shared buffer sizes in the past - should retest with this new cache replacement policy. - - - - - - Add subprocess to write dirty buffers periodically to reduce - checkpoint writes (Jan) - - - In previous releases, the checkpoint process, which runs every few - minutes, would write all dirty buffers to the operating system's - buffer cache then flush all dirty operating system buffers to - disk. This resulted in a periodic spike in disk usage that often - hurt performance. The new code uses a background writer to trickle - disk writes at a steady pace so checkpoints have far fewer dirty - pages to write to disk. Also, the new code does not issue a global - sync() call, but instead fsync()s just - the files written since the last checkpoint. This should improve - performance and minimize degradation during checkpoints. - - - - - - Add ability to prolong vacuum to reduce performance impact (Jan) - - - On busy systems, VACUUM performs many I/O - requests which can hurt performance for other users. This - release allows you to slow down VACUUM to - reduce its impact on other users, though this increases the - total duration of VACUUM. - - - - - - Improve B-tree index performance for duplicate keys (Dmitry Tkach, Tom) - - - This improves the way indexes are scanned when many duplicate - values exist in the index. - - - - - - Use dynamically-generated table size estimates while planning (Tom) - - - Formerly the planner estimated table sizes using the values seen - by the last VACUUM or ANALYZE, - both as to physical table size (number of pages) and number of rows. - Now, the current physical table size is obtained from the kernel, - and the number of rows is estimated by multiplying the table size - by the row density (rows per page) seen by the last - VACUUM or ANALYZE. This should - produce more reliable estimates in cases where the table size has - changed significantly since the last housekeeping command. - - - - - - Improved index usage with OR clauses (Tom) - - - This allows the optimizer to use indexes in statements with many OR - clauses that would not have been indexed in the past. It can also use - multi-column indexes where the first column is specified and the second - column is part of an OR clause. - - - - - - Improve matching of partial index clauses (Tom) - - - The server is now smarter about using partial indexes in queries - involving complex - - - - - Improve performance of the GEQO optimizer (Tom) - - - The GEQO optimizer is used to plan queries involving many tables (by - default, twelve or more). This release speeds up the way queries are - analyzed to decrease time spent in optimization. - - - - - - Miscellaneous optimizer improvements - - - There is not room here to list all the minor improvements made, but - numerous special cases work better than in prior releases. - - - - - - Improve lookup speed for C functions (Tom) - - - This release uses a hash table to lookup information for dynamically - loaded C functions. This improves their speed so they perform nearly as - quickly as functions that are built into the server executable. - - - - - - Add type-specific ANALYZE statistics - capability (Mark Cave-Ayland) - - - This feature allows more flexibility in generating statistics - for nonstandard data types. - - - - - - ANALYZE now collects statistics for - expression indexes (Tom) - - - Expression indexes (also called functional indexes) allow users to - index not just columns but the results of expressions and function - calls. With this release, the optimizer can gather and use statistics - about the contents of expression indexes. This will greatly improve - the quality of planning for queries in which an expression index is - relevant. - - - - - - New two-stage sampling method for ANALYZE - (Manfred Koizar) - - - This gives better statistics when the density of valid rows is very - different in different regions of a table. - - - - - - Speed up TRUNCATE (Tom) - - - This buys back some of the performance loss observed in 7.4, while still - keeping TRUNCATE transaction-safe. - - - - - - - - - Server Changes - - - - - Add WAL file archiving and point-in-time recovery (Simon Riggs) - - - - - - Add tablespaces so admins can control disk layout (Gavin) - - - - - - Add a built-in log rotation program (Andreas Pflug) - - - It is now possible to log server messages conveniently without - relying on either syslog or an external log - rotation program. - - - - - - Add new read-only server configuration parameters to show server - compile-time settings: block_size, - integer_datetimes, max_function_args, - max_identifier_length, max_index_keys (Joe) - - - - - - Make quoting of sameuser, samegroup, and - all remove special meaning of these terms in - pg_hba.conf (Andrew) - - - - - - Use clearer IPv6 name ::1/128 for - localhost in default pg_hba.conf (Andrew) - - - - - - Use CIDR format in pg_hba.conf examples (Andrew) - - - - - - Rename server configuration parameters SortMem and - VacuumMem to work_mem and - maintenance_work_mem (Old names still supported) (Tom) - - - This change was made to clarify that bulk operations such as index and - foreign key creation use maintenance_work_mem, while - work_mem is for workspaces used during query execution. - - - - - - Allow logging of session disconnections using server configuration - log_disconnections (Andrew) - - - - - - Add new server configuration parameter log_line_prefix to - allow control of information emitted in each log line (Andrew) - - - Available information includes user name, database name, remote IP - address, and session start time. - - - - - - Remove server configuration parameters log_pid, - log_timestamp, log_source_port; functionality - superseded by log_line_prefix (Andrew) - - - - - - Replace the virtual_host and tcpip_socket - parameters with a unified listen_addresses parameter - (Andrew, Tom) - - - virtual_host could only specify a single IP address to - listen on. listen_addresses allows multiple addresses - to be specified. - - - - - - Listen on localhost by default, which eliminates the need for the - - - Listening on localhost (127.0.0.1) opens no new - security holes but allows configurations like Windows and JDBC, - which do not support local sockets, to work without special - adjustments. - - - - - - Remove syslog server configuration parameter, and add more - logical log_destination variable to control log output - location (Magnus) - - - - - - Change server configuration parameter log_statement to take - values all, mod, ddl, or - none to select which queries are logged (Bruce) - - - This allows administrators to log only data definition changes or - only data modification statements. - - - - - - Some logging-related configuration parameters could formerly be adjusted - by ordinary users, but only in the more verbose direction. - They are now treated more strictly: only superusers can set them. - However, a superuser can use ALTER USER to provide per-user - settings of these values for non-superusers. Also, it is now possible - for superusers to set values of superuser-only configuration parameters - via PGOPTIONS. - - - - - - Allow configuration files to be placed outside the data directory (mlw) - - - By default, configuration files are kept in the cluster's top directory. - With this addition, configuration files can be placed outside the - data directory, easing administration. - - - - - - Plan prepared queries only when first executed so constants can be - used for statistics (Oliver Jowett) - - - Prepared statements plan queries once and execute them many - times. While prepared queries avoid the overhead of re-planning - on each use, the quality of the plan suffers from not knowing the exact - parameters to be used in the query. In this release, planning of - unnamed prepared statements is delayed until the first execution, - and the actual parameter values of that execution are used as - optimization hints. This allows use of out-of-line parameter passing - without incurring a performance penalty. - - - - - - Allow DECLARE CURSOR to take parameters - (Oliver Jowett) - - - It is now useful to issue DECLARE CURSOR in a - Parse message with parameters. The parameter values - sent at Bind time will be substituted into the - execution of the cursor's query. - - - - - - Fix hash joins and aggregates of inet and - cidr data types (Tom) - - - Release 7.4 handled hashing of mixed inet and - cidr values incorrectly. (This bug did not exist - in prior releases because they wouldn't try to hash either - data type.) - - - - - - Make log_duration print only when log_statement - prints the query (Ed L.) - - - - - - - - - Query Changes - - - - - Add savepoints (nested transactions) (Alvaro) - - - - - - Unsupported isolation levels are now accepted and promoted to the - nearest supported level (Peter) - - - The SQL specification states that if a database doesn't support a - specific isolation level, it should use the next more restrictive level. - This change complies with that recommendation. - - - - - - Allow BEGIN WORK to specify transaction - isolation levels like START TRANSACTION does - (Bruce) - - - - - - Fix table permission checking for cases in which rules generate - a query type different from the originally submitted query (Tom) - - - - - - Implement dollar quoting to simplify single-quote usage (Andrew, Tom, - David Fetter) - - - In previous releases, because single quotes had to be used to - quote a function's body, the use of single quotes inside the - function text required use of two single quotes or other error-prone - notations. With this release we add the ability to use "dollar - quoting" to quote a block of text. The ability to use different - quoting delimiters at different nesting levels greatly simplifies - the task of quoting correctly, especially in complex functions. - Dollar quoting can be used anywhere quoted text is needed. - - - - - - Make CASE val WHEN compval1 THEN ... evaluate val only once (Tom) - - - - - - - - Test - - Fixes improper failure of cases such as SELECT SUM(win)/SUM(lose) - ... GROUP BY ... HAVING SUM(lose) > 0. This should work but formerly - could fail with divide-by-zero. - - - - - - Replace max_expr_depth parameter with - max_stack_depth parameter, measured in kilobytes of stack - size (Tom) - - - This gives us a fairly bulletproof defense against crashing due to - runaway recursive functions. Instead of measuring the depth of expression - nesting, we now directly measure the size of the execution stack. - - - - - - Allow arbitrary row expressions (Tom) - - - This release allows SQL expressions to contain arbitrary composite - types, that is, row values. It also allows functions to more easily - take rows as arguments and return row values. - - - - - - Allow - - - - - Avoid locale-specific case conversion of basic ASCII letters in - identifiers and keywords (Tom) - - - This solves the Turkish problem with mangling of words - containing I and i. Folding of characters - outside the 7-bit-ASCII set is still locale-aware. - - - - - - Improve syntax error reporting (Fabien, Tom) - - - Syntax error reports are more useful than before. - - - - - - Change EXECUTE to return a completion tag - matching the executed statement (Kris Jurka) - - - Previous releases return an EXECUTE tag for - any EXECUTE call. In this release, the tag - returned will reflect the command executed. - - - - - - Avoid emitting - - Such a clause makes no logical sense, but in some cases the rule - decompiler formerly produced this syntax. - - - - - - - - - Object Manipulation Changes - - - - - Add COMMENT ON for casts, conversions, languages, - operator classes, and large objects (Christopher) - - - - - - Add new server configuration parameter default_with_oids to - control whether tables are created with OIDs by default (Neil) - - - This allows administrators to control whether CREATE - TABLE commands create tables with or without OID - columns by default. (Note: the current factory default setting for - default_with_oids is TRUE, but the default - will become FALSE in future releases.) - - - - - - Add - - - - - Allow ALTER TABLE DROP COLUMN to drop an OID - column (ALTER TABLE SET WITHOUT OIDS still works) - (Tom) - - - - - - Allow composite types as table columns (Tom) - - - - - - Allow ALTER ... ADD COLUMN with defaults and - - - It is now possible for - - - - - Add ALTER COLUMN TYPE to change column's type (Rod) - - - It is now possible to alter a column's data type without dropping - and re-adding the column. - - - - - - Allow multiple ALTER actions in a single ALTER - TABLE command (Rod) - - - This is particularly useful for ALTER commands that - rewrite the table (which include - - - - - Allow ALTER TABLE to add SERIAL - columns (Tom) - - - This falls out from the new capability of specifying defaults for new - columns. - - - - - - Allow changing the owners of aggregates, conversions, databases, - functions, operators, operator classes, schemas, types, and tablespaces - (Christopher, Euler Taveira de Oliveira) - - - Previously this required modifying the system tables directly. - - - - - - Allow temporary object creation to be limited to - - - - - Add - - Prior to this release, there was no way to clear an auto-cluster - specification except to modify the system tables. - - - - - - Constraint/Index/SERIAL names are now - table_column_type - with numbers appended to guarantee uniqueness within the schema - (Tom) - - - The SQL specification states that such names should be unique - within a schema. - - - - - - Add pg_get_serial_sequence() to return a - SERIAL column's sequence name (Christopher) - - - This allows automated scripts to reliably find the SERIAL - sequence name. - - - - - - Warn when primary/foreign key data type mismatch requires costly lookup - - - - - - New ALTER INDEX command to allow moving of indexes - between tablespaces (Gavin) - - - - - - Make ALTER TABLE OWNER change dependent sequence - ownership too (Alvaro) - - - - - - - - - - Utility Command Changes - - - - - Allow CREATE SCHEMA to create triggers, - indexes, and sequences (Neil) - - - - - - Add - - This allows - - - - - Add - - This allows the LOCK command to fail if it - would have to wait for the requested lock. - - - - - - Allow COPY to read and write - comma-separated-value (CSV) files (Andrew, Bruce) - - - - - - Generate error if the COPY delimiter and NULL - string conflict (Bruce) - - - - - - GRANT/REVOKE behavior - follows the SQL spec more closely - - - - - - Avoid locking conflict between CREATE INDEX - and CHECKPOINT (Tom) - - - In 7.3 and 7.4, a long-running B-tree index build could block concurrent - CHECKPOINTs from completing, thereby causing WAL bloat because the - WAL log could not be recycled. - - - - - - Database-wide ANALYZE does not hold locks - across tables (Tom) - - - This reduces the potential for deadlocks against other backends - that want exclusive locks on tables. To get the benefit of this - change, do not execute database-wide ANALYZE - inside a transaction block (BEGIN block); it - must be able to commit and start a new transaction for each - table. - - - - - - REINDEX does not exclusively lock the index's - parent table anymore - - - The index itself is still exclusively locked, but readers of the - table can continue if they are not using the particular index - being rebuilt. - - - - - - Erase MD5 user passwords when a user is renamed (Bruce) - - - PostgreSQL uses the user name as salt - when encrypting passwords via MD5. When a user's name is changed, - the salt will no longer match the stored MD5 password, so the - stored password becomes useless. In this release a notice is - generated and the password is cleared. A new password must then - be assigned if the user is to be able to log in with a password. - - - - - - New pg_ctl - - Windows does not have a kill command to send signals to - backends so this capability was added to pg_ctl. - - - - - - Information schema improvements - - - - - - Add - - - - - Detect locale/encoding mismatch in - initdb (Peter) - - - - - - Add - - - - - - - - Data Type and Function Changes - - - - - More complete support for composite types (row types) (Tom) - - - Composite values can be used in many places where only scalar values - worked before. - - - - - - Reject nonrectangular array values as erroneous (Joe) - - - Formerly, array_in would silently build a - surprising result. - - - - - - Overflow in integer arithmetic operations is now detected (Tom) - - - - - - The arithmetic operators associated with the single-byte - "char" data type have been removed. - - - Formerly, the parser would select these operators in many situations - where an unable to select an operator error would be more - appropriate, such as null * null. If you actually want - to do arithmetic on a "char" column, you can cast it to - integer explicitly. - - - - - - Syntax checking of array input values considerably tightened up (Joe) - - - Junk that was previously allowed in odd places with odd results - now causes an ERROR, for example, non-whitespace - after the closing right brace. - - - - - - Empty-string array element values must now be written as - "", rather than writing nothing (Joe) - - - Formerly, both ways of writing an empty-string element value were - allowed, but now a quoted empty string is required. The case where - nothing at all appears will probably be considered to be a NULL - element value in some future release. - - - - - - Array element trailing whitespace is now ignored (Joe) - - - Formerly leading whitespace was ignored, but trailing whitespace - between an element value and the delimiter or right brace was - significant. Now trailing whitespace is also ignored. - - - - - - Emit array values with explicit array bounds when lower bound is not one - (Joe) - - - - - - Accept YYYY-monthname-DD as a date string (Tom) - - - - - - Make netmask and hostmask functions - return maximum-length mask length (Tom) - - - - - - Change factorial function to return numeric (Gavin) - - - Returning numeric allows the factorial function to - work for a wider range of input values. - - - - - - to_char/to_date() date conversion - improvements (Kurt Roeckx, Fabien Coelho) - - - - - - Make length() disregard trailing spaces in - CHAR(n) (Gavin) - - - This change was made to improve consistency: trailing spaces are - semantically insignificant in CHAR(n) data, so they - should not be counted by length(). - - - - - - Warn about empty string being passed to - OID/float4/float8 data types (Neil) - - - 8.1 will throw an error instead. - - - - - - Allow leading or trailing whitespace in - int2/int4/int8/float4/float8 - input routines - (Neil) - - - - - - Better support for IEEE Infinity and NaN - values in float4/float8 (Neil) - - - These should now work on all platforms that support IEEE-compliant - floating point arithmetic. - - - - - - Add - - - - - Fix to_char for 1 BC - (previously it returned 1 AD) (Bruce) - - - - - - Fix date_part(year) for BC dates (previously it - returned one less than the correct year) (Bruce) - - - - - - Fix date_part() to return the proper millennium and - century (Fabien Coelho) - - - In previous versions, the century and millennium results had a wrong - number and started in the wrong year, as compared to standard - reckoning of such things. - - - - - - Add ceiling() as an alias for ceil(), - and power() as an alias for pow() for - standards compliance (Neil) - - - - - - Change ln(), log(), - power(), and sqrt() to emit the correct - SQLSTATE error codes for certain error conditions, as - specified by SQL:2003 (Neil) - - - - - - Add width_bucket() function as defined by SQL:2003 (Neil) - - - - - - Add generate_series() functions to simplify working - with numeric sets (Joe) - - - - - - Fix upper/lower/initcap() functions to work with - multibyte encodings (Tom) - - - - - - Add boolean and bitwise integer - - - - - New session information functions to return network addresses for client - and server (Sean Chittenden) - - - - - - Add function to determine the area of a closed path (Sean Chittenden) - - - - - - Add function to send cancel request to other backends (Magnus) - - - - - - Add interval plus datetime operators (Tom) - - - The reverse ordering, datetime plus interval, - was already supported, but both are required by the SQL standard. - - - - - - Casting an integer to BIT(N) selects the rightmost N bits - of the integer - (Tom) - - - In prior releases, the leftmost N bits were selected, but this was - deemed unhelpful, not to mention inconsistent with casting from bit - to int. - - - - - - Require CIDR values to have all nonmasked bits be zero - (Kevin Brintnall) - - - - - - - - - Server-Side Language Changes - - - - - In READ COMMITTED serialization mode, volatile functions - now see the results of concurrent transactions committed up to the - beginning of each statement within the function, rather than up to the - beginning of the interactive command that called the function. - - - - - - Functions declared STABLE or IMMUTABLE always - use the snapshot of the calling query, and therefore do not see the - effects of actions taken after the calling query starts, whether in - their own transaction or other transactions. Such a function must be - read-only, too, meaning that it cannot use any SQL commands other than - SELECT. There is a considerable performance gain from - declaring a function STABLE or IMMUTABLE - rather than VOLATILE. - - - - - - Nondeferred - - - - - Allow function parameters to be declared with names (Dennis Björklund) - - - This allows better documentation of functions. Whether the names - actually do anything depends on the specific function language - being used. - - - - - - Allow PL/pgSQL parameter names to be referenced in the function (Dennis Björklund) - - - This basically creates an automatic alias for each named parameter. - - - - - - Do minimal syntax checking of PL/pgSQL functions at creation time (Tom) - - - This allows us to catch simple syntax errors sooner. - - - - - - More support for composite types (row and record variables) in PL/pgSQL - - - For example, it now works to pass a rowtype variable to another function - as a single variable. - - - - - - Default values for PL/pgSQL variables can now reference previously - declared variables - - - - - - Improve parsing of PL/pgSQL FOR loops (Tom) - - - Parsing is now driven by presence of ".." rather than - data type of - - - - - Major overhaul of PL/Perl server-side language (Command Prompt, Andrew Dunstan) - - - - - - In PL/Tcl, SPI commands are now run in subtransactions. If an error - occurs, the subtransaction is cleaned up and the error is reported - as an ordinary Tcl error, which can be trapped with catch. - Formerly, it was not possible to catch such errors. - - - - - - Accept ELSEIF in PL/pgSQL (Neil) - - - Previously PL/pgSQL only allowed ELSIF, but many people - are accustomed to spelling this keyword ELSEIF. - - - - - - - - - <application>psql</> Changes - - - - - Improve psql information display about database - objects (Christopher) - - - - - - Allow psql to display group membership in - \du and \dg (Markus Bertheau) - - - - - - Prevent psql \dn from showing - temporary schemas (Bruce) - - - - - - Allow psql to handle tilde user expansion for file - names (Zach Irmen) - - - - - - Allow psql to display fancy prompts, including - color, via readline (Reece Hart, Chet Ramey) - - - - - - Make psql \copy match COPY command syntax - fully (Tom) - - - - - - Show the location of syntax errors (Fabien Coelho, Tom) - - - - - - Add CLUSTER information to psql - \d display - (Bruce) - - - - - - Change psql \copy stdin/stdout to read - from command input/output (Bruce) - - - - - - Add - - - - - Add global psql configuration file, psqlrc.sample - (Bruce) - - - This allows a central file where global psql startup commands can - be stored. - - - - - - Have psql \d+ indicate if the table - has an OID column (Neil) - - - - - - On Windows, use binary mode in psql when reading files so control-Z - is not seen as end-of-file - - - - - - Have \dn+ show permissions and description for schemas (Dennis - Björklund) - - - - - - Improve tab completion support (Stefan Kaltenbrunn, Greg Sabino Mullane) - - - - - - Allow boolean settings to be set using upper or lower case (Michael Paesold) - - - - - - - - - <application>pg_dump</> Changes - - - - - Use dependency information to improve the reliability of - pg_dump (Tom) - - - This should solve the longstanding problems with related objects - sometimes being dumped in the wrong order. - - - - - - Have pg_dump output objects in alphabetical order if possible (Tom) - - - This should make it easier to identify changes between - dump files. - - - - - - Allow pg_restore to ignore some SQL errors (Fabien Coelho) - - - This makes pg_restore's behavior similar to the - results of feeding a pg_dump output script to - psql. In most cases, ignoring errors and plowing - ahead is the most useful thing to do. Also added was a pg_restore - option to give the old behavior of exiting on an error. - - - - - - pg_restore - - - - - New begin/end markers in pg_dump text output (Bruce) - - - - - - Add start/stop times for - pg_dump/pg_dumpall in verbose mode - (Bruce) - - - - - - Allow most pg_dump options in - pg_dumpall (Christopher) - - - - - - Have pg_dump use ALTER OWNER rather - than SET SESSION AUTHORIZATION by default - (Christopher) - - - - - - - - - libpq Changes - - - - - Make libpq's - - - - - Add PQmbdsplen() which returns the display length - of a character (Tatsuo) - - - - - - Add thread locking to SSL and - Kerberos connections (Manfred Spraul) - - - - - - Allow PQoidValue(), PQcmdTuples(), and - PQoidStatus() to work on EXECUTE - commands (Neil) - - - - - - Add PQserverVersion() to provide more convenient - access to the server version number (Greg Sabino Mullane) - - - - - - Add PQprepare/PQsendPrepared() functions to support - preparing statements without necessarily specifying the data types - of their parameters (Abhijit Menon-Sen) - - - - - - Many ECPG improvements, including SET DESCRIPTOR (Michael) - - - - - - - - - Source Code Changes - - - - - Allow the database server to run natively on Windows (Claudio, Magnus, Andrew) - - - - - - Shell script commands converted to C versions for Windows support (Andrew) - - - - - - Create an extension makefile framework (Fabien Coelho, Peter) - - - This simplifies the task of building extensions outside the original - source tree. - - - - - - Support relocatable installations (Bruce) - - - Directory paths for installed files (such as the - /share directory) are now computed relative to the - actual location of the executables, so that an installation tree - can be moved to another place without reconfiguring and - rebuilding. - - - - - - Use - - - - - Add - - - - - Upgrade to DocBook V4.2 SGML (Peter) - - - - - - New PostgreSQL CVS tag (Marc) - - - This was done to make it easier for organizations to manage their - own copies of the PostgreSQL - CVS repository. File version stamps from the master - repository will not get munged by checking into or out of a copied - repository. - - - - - - Clarify locking code (Manfred Koizar) - - - - - - Buffer manager cleanup (Neil) - - - - - - Decouple platform tests from CPU spinlock code (Bruce, Tom) - - - - - - Add inlined test-and-set code on PA-RISC for gcc - (ViSolve, Tom) - - - - - - Improve i386 spinlock code (Manfred Spraul) - - - - - - Clean up spinlock assembly code to avoid warnings from newer - gcc releases (Tom) - - - - - - Remove JDBC from source tree; now a separate project - - - - - - Remove the libpgtcl client interface; now a separate project - - - - - - More accurately estimate memory and file descriptor usage (Tom) - - - - - - Improvements to the Mac OS X startup scripts (Ray A.) - - - - - - New fsync() test program (Bruce) - - - - - - Major documentation improvements (Neil, Peter) - - - - - - Remove pg_encoding; not needed - anymore - - - - - - Remove pg_id; not needed anymore - - - - - - Remove initlocation; not needed - anymore - - - - - - Auto-detect thread flags (no more manual testing) (Bruce) - - - - - - Use Olson's public domain timezone library (Magnus) - - - - - - With threading enabled, use thread flags on Unixware for - backend executables too (Bruce) - - - Unixware cannot mix threaded and nonthreaded object files in the - same executable, so everything must be compiled as threaded. - - - - - - psql now uses a flex-generated - lexical analyzer to process command strings - - - - - - Reimplement the linked list data structure used throughout the - backend (Neil) - - - This improves performance by allowing list append and length - operations to be more efficient. - - - - - - Allow dynamically loaded modules to create their own server configuration - parameters (Thomas Hallgren) - - - - - - New Brazilian version of FAQ (Euler Taveira de Oliveira) - - - - - - Add French FAQ (Guillaume Lelarge) - - - - - - New pgevent for Windows logging - - - - - - Make libpq and ECPG build as proper shared libraries on OS X (Tom) - - - - - - - - - Contrib Changes - - - - - Overhaul of contrib/dblink (Joe) - - - - - - contrib/dbmirror improvements (Steven Singer) - - - - - - New contrib/xml2 (John Gray, Torchbox) - - - - - - Updated contrib/mysql - - - - - - New version of contrib/btree_gist (Teodor) - - - - - - New contrib/trgm, trigram matching for - PostgreSQL (Teodor) - - - - - - Many contrib/tsearch2 improvements (Teodor) - - - - - - Add double metaphone to contrib/fuzzystrmatch (Andrew) - - - - - - Allow contrib/pg_autovacuum to run as a Windows service (Dave Page) - - - - - - Add functions to contrib/dbsize (Andreas Pflug) - - - - - - Removed contrib/pg_logger: obsoleted by integrated logging - subprocess - - - - - - Removed contrib/rserv: obsoleted by various separate projects - - - - - - - - diff --git a/doc/src/sgml/release-8.1.sgml b/doc/src/sgml/release-8.1.sgml deleted file mode 100644 index 0db2d91547..0000000000 --- a/doc/src/sgml/release-8.1.sgml +++ /dev/null @@ -1,5444 +0,0 @@ - - - - - Release 8.1.23 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 8.1.22. - For information about new features in the 8.1 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.1.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.1.23 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 8.1.22 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.1.21. - For information about new features in the 8.1 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.1.X release series in November 2010. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.1.22 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Fix possible failure when hashing a pass-by-reference function result - (Tao Ma, Tom Lane) - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - - - - - Release 8.1.21 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.1.20. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.21 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Update pl/perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in pl/python (Andreas Freund, Tom) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including OS X. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - - - - - - - Release 8.1.20 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.1.19. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.20 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - Fix some more cases of temporary-file leakage (Heikki) - - - - This corrects a problem introduced in the previous minor release. - One case that failed is when a plpgsql function returning set is - called within another function's exception handler. - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix psql's numericlocale option to not - format strings it shouldn't in latex and troff output formats (Heikki) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.1.19 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.1.18. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.19 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.18, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Ensure that shared tuple-level locks held by prepared transactions are - not ignored (Heikki) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Fix processing of ownership dependencies during CREATE OR - REPLACE FUNCTION (Tom) - - - - - - Ensure that Perl arrays are properly converted to - PostgreSQL arrays when returned by a set-returning - PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) - - - - This worked correctly already for non-set-returning functions. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.1.18 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.1.17. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.18 - - - A dump/restore is not required for those running 8.1.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 8.1.18. - Also, if you are upgrading from a version earlier than 8.1.15, - see . - - - - - - Changes - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, - Argentina/San_Luis, Cuba, Jordan (historical correction only), - Mauritius, Morocco, Palestine, Syria, Tunisia. - - - - - - - - - - Release 8.1.17 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 8.1.16. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.17 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.15, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Fix decompilation of CASE WHEN with an implicit coercion - (Tom) - - - - This mistake could lead to Assert failures in an Assert-enabled build, - or an unexpected CASE WHEN clause error message in other - cases, when trying to examine or dump a view. - - - - - - Fix possible misassignment of the owner of a TOAST table's rowtype (Tom) - - - - If CLUSTER or a rewriting variant of ALTER TABLE - were executed by someone other than the table owner, the - pg_type entry for the table's TOAST table would end up - marked as owned by that someone. This caused no immediate problems, - since the permissions on the TOAST rowtype aren't examined by any - ordinary database operation. However, it could lead to unexpected - failures if one later tried to drop the role that issued the command - (in 8.1 or 8.2), or owner of data type appears to be invalid - warnings from pg_dump after having done so (in 8.3). - - - - - - Clean up PL/pgSQL error status variables fully at block exit - (Ashesh Vashi and Dave Page) - - - - This is not a problem for PL/pgSQL itself, but the omission could cause - the PL/pgSQL Debugger to crash while examining the state of a function. - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 8.1.16 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 8.1.15. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.16 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.15, - see . - - - - - - Changes - - - - - - Fix crash in autovacuum (Alvaro) - - - - The crash occurs only after vacuuming a whole database for - anti-transaction-wraparound purposes, which means that it occurs - infrequently and is hard to track down. - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Ensure that the contents of a holdable cursor don't depend on the - contents of TOAST tables (Tom) - - - - Previously, large field values in a cursor result might be represented - as TOAST pointers, which would fail if the referenced table got dropped - before the cursor is read, or if the large value is deleted and then - vacuumed away. This cannot happen with an ordinary cursor, - but it could with a cursor that is held past its creating transaction. - - - - - - Fix uninitialized variables in contrib/tsearch2's - get_covers() function (Teodor) - - - - - - Fix configure script to properly report failure when - unable to obtain linkage information for PL/Perl (Andrew) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - Update time zone data files to tzdata release 2009a (for - Kathmandu and historical DST corrections in Switzerland, Cuba) - - - - - - - - - - Release 8.1.15 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 8.1.14. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.15 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . Also, if you were running a previous - 8.1.X release, it is recommended to REINDEX all GiST - indexes after the upgrade. - - - - - - Changes - - - - - - Fix GiST index corruption due to marking the wrong index entry - dead after a deletion (Teodor) - - - - This would result in index searches failing to find rows they - should have found. Corrupted indexes can be fixed with - REINDEX. - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix possible crash when deeply nested functions are invoked from - a trigger (Tom) - - - - - - Fix mis-expansion of rule queries when a sub-SELECT appears - in a function call in FROM, a multi-row VALUES - list, or a RETURNING list (Tom) - - - - The usual symptom of this problem is an unrecognized node type - error. - - - - - - Ensure an error is reported when a newly-defined PL/pgSQL trigger - function is invoked as a normal function (Tom) - - - - - - Prevent possible collision of relfilenode numbers - when moving a table to another tablespace with ALTER SET - TABLESPACE (Heikki) - - - - The command tried to re-use the existing filename, instead of - picking one that is known unused in the destination directory. - - - - - - Fix incorrect tsearch2 headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Fix ecpg's parsing of CREATE ROLE (Michael) - - - - - - Fix recent breakage of pg_ctl restart (Tom) - - - - - - Update time zone data files to tzdata release 2008i (for - DST law changes in Argentina, Brazil, Mauritius, Syria) - - - - - - - - - - Release 8.1.14 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 8.1.13. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.14 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Widen local lock counters from 32 to 64 bits (Tom) - - - - This responds to reports that the counters could overflow in - sufficiently long transactions, leading to unexpected lock is - already held errors. - - - - - - Fix possible duplicate output of tuples during a GiST index scan (Teodor) - - - - - - Add checks in executor startup to ensure that the tuples produced by an - INSERT or UPDATE will match the target table's - current rowtype (Tom) - - - - ALTER COLUMN TYPE, followed by re-use of a previously - cached plan, could produce this type of situation. The check protects - against data corruption and/or crashes that could ensue. - - - - - - Fix AT TIME ZONE to first try to interpret its timezone - argument as a timezone abbreviation, and only try it as a full timezone - name if that fails, rather than the other way around as formerly (Tom) - - - - The timestamp input functions have always resolved ambiguous zone names - in this order. Making AT TIME ZONE do so as well improves - consistency, and fixes a compatibility bug introduced in 8.1: - in ambiguous cases we now behave the same as 8.0 and before did, - since in the older versions AT TIME ZONE accepted - only abbreviations. - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner bug with nested sub-select expressions (Tom) - - - - If the outer sub-select has no direct dependency on the parent query, - but the inner one does, the outer value might not get recalculated - for new parent query rows. - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Fix PL/pgSQL to not fail when a FOR loop's target variable - is a record containing composite-type fields (Tom) - - - - - - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful - about the encoding of data sent to or from Tcl (Tom) - - - - - - Fix PL/Python to work with Python 2.5 - - - - This is a back-port of fixes made during the 8.2 development cycle. - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - Fix pg_ctl to properly preserve postmaster - command-line arguments across a restart (Bruce) - - - - - - Update time zone data files to tzdata release 2008f (for - DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, - Pakistan, Palestine, and Paraguay) - - - - - - - - - - Release 8.1.13 - - - Release date: - 2008-06-12 - - - - This release contains one serious and one minor bug fix over 8.1.12. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.13 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - Make ALTER AGGREGATE ... OWNER TO update - pg_shdepend (Tom) - - - - This oversight could lead to problems if the aggregate was later - involved in a DROP OWNED or REASSIGN OWNED - operation. - - - - - - - - - - Release 8.1.12 - - - Release date: - never released - - - - This release contains a variety of fixes from 8.1.11. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.12 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new - column is correctly checked to see if it's been initialized to all - non-nulls (Brendan Jurd) - - - - Previous versions neglected to check this requirement at all. - - - - - - Fix possible CREATE TABLE failure when inheriting the - same constraint from multiple parent relations that - inherited that constraint from a common ancestor (Tom) - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix a few datatype input functions - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Update time zone data files to tzdata release 2008c (for - DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, - Argentina/San_Luis, and Chile) - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix core dump in contrib/xml2's - xpath_table() function when the input query returns a - NULL value (Tom) - - - - - - Fix contrib/xml2's makefile to not override - CFLAGS (Tom) - - - - - - Fix DatumGetBool macro to not fail with gcc - 4.3 (Tom) - - - - This problem affects old style (V0) C functions that - return boolean. The fix is already in 8.3, but the need to - back-patch it was not realized at the time. - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Disallow LISTEN and UNLISTEN within a - prepared transaction (Tom) - - - - This was formerly allowed but trying to do it had various unpleasant - consequences, notably that the originating backend could not exit - as long as an UNLISTEN remained uncommitted. - - - - - - Fix rare crash when an error occurs during a query using a hash index - (Heikki) - - - - - - Fix input of datetime values for February 29 in years BC (Tom) - - - - The former coding was mistaken about which years were leap years. - - - - - - Fix unrecognized node type error in some variants of - ALTER OWNER (Tom) - - - - - - Fix pg_ctl to correctly extract the postmaster's port - number from command-line options (Itagaki Takahiro, Tom) - - - - Previously, pg_ctl start -w could try to contact the - postmaster on the wrong port, leading to bogus reports of startup - failure. - - - - - - Use - - - This is known to be necessary when building PostgreSQL - with gcc 4.3 or later. - - - - - - Fix display of constant expressions in ORDER BY - and GROUP BY (Tom) - - - - An explicitly casted constant would be shown incorrectly. This could - for example lead to corruption of a view definition during - dump and reload. - - - - - - Fix libpq to handle NOTICE messages correctly - during COPY OUT (Tom) - - - - This failure has only been observed to occur when a user-defined - datatype's output routine issues a NOTICE, but there is no - guarantee it couldn't happen due to other causes. - - - - - - - - - - Release 8.1.11 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 8.1.10, - including fixes for significant security issues. - For information about new features in the 8.1 major release, see - . - - - - This is the last 8.1.X release for which the PostgreSQL - community will produce binary packages for Windows. - Windows users are encouraged to move to 8.2.X or later, - since there are Windows-specific fixes in 8.2.X that - are impractical to back-port. 8.1.X will continue to - be supported on other platforms. - - - - Migration to Version 8.1.11 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Repair assorted bugs in the regular-expression package (Tom, Will Drewry) - - - - Suitably crafted regular-expression patterns could cause crashes, - infinite or near-infinite looping, and/or massive memory consumption, - all of which pose denial-of-service hazards for applications that - accept regex search patterns from untrustworthy sources. - (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 8.1.10 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Update time zone data files to tzdata release 2007k - (in particular, recent Argentina changes) (Tom) - - - - - - Improve planner's handling of LIKE/regex estimation in non-C locales - (Tom) - - - - - - Fix planner failure in some cases of WHERE false AND var IN - (SELECT ...) (Tom) - - - - - - Preserve the tablespace of indexes that are - rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) - - - - - - Make archive recovery always start a new WAL timeline, rather than only - when a recovery stop time was used (Simon) - - - - This avoids a corner-case risk of trying to overwrite an existing - archived copy of the last WAL segment, and seems simpler and cleaner - than the original definition. - - - - - - Make VACUUM not use all of maintenance_work_mem - when the table is too small for it to be useful (Alvaro) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Fix overflow in extract(epoch from interval) for intervals - exceeding 68 years (Tom) - - - - - - Fix PL/Perl to not fail when a UTF-8 regular expression is used - in a trusted function (Andrew) - - - - - - Fix PL/Perl to cope when platform's Perl defines type bool - as int rather than char (Tom) - - - - While this could theoretically happen anywhere, no standard build of - Perl did things this way ... until Mac OS X 10.5. - - - - - - Fix PL/Python to not crash on long exception messages (Alvaro) - - - - - - Fix pg_dump to correctly handle inheritance child tables - that have default expressions different from their parent's (Tom) - - - - - - Fix libpq crash when PGPASSFILE refers - to a file that is not a plain file (Martin Pitt) - - - - - - ecpg parser fixes (Michael) - - - - - - Make contrib/pgcrypto defend against - OpenSSL libraries that fail on keys longer than 128 - bits; which is the case at least on some Solaris versions (Marko Kreen) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Fix tsvector and tsquery output routines to - escape backslashes correctly (Teodor, Bruce) - - - - - - Fix crash of to_tsvector() on huge input strings (Teodor) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - - - - - Release 8.1.10 - - - Release date: - 2007-09-17 - - - - This release contains a variety of fixes from 8.1.9. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.10 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Allow the interval data type to accept input consisting only of - milliseconds or microseconds (Neil) - - - - - - Speed up rtree index insertion (Teodor) - - - - - - Fix excessive logging of SSL error messages (Tom) - - - - - - Fix logging so that log messages are never interleaved when using - the syslogger process (Andrew) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Fix incorrect handling of some foreign-key corner cases (Tom) - - - - - - Prevent REINDEX and CLUSTER from failing - due to attempting to process temporary tables of other sessions (Alvaro) - - - - - - Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) - - - - - - Windows socket improvements (Magnus) - - - - - - Suppress timezone name (%Z) in log timestamps on Windows - because of possible encoding mismatches (Tom) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - - - - - Release 8.1.9 - - - Release date: - 2007-04-23 - - - - This release contains a variety of fixes from 8.1.8, - including a security fix. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.9 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - /contrib/tsearch2 crash fixes (Teodor) - - - - - - Require COMMIT PREPARED to be executed in the same - database as the transaction was prepared in (Heikki) - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - Planner fixes, including improving outer join and bitmap scan - selection logic (Tom) - - - - - - Fix PANIC during enlargement of a hash index (bug introduced in 8.1.6) - (Tom) - - - - - - Fix POSIX-style timezone specs to follow new USA DST rules (Tom) - - - - - - - - - - Release 8.1.8 - - - Release date: - 2007-02-07 - - - - This release contains one fix from 8.1.7. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.8 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Remove overly-restrictive check for type length in constraints and - functional indexes(Tom) - - - - - - - - - - Release 8.1.7 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 8.1.6, including - a security fix. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.7 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Remove security vulnerabilities that allowed connected users - to read backend memory (Tom) - - - The vulnerabilities involve suppressing the normal check that a SQL - function returns the data type it's declared to, and changing the - data type of a table column (CVE-2007-0555, CVE-2007-0556). These - errors can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix rare bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Improve VACUUM performance for databases with many tables (Tom) - - - - - - Fix autovacuum to avoid leaving non-permanent transaction IDs in - non-connectable databases (Alvaro) - - - - This bug affects the 8.1 branch only. - - - - - - Fix for rare Assert() crash triggered by UNION (Tom) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - Fix bogus permission denied failures occurring on Windows - due to attempts to fsync already-deleted files (Magnus, Tom) - - - - - - Fix possible crashes when an already-in-use PL/pgSQL function is - updated (Tom) - - - - - - - - - - Release 8.1.6 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 8.1.5. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.6 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - - - - - Improve handling of getaddrinfo() on AIX (Tom) - - - - This fixes a problem with starting the statistics collector, - among other things. - - - - - - Fix pg_restore to handle a tar-format backup - that contains large objects (blobs) with comments (Tom) - - - - - - Fix failed to re-find parent key errors in - VACUUM (Tom) - - - - - - Clean out pg_internal.init cache files during server - restart (Simon) - - - - This avoids a hazard that the cache files might contain stale - data after PITR recovery. - - - - - - Fix race condition for truncation of a large relation across a - gigabyte boundary by VACUUM (Tom) - - - - - - Fix bug causing needless deadlock errors on row-level locks (Tom) - - - - - - Fix bugs affecting multi-gigabyte hash indexes (Tom) - - - - - - Fix possible deadlock in Windows signal handling (Teodor) - - - - - - Fix error when constructing an ARRAY[] made up of multiple - empty elements (Tom) - - - - - - Fix ecpg memory leak during connection (Michael) - - - - - - Fix for Darwin (OS X) compilation (Tom) - - - - - - to_number() and to_char(numeric) - are now STABLE, not IMMUTABLE, for - new initdb installs (Tom) - - - - This is because lc_numeric can potentially - change the output of these functions. - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - Update timezone database - - - - This affects Australian and Canadian daylight-savings rules in - particular. - - - - - - - - - - Release 8.1.5 - - - Release date: - 2006-10-16 - - - - This release contains a variety of fixes from 8.1.4. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.5 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - - Changes - - -Disallow aggregate functions in UPDATE -commands, except within sub-SELECTs (Tom) -The behavior of such an aggregate was unpredictable, and in 8.1.X -could cause a crash, so it has been disabled. The SQL standard does not allow -this either. -Fix core dump when an untyped literal is taken as -ANYARRAY -Fix core dump in duration logging for extended query protocol -when a COMMIT or ROLLBACK is -executed -Fix mishandling of AFTER triggers when query contains a SQL -function returning multiple rows (Tom) -Fix ALTER TABLE ... TYPE to recheck -NOT NULL for USING clause (Tom) -Fix string_to_array() to handle overlapping - matches for the separator string -For example, string_to_array('123xx456xxx789', 'xx'). - -Fix to_timestamp() for -AM/PM formats (Bruce) -Fix autovacuum's calculation that decides whether - ANALYZE is needed (Alvaro) -Fix corner cases in pattern matching for - psql's \d commands -Fix index-corrupting bugs in /contrib/ltree - (Teodor) -Numerous robustness fixes in ecpg (Joachim -Wieland) -Fix backslash escaping in /contrib/dbmirror -Minor fixes in /contrib/dblink and /contrib/tsearch2 - -Efficiency improvements in hash tables and bitmap index scans -(Tom) -Fix instability of statistics collection on Windows (Tom, Andrew) -Fix statement_timeout to use the proper -units on Win32 (Bruce) -In previous Win32 8.1.X versions, the delay was off by a factor of -100. -Fixes for MSVC and Borland C++ -compilers (Hiroshi Saito) -Fixes for AIX and -Intel compilers (Tom) -Fix rare bug in continuous archiving (Tom) - - - - - - - Release 8.1.4 - - - Release date: - 2006-05-23 - - - - This release contains a variety of fixes from 8.1.3, - including patches for extremely serious security issues. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.4 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 might require changes in application - code. If you have applications that embed untrustworthy strings - into SQL commands, you should examine them as soon as possible to - ensure that they are using recommended escaping techniques. In - most cases, applications should be using subroutines provided by - libraries or drivers (such as libpq's - PQescapeStringConn()) to perform string escaping, - rather than relying on ad hoc code to do it. - - - - - Changes - - -Change the server to reject invalidly-encoded multibyte -characters in all cases (Tatsuo, Tom) -While PostgreSQL has been moving in this direction for -some time, the checks are now applied uniformly to all encodings and all -textual input, and are now always errors not merely warnings. This change -defends against SQL-injection attacks of the type described in CVE-2006-2313. - - -Reject unsafe uses of \' in string literals -As a server-side defense against SQL-injection attacks of the type -described in CVE-2006-2314, the server now only accepts '' and not -\' as a representation of ASCII single quote in SQL string -literals. By default, \' is rejected only when -client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, -GB18030, or UHC), which is the scenario in which SQL injection is possible. -A new configuration parameter backslash_quote is available to -adjust this behavior when needed. Note that full security against -CVE-2006-2314 might require client-side changes; the purpose of -backslash_quote is in part to make it obvious that insecure -clients are insecure. - - -Modify libpq's string-escaping routines to be -aware of encoding considerations and -standard_conforming_strings -This fixes libpq-using applications for the security -issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs -them against the planned changeover to SQL-standard string literal syntax. -Applications that use multiple PostgreSQL connections -concurrently should migrate to PQescapeStringConn() and -PQescapeByteaConn() to ensure that escaping is done correctly -for the settings in use in each database connection. Applications that -do string escaping by hand should be modified to rely on library -routines instead. - - -Fix weak key selection in pgcrypto (Marko Kreen) -Errors in fortuna PRNG reseeding logic could cause a predictable -session key to be selected by pgp_sym_encrypt() in some cases. -This only affects non-OpenSSL-using builds. - - -Fix some incorrect encoding conversion functions -win1251_to_iso, win866_to_iso, -euc_tw_to_big5, euc_tw_to_mic, -mic_to_euc_tw were all broken to varying -extents. - - -Clean up stray remaining uses of \' in strings -(Bruce, Jan) - -Make autovacuum visible in pg_stat_activity -(Alvaro) - -Disable full_page_writes (Tom) -In certain cases, having full_page_writes off would cause -crash recovery to fail. A proper fix will appear in 8.2; for now it's just -disabled. - - -Various planner fixes, particularly for bitmap index scans and -MIN/MAX optimization (Tom) - -Fix incorrect optimization in merge join (Tom) -Outer joins could sometimes emit multiple copies of unmatched rows. - - -Fix crash from using and modifying a plpgsql function in the -same transaction - -Fix WAL replay for case where a B-Tree index has been -truncated - -Fix SIMILAR TO for patterns involving -| (Tom) - -Fix SELECT INTO and CREATE TABLE AS to -create tables in the default tablespace, not the base directory (Kris -Jurka) - -Fix server to use custom DH SSL parameters correctly (Michael -Fuhr) - -Improve qsort performance (Dann Corbit) -Currently this code is only used on Solaris. - - -Fix for OS/X Bonjour on x86 systems (Ashley Clark) - -Fix various minor memory leaks - -Fix problem with password prompting on some Win32 systems -(Robert Kinberg) - -Improve pg_dump's handling of default values -for domains - -Fix pg_dumpall to handle identically-named -users and groups reasonably (only possible when dumping from a pre-8.1 server) -(Tom) -The user and group will be merged into a single role with -LOGIN permission. Formerly the merged role wouldn't have -LOGIN permission, making it unusable as a user. - - -Fix pg_restore -n to work as -documented (Tom) - - - - - - - Release 8.1.3 - - - Release date: - 2006-02-14 - - - - This release contains a variety of fixes from 8.1.2, - including one very serious security issue. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.3 - - - A dump/restore is not required for those running 8.1.X. - However, if you are upgrading from a version earlier than 8.1.2, - see . - - - - - Changes - - - -Fix bug that allowed any logged-in user to SET -ROLE to any other database user id (CVE-2006-0553) -Due to inadequate validity checking, a user could exploit the special -case that SET ROLE normally uses to restore the previous role -setting after an error. This allowed ordinary users to acquire superuser -status, for example. -The escalation-of-privilege risk exists only in 8.1.0-8.1.2. -However, in all releases back to 7.3 there is a related bug in SET -SESSION AUTHORIZATION that allows unprivileged users to crash the server, -if it has been compiled with Asserts enabled (which is not the default). -Thanks to Akio Ishida for reporting this problem. - - -Fix bug with row visibility logic in self-inserted -rows (Tom) -Under rare circumstances a row inserted by the current command -could be seen as already valid, when it should not be. Repairs bug -created in 8.0.4, 7.4.9, and 7.3.11 releases. - - -Fix race condition that could lead to file already -exists errors during pg_clog and pg_subtrans file creation -(Tom) - -Fix cases that could lead to crashes if a cache-invalidation -message arrives at just the wrong time (Tom) - -Properly check DOMAIN constraints for -UNKNOWN parameters in prepared statements -(Neil) - -Ensure ALTER COLUMN TYPE will process -FOREIGN KEY, UNIQUE, and PRIMARY KEY -constraints in the proper order (Nakano Yoshihisa) - -Fixes to allow restoring dumps that have cross-schema -references to custom operators or operator classes (Tom) - -Allow pg_restore to continue properly after a -COPY failure; formerly it tried to treat the remaining -COPY data as SQL commands (Stephen Frost) - -Fix pg_ctl unregister crash -when the data directory is not specified (Magnus) - -Fix libpq PQprint HTML tags -(Christoph Zwerschke) - -Fix ecpg crash on AMD64 and PPC -(Neil) - -Allow SETOF and %TYPE to be used -together in function result type declarations - -Recover properly if error occurs during argument passing -in PL/python (Neil) - -Fix memory leak in plperl_return_next -(Neil) - -Fix PL/perl's handling of locales on -Win32 to match the backend (Andrew) - -Various optimizer fixes (Tom) - -Fix crash when log_min_messages is set to -DEBUG3 or above in postgresql.conf on Win32 -(Bruce) - -Fix pgxs -L library path -specification for Win32, Cygwin, OS X, AIX (Bruce) - -Check that SID is enabled while checking for Win32 admin -privileges (Magnus) - -Properly reject out-of-range date inputs (Kris -Jurka) - -Portability fix for testing presence of finite -and isinf during configure (Tom) - -Improve speed of COPY IN via libpq, by -avoiding a kernel call per data line (Alon Goldshuv) - -Improve speed of /contrib/tsearch2 index -creation (Tom) - - - - - - - - Release 8.1.2 - - - Release date: - 2006-01-09 - - - - This release contains a variety of fixes from 8.1.1. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.2 - - - A dump/restore is not required for those running 8.1.X. - However, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the locale or - plperl issues described below. - - - - - Changes - - - -Fix Windows code so that postmaster will continue rather -than exit if there is no more room in ShmemBackendArray (Magnus) -The previous behavior could lead to a denial-of-service situation if too -many connection requests arrive close together. This applies -only to the Windows port. - -Fix bug introduced in 8.0 that could allow ReadBuffer -to return an already-used page as new, potentially causing loss of -recently-committed data (Tom) - -Fix for protocol-level Describe messages issued -outside a transaction or in a failed transaction (Tom) - -Fix character string comparison for locales that consider -different character combinations as equal, such as Hungarian (Tom) -This might require REINDEX to fix existing indexes on -textual columns. - -Set locale environment variables during postmaster startup -to ensure that plperl won't change the locale later -This fixes a problem that occurred if the postmaster was -started with environment variables specifying a different locale than what -initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You might need -REINDEX to fix existing indexes on -textual columns if this has happened to you. - -Allow more flexible relocation of installation -directories (Tom) -Previous releases supported relocation only if all installation -directory paths were the same except for the last component. - -Prevent crashes caused by the use of -ISO-8859-5 and ISO-8859-9 encodings -(Tatsuo) - -Fix longstanding bug in strpos() and regular expression -handling in certain rarely used Asian multi-byte character sets (Tatsuo) - - -Fix bug where COPY CSV mode considered any -\. to terminate the copy data The new code -requires \. to appear alone on a line, as per -documentation. - -Make COPY CSV mode quote a literal data value of -\. to ensure it cannot be interpreted as the -end-of-data marker (Bruce) - -Various fixes for functions returning RECORDs -(Tom) - -Fix processing of postgresql.conf so a -final line with no newline is processed properly (Tom) - - -Fix bug in /contrib/pgcrypto gen_salt, -which caused it not to use all available salt space for MD5 and -XDES algorithms (Marko Kreen, Solar Designer) -Salts for Blowfish and standard DES are unaffected. - -Fix autovacuum crash when processing expression indexes - - -Fix /contrib/dblink to throw an error, -rather than crashing, when the number of columns specified is different from -what's actually returned by the query (Joe) - - - - - - - - Release 8.1.1 - - - Release date: - 2005-12-12 - - - - This release contains a variety of fixes from 8.1.0. - For information about new features in the 8.1 major release, see - . - - - - Migration to Version 8.1.1 - - - A dump/restore is not required for those running 8.1.X. - - - - - Changes - - -Fix incorrect optimizations of outer-join conditions -(Tom) - -Fix problems with wrong reported column names in cases -involving sub-selects flattened by the optimizer (Tom) - -Fix update failures in scenarios involving CHECK constraints, -toasted columns, and indexes (Tom) - -Fix bgwriter problems after recovering from errors -(Tom) - -The background writer was found to leak buffer pins after write errors. -While not fatal in itself, this might lead to mysterious blockages of -later VACUUM commands. - - - -Prevent failure if client sends Bind protocol message -when current transaction is already aborted - -/contrib/tsearch2 and /contrib/ltree -fixes (Teodor) - -Fix problems with translated error messages in -languages that require word reordering, such as Turkish; also problems with -unexpected truncation of output strings and wrong display of the smallest -possible bigint value (Andrew, Tom) - -These problems only appeared on platforms that were using our -port/snprintf.c code, which includes BSD variants if ---enable-nls was given, and perhaps others. In addition, -a different form of the translated-error-message problem could appear -on Windows depending on which version of libintl was used. - - -Re-allow AM/PM, HH, -HH12, and D format specifiers for -to_char(time) and to_char(interval). -(to_char(interval) should probably use -HH24.) (Bruce) - -AIX, HPUX, and MSVC compile fixes (Tom, Hiroshi -Saito) - -Optimizer improvements (Tom) - -Retry file reads and writes after Windows -NO_SYSTEM_RESOURCES error (Qingqing Zhou) - -Prevent autovacuum from crashing during -ANALYZE of expression index (Alvaro) - -Fix problems with ON COMMIT DELETE ROWS temp -tables - -Fix problems when a trigger alters the output of a SELECT -DISTINCT query - -Add 8.1.0 release note item on how to migrate invalid -UTF-8 byte sequences (Paul Lindner) - - - - - - - Release 8.1 - - - Release date: - 2005-11-08 - - - - Overview - - - Major changes in this release: - - - - - - - Improve concurrent access to the shared buffer cache (Tom) - - - - - Access to the shared buffer cache was identified as a - significant scalability problem, particularly on multi-CPU - systems. In this release, the way that locking is done in the - buffer manager has been overhauled to reduce lock contention - and improve scalability. The buffer manager has also been - changed to use a clock sweep replacement - policy. - - - - - - - Allow index scans to use an intermediate in-memory bitmap (Tom) - - - - - In previous releases, only a single index could be used to do - lookups on a table. With this feature, if a query has - WHERE tab.col1 = 4 and tab.col2 = 9, and there is - no multicolumn index on col1 and col2, - but there is an index on col1 and another on - col2, it is possible to search both indexes and - combine the results in memory, then do heap fetches for only - the rows matching both the col1 and - col2 restrictions. This is very useful in - environments that have a lot of unstructured queries where it - is impossible to create indexes that match all possible access - conditions. Bitmap scans are useful even with a single index, - as they reduce the amount of random access needed; a bitmap - index scan is efficient for retrieving fairly large fractions - of the complete table, whereas plain index scans are not. - - - - - - - Add two-phase commit (Heikki Linnakangas, Alvaro, Tom) - - - - - Two-phase commit allows transactions to be "prepared" on several - computers, and once all computers have successfully prepared - their transactions (none failed), all transactions can be - committed. Even if a machine crashes after a prepare, the - prepared transaction can be committed after the machine is - restarted. New syntax includes PREPARE TRANSACTION and - COMMIT/ROLLBACK PREPARED. A new system view - pg_prepared_xacts has also been added. - - - - - - - Create a new role system that replaces users and groups - (Stephen Frost) - - - - - Roles are a combination of users and groups. Like users, they - can have login capability, and like groups, a role can have - other roles as members. Roles basically remove the distinction - between users and groups. For example, a role can: - - - - - - - Have login capability (optionally) - - - - - - Own objects - - - - - - Hold access permissions for database objects - - - - - - Inherit permissions from other roles it is a member of - - - - - - Once a user logs into a role, she obtains capabilities of - the login role plus any inherited roles, and can use - SET ROLE to switch to other roles she is a member of. - This feature is a generalization of the SQL standard's concept of - roles. - This change also replaces pg_shadow and - pg_group by new role-capable catalogs - pg_authid and pg_auth_members. The old - tables are redefined as read-only views on the new role tables. - - - - - - - Automatically use indexes for MIN() and - MAX() (Tom) - - - - - In previous releases, the only way to use an index for - MIN() or MAX() was to rewrite the - query as SELECT col FROM tab ORDER BY col LIMIT 1. - Index usage now happens automatically. - - - - - - - Move /contrib/pg_autovacuum into the main server - (Alvaro) - - - - - Integrating autovacuum into the server allows it to be - automatically started and stopped in sync with the database - server, and allows autovacuum to be configured from - postgresql.conf. - - - - - - - Add shared row level locks using SELECT ... FOR SHARE - (Alvaro) - - - - - While PostgreSQL's MVCC locking - allows SELECT to never be blocked by writers and - therefore does not need shared row locks for typical operations, - shared locks are useful for applications that require shared row - locking. In particular this reduces the locking requirements - imposed by referential integrity checks. - - - - - - - Add dependencies on shared objects, specifically roles - (Alvaro) - - - - - This extension of the dependency mechanism prevents roles from - being dropped while there are still database objects they own. - Formerly it was possible to accidentally orphan objects by - deleting their owner. While this could be recovered from, it - was messy and unpleasant. - - - - - - - Improve performance for partitioned tables (Simon) - - - - - The new constraint_exclusion configuration - parameter avoids lookups on child tables where constraints indicate - that no matching rows exist in the child table. - - - This allows for a basic type of table partitioning. If child tables - store separate key ranges and this is enforced using appropriate - CHECK constraints, the optimizer will skip child - table accesses when the constraint guarantees no matching rows - exist in the child table. - - - - - - - - - Migration to Version 8.1 - - - A dump/restore using pg_dump is required - for those wishing to migrate data from any previous release. - - - - The 8.0 release announced that the to_char() function - for intervals would be removed in 8.1. However, since no better API - has been suggested, to_char(interval) has been enhanced in - 8.1 and will remain in the server. - - - - Observe the following incompatibilities: - - - - - - - add_missing_from is now false by default (Neil) - - - By default, we now generate an error if a table is used in a query - without a FROM reference. The old behavior is still - available, but the parameter must be set to 'true' to obtain it. - - - - It might be necessary to set add_missing_from to true - in order to load an existing dump file, if the dump contains any - views or rules created using the implicit-FROM syntax. - This should be a one-time annoyance, because - PostgreSQL 8.1 will convert - such views and rules to standard explicit-FROM syntax. - Subsequent dumps will therefore not have the problem. - - - - - - Cause input of a zero-length string ('') for - float4/float8/oid - to throw an error, rather than treating it as a zero (Neil) - - - This change is consistent with the current handling of - zero-length strings for integers. The schedule for this change - was announced in 8.0. - - - - - - default_with_oids is now false by default (Neil) - - - With this option set to false, user-created tables no longer - have an OID column unless WITH OIDS is specified in - CREATE TABLE. Though OIDs have existed in all - releases of PostgreSQL, their use is limited - because they are only four bytes long and the counter is shared - across all installed databases. The preferred way of uniquely - identifying rows is via sequences and the SERIAL type, - which have been supported since PostgreSQL 6.4. - - - - - - Add E'' syntax so eventually ordinary strings can - treat backslashes literally (Bruce) - - - Currently PostgreSQL processes a - backslash in a string literal as introducing a special escape sequence, - e.g. \n or \010. - While this allows easy entry of special values, it is - nonstandard and makes porting of applications from other - databases more difficult. For this reason, the - PostgreSQL project is planning to - remove the special meaning of backslashes in strings. For - backward compatibility and for users who want special backslash - processing, a new string syntax has been created. This new string - syntax is formed by writing an E immediately preceding the - single quote that starts the string, e.g. E'hi\n'. While - this release does not change the handling of backslashes in strings, it - does add new configuration parameters to help users migrate applications - for future releases: - - - - - - standard_conforming_strings — does this release - treat backslashes literally in ordinary strings? - - - - - - escape_string_warning — warn about backslashes in - ordinary (non-E) strings - - - - - - - The standard_conforming_strings value is read-only. - Applications can retrieve the value to know how backslashes are - processed. (Presence of the parameter can also be taken as an - indication that E'' string syntax is supported.) - In a future release, standard_conforming_strings - will be true, meaning backslashes will be treated literally in - non-E strings. To prepare for this change, use E'' - strings in places that need special backslash processing, and - turn on escape_string_warning to find additional - strings that need to be converted to use E''. - Also, use two single-quotes ('') to embed a literal - single-quote in a string, rather than the - PostgreSQL-supported syntax of - backslash single-quote (\'). The former is - standards-conforming and does not require the use of the - E'' string syntax. You can also use the - $$ string syntax, which does not treat backslashes - specially. - - - - - - Make REINDEX DATABASE reindex all indexes in the - database (Tom) - - - Formerly, REINDEX DATABASE reindexed only - system tables. This new behavior seems more intuitive. A new - command REINDEX SYSTEM provides the old functionality - of reindexing just the system tables. - - - - - - Read-only large object descriptors now obey MVCC snapshot semantics - - - When a large object is opened with INV_READ (and not - INV_WRITE), the data read from the descriptor will now - reflect a snapshot of the large object's state at the - time of the transaction snapshot in use by the query that called - lo_open(). To obtain the old behavior of always - returning the latest committed data, include INV_WRITE - in the mode flags for lo_open(). - - - - - - Add proper dependencies for arguments of sequence functions (Tom) - - - In previous releases, sequence names passed to nextval(), - currval(), and setval() were stored as - simple text strings, meaning that renaming or dropping a - sequence used in a DEFAULT clause made the clause - invalid. This release stores all newly-created sequence function - arguments as internal OIDs, allowing them to track sequence - renaming, and adding dependency information that prevents - improper sequence removal. It also makes such DEFAULT - clauses immune to schema renaming and search path changes. - - - Some applications might rely on the old behavior of - run-time lookup for sequence names. This can still be done by - explicitly casting the argument to text, for example - nextval('myseq'::text). - - - Pre-8.1 database dumps loaded into 8.1 will use the old text-based - representation and therefore will not have the features of - OID-stored arguments. However, it is possible to update a - database containing text-based DEFAULT clauses. - First, save this query into a file, such as fixseq.sql: - -SELECT 'ALTER TABLE ' || - pg_catalog.quote_ident(n.nspname) || '.' || - pg_catalog.quote_ident(c.relname) || - ' ALTER COLUMN ' || pg_catalog.quote_ident(a.attname) || - ' SET DEFAULT ' || - regexp_replace(d.adsrc, - $$val\(\(('[^']*')::text\)::regclass$$, - $$val(\1$$, - 'g') || - ';' -FROM pg_namespace n, pg_class c, pg_attribute a, pg_attrdef d -WHERE n.oid = c.relnamespace AND - c.oid = a.attrelid AND - a.attrelid = d.adrelid AND - a.attnum = d.adnum AND - d.adsrc ~ $$val\(\('[^']*'::text\)::regclass$$; - - Next, run the query against a database to find what - adjustments are required, like this for database db1: - -psql -t -f fixseq.sql db1 - - This will show the ALTER TABLE commands needed to - convert the database to the newer OID-based representation. - If the commands look reasonable, run this to update the database: - -psql -t -f fixseq.sql db1 | psql -e db1 - - This process must be repeated in each database to be updated. - - - - - - In psql, treat unquoted - \{digit}+ sequences as octal (Bruce) - - - In previous releases, \{digit}+ sequences were - treated as decimal, and only \0{digit}+ were treated - as octal. This change was made for consistency. - - - - - - Remove grammar productions for prefix and postfix % - and ^ operators - (Tom) - - - These have never been documented and complicated the use of the - modulus operator (%) with negative numbers. - - - - - - Make &< and &> for polygons - consistent with the box "over" operators (Tom) - - - - - - CREATE LANGUAGE can ignore the provided arguments - in favor of information from pg_pltemplate - (Tom) - - - A new system catalog pg_pltemplate has been defined - to carry information about the preferred definitions of procedural - languages (such as whether they have validator functions). When - an entry exists in this catalog for the language being created, - CREATE LANGUAGE will ignore all its parameters except the - language name and instead use the catalog information. This measure - was taken because of increasing problems with obsolete language - definitions being loaded by old dump files. As of 8.1, - pg_dump will dump procedural language definitions as - just CREATE LANGUAGE name, relying - on a template entry to exist at load time. We expect this will be a - more future-proof representation. - - - - - - Make pg_cancel_backend(int) return a - boolean rather than an integer (Neil) - - - - - - Some users are having problems loading UTF-8 data into 8.1.X. - This is because previous versions allowed invalid UTF-8 byte - sequences to be entered into the database, and this release - properly accepts only valid UTF-8 sequences. One way to correct a - dumpfile is to run the command iconv -c -f UTF-8 -t - UTF-8 -o cleanfile.sql dumpfile.sql. The -c option - removes invalid character sequences. A diff of the two files will - show the sequences that are invalid. iconv reads the - entire input file into memory so it might be necessary to use - split to break up the dump into multiple smaller - files for processing. - - - - - - - - Additional Changes - - - Below you will find a detailed account of the additional changes - between PostgreSQL 8.1 and the - previous major release. - - - - Performance Improvements - - - - - Improve GiST and R-tree index performance (Neil) - - - - - - Improve the optimizer, including auto-resizing of hash joins - (Tom) - - - - - - Overhaul internal API in several areas - - - - - - Change WAL record CRCs from 64-bit to 32-bit (Tom) - - - We determined that the extra cost of computing 64-bit CRCs was - significant, and the gain in reliability too marginal to justify it. - - - - - - Prevent writing large empty gaps in WAL pages (Tom) - - - - - - Improve spinlock behavior on SMP machines, particularly Opterons (Tom) - - - - - - Allow nonconsecutive index columns to be used in a multicolumn - index (Tom) - - - For example, this allows an index on columns a,b,c to be used in - a query with WHERE a = 4 and c = 10. - - - - - - Skip WAL logging for CREATE TABLE AS / - SELECT INTO (Simon) - - - Since a crash during CREATE TABLE AS would cause the - table to be dropped during recovery, there is no reason to WAL - log as the table is loaded. (Logging still happens if WAL - archiving is enabled, however.) - - - - - - Allow concurrent GiST index access (Teodor, Oleg) - - - - - - Add configuration parameter full_page_writes to - control writing full pages to WAL (Bruce) - - - To prevent partial disk writes from corrupting the database, - PostgreSQL writes a complete copy of - each database disk page to WAL the first time it is modified - after a checkpoint. This option turns off that functionality for more - speed. This is safe to use with battery-backed disk caches where - partial page writes cannot happen. - - - - - - Use O_DIRECT if available when using - O_SYNC for wal_sync_method - (Itagaki Takahiro) - - - O_DIRECT causes disk writes to bypass the kernel - cache, and for WAL writes, this improves performance. - - - - - - Improve COPY FROM performance (Alon Goldshuv) - - - This was accomplished by reading COPY input in - larger chunks, rather than character by character. - - - - - - Improve the performance of COUNT(), - SUM, AVG(), - STDDEV(), and - VARIANCE() (Neil, Tom) - - - - - - - Server Changes - - - - - Prevent problems due to transaction ID (XID) wraparound (Tom) - - - The server will now warn when the transaction counter approaches - the wraparound point. If the counter becomes too close to wraparound, - the server will stop accepting queries. This ensures that data is - not lost before needed vacuuming is performed. - - - - - - Fix problems with object IDs (OIDs) conflicting with existing system - objects after the OID counter has wrapped around (Tom) - - - - - - Add warning about the need to increase - max_fsm_relations and max_fsm_pages - during VACUUM (Ron Mayer) - - - - - - Add temp_buffers configuration parameter to allow - users to determine the size of the local buffer area for - temporary table access (Tom) - - - - - - Add session start time and client IP address to - pg_stat_activity (Magnus) - - - - - - Adjust pg_stat views for bitmap scans (Tom) - - - The meanings of some of the fields have changed slightly. - - - - - - Enhance pg_locks view (Tom) - - - - - - Log queries for client-side PREPARE and - EXECUTE (Simon) - - - - - - Allow Kerberos name and user name case sensitivity to be - specified in postgresql.conf (Magnus) - - - - - - Add configuration parameter krb_server_hostname so - that the server host name can be specified as part of service - principal (Todd Kover) - - - If not set, any service principal matching an entry in the - keytab can be used. This is new Kerberos matching behavior in - this release. - - - - - - Add log_line_prefix options for millisecond - timestamps (%m) and remote host (%h) (Ed - L.) - - - - - - Add WAL logging for GiST indexes (Teodor, Oleg) - - - GiST indexes are now safe for crash and point-in-time recovery. - - - - - - Remove old *.backup files when we do - pg_stop_backup() (Bruce) - - - This prevents a large number of *.backup files from - existing in pg_xlog/. - - - - - - Add configuration parameters to control TCP/IP keep-alive - times for idle, interval, and count (Oliver Jowett) - - - - These values can be changed to allow more rapid detection of - lost client connections. - - - - - - Add per-user and per-database connection limits (Petr Jelinek) - - - Using ALTER USER and ALTER DATABASE, - limits can now be enforced on the maximum number of sessions that - can concurrently connect as a specific user or to a specific database. - Setting the limit to zero disables user or database connections. - - - - - - Allow more than two gigabytes of shared memory and per-backend - work memory on 64-bit machines (Koichi Suzuki) - - - - - - New system catalog pg_pltemplate allows overriding - obsolete procedural-language definitions in dump files (Tom) - - - - - - - - - Query Changes - - - - - Add temporary views (Koju Iijima, Neil) - - - - - - Fix HAVING without any aggregate functions or - GROUP BY so that the query returns a single group (Tom) - - - Previously, such a case would treat the HAVING - clause the same as a WHERE clause. This was not per spec. - - - - - - Add USING clause to allow additional tables to be - specified to DELETE (Euler Taveira de Oliveira, Neil) - - - In prior releases, there was no clear method for specifying - additional tables to be used for joins in a DELETE - statement. UPDATE already has a FROM - clause for this purpose. - - - - - - Add support for \x hex escapes in backend and ecpg - strings (Bruce) - - - This is just like the standard C \x escape syntax. - Octal escapes were already supported. - - - - - - Add BETWEEN SYMMETRIC query syntax (Pavel Stehule) - - - This feature allows BETWEEN comparisons without - requiring the first value to be less than the second. For - example, 2 BETWEEN [ASYMMETRIC] 3 AND 1 returns - false, while 2 BETWEEN SYMMETRIC 3 AND 1 returns - true. BETWEEN ASYMMETRIC was already supported. - - - - - - Add NOWAIT option to SELECT ... FOR - UPDATE/SHARE (Hans-Juergen Schoenig) - - - While the statement_timeout configuration - parameter allows a query taking more than a certain amount of - time to be canceled, the NOWAIT option allows a - query to be canceled as soon as a SELECT ... FOR - UPDATE/SHARE command cannot immediately acquire a row lock. - - - - - - - - Object Manipulation Changes - - - - - Track dependencies of shared objects (Alvaro) - - - PostgreSQL allows global tables - (users, databases, tablespaces) to reference information in - multiple databases. This addition adds dependency information - for global tables, so, for example, user ownership can be - tracked across databases, so a user who owns something in any - database can no longer be removed. Dependency tracking already - existed for database-local objects. - - - - - - Allow limited ALTER OWNER commands to be performed - by the object owner (Stephen Frost) - - - Prior releases allowed only superusers to change object owners. - Now, ownership can be transferred if the user executing the command - owns the object and would be able to create it as the new owner - (that is, the user is a member of the new owning role and that role - has the CREATE permission that would be needed to create the object - afresh). - - - - - - Add ALTER object SET SCHEMA capability - for some object types (tables, functions, types) (Bernd Helmle) - - - This allows objects to be moved to different schemas. - - - - - - Add ALTER TABLE ENABLE/DISABLE TRIGGER to - disable triggers (Satoshi Nagayasu) - - - - - - - - - Utility Command Changes - - - - - Allow TRUNCATE to truncate multiple tables in a - single command (Alvaro) - - - Because of referential integrity checks, it is not allowed to - truncate a table that is part of a referential integrity - constraint. Using this new functionality, TRUNCATE - can be used to truncate such tables, if both tables involved in - a referential integrity constraint are truncated in a single - TRUNCATE command. - - - - - - Properly process carriage returns and line feeds in - COPY CSV mode (Andrew) - - - In release 8.0, carriage returns and line feeds in CSV - COPY TO were processed in an inconsistent manner. (This was - documented on the TODO list.) - - - - - - Add COPY WITH CSV HEADER to allow a header line as - the first line in COPY (Andrew) - - - This allows handling of the common CSV usage of - placing the column names on the first line of the data file. For - COPY TO, the first line contains the column names, - and for COPY FROM, the first line is ignored. - - - - - - On Windows, display better sub-second precision in - EXPLAIN ANALYZE (Magnus) - - - - - - Add trigger duration display to EXPLAIN ANALYZE - (Tom) - - - Prior releases included trigger execution time as part of the - total execution time, but did not show it separately. It is now - possible to see how much time is spent in each trigger. - - - - - - Add support for \x hex escapes in COPY - (Sergey Ten) - - - Previous releases only supported octal escapes. - - - - - - Make SHOW ALL include variable descriptions - (Matthias Schmidt) - - - SHOW varname still only displays the variable's - value and does not include the description. - - - - - - Make initdb create a new standard - database called postgres, and convert utilities to - use postgres rather than template1 for - standard lookups (Dave) - - - In prior releases, template1 was used both as a - default connection for utilities like - createuser, and as a template for - new databases. This caused CREATE DATABASE to - sometimes fail, because a new database cannot be created if - anyone else is in the template database. With this change, the - default connection database is now postgres, - meaning it is much less likely someone will be using - template1 during CREATE DATABASE. - - - - - - Create new reindexdb command-line - utility by moving /contrib/reindexdb into the - server (Euler Taveira de Oliveira) - - - - - - - - - Data Type and Function Changes - - - - - Add MAX() and MIN() aggregates for - array types (Koju Iijima) - - - - - - Fix to_date() and to_timestamp() to - behave reasonably when CC and YY fields - are both used (Karel Zak) - - - If the format specification contains CC and a year - specification is YYY or longer, ignore the - CC. If the year specification is YY or - shorter, interpret CC as the previous century. - - - - - - Add md5(bytea) (Abhijit Menon-Sen) - - - md5(text) already existed. - - - - - - Add support for numeric ^ numeric based on - power(numeric, numeric) - - - The function already existed, but there was no operator assigned - to it. - - - - - - Fix NUMERIC modulus by properly truncating the quotient - during computation (Bruce) - - - In previous releases, modulus for large values sometimes - returned negative results due to rounding of the quotient. - - - - - - Add a function lastval() (Dennis Björklund) - - - lastval() is a simplified version of - currval(). It automatically determines the proper - sequence name based on the most recent nextval() or - setval() call performed by the current session. - - - - - - Add to_timestamp(DOUBLE PRECISION) (Michael Glaesemann) - - - Converts Unix seconds since 1970 to a TIMESTAMP WITH - TIMEZONE. - - - - - - Add pg_postmaster_start_time() function (Euler - Taveira de Oliveira, Matthias Schmidt) - - - - - - Allow the full use of time zone names in AT TIME - ZONE, not just the short list previously available (Magnus) - - - Previously, only a predefined list of time zone names were - supported by AT TIME ZONE. Now any supported time - zone name can be used, e.g.: - -SELECT CURRENT_TIMESTAMP AT TIME ZONE 'Europe/London'; - - In the above query, the time zone used is adjusted based on the - daylight saving time rules that were in effect on the supplied - date. - - - - - - Add GREATEST() and LEAST() variadic - functions (Pavel Stehule) - - - These functions take a variable number of arguments and return - the greatest or least value among the arguments. - - - - - - Add pg_column_size() (Mark Kirkwood) - - - This returns storage size of a column, which might be compressed. - - - - - - Add regexp_replace() (Atsushi Ogawa) - - - This allows regular expression replacement, like sed. An optional - flag argument allows selection of global (replace all) and - case-insensitive modes. - - - - - - Fix interval division and multiplication (Bruce) - - - Previous versions sometimes returned unjustified results, like - '4 months'::interval / 5 returning '1 mon - -6 days'. - - - - - - Fix roundoff behavior in timestamp, time, and interval output (Tom) - - - This fixes some cases in which the seconds field would be shown as - 60 instead of incrementing the higher-order fields. - - - - - - Add a separate day field to type interval so a one day - interval can be distinguished from a 24 hour interval (Michael - Glaesemann) - - - Days that contain a daylight saving time adjustment are not 24 - hours long, but typically 23 or 25 hours. This change creates a - conceptual distinction between intervals of so many days - and intervals of so many hours. Adding - 1 day to a timestamp now gives the same local time on - the next day even if a daylight saving time adjustment occurs - between, whereas adding 24 hours will give a different - local time when this happens. For example, under US DST rules: - -'2005-04-03 00:00:00-05' + '1 day' = '2005-04-04 00:00:00-04' -'2005-04-03 00:00:00-05' + '24 hours' = '2005-04-04 01:00:00-04' - - - - - - - Add justify_days() and justify_hours() - (Michael Glaesemann) - - - These functions, respectively, adjust days to an appropriate - number of full months and days, and adjust hours to an - appropriate number of full days and hours. - - - - - - Move /contrib/dbsize into the backend, and rename - some of the functions (Dave Page, Andreas Pflug) - - - - - - - pg_tablespace_size() - - - - - - pg_database_size() - - - - - - pg_relation_size() - - - - - - pg_total_relation_size() - - - - - - pg_size_pretty() - - - - - - - pg_total_relation_size() includes indexes and TOAST - tables. - - - - - - Add functions for read-only file access to the cluster directory - (Dave Page, Andreas Pflug) - - - - - - - pg_stat_file() - - - - - - pg_read_file() - - - - - - pg_ls_dir() - - - - - - - - - - Add pg_reload_conf() to force reloading of the - configuration files (Dave Page, Andreas Pflug) - - - - - - Add pg_rotate_logfile() to force rotation of the - server log file (Dave Page, Andreas Pflug) - - - - - - Change pg_stat_* views to include TOAST tables (Tom) - - - - - - - - - Encoding and Locale Changes - - - - - Rename some encodings to be more consistent and to follow - international standards (Bruce) - - - - - - - UNICODE is now UTF8 - - - - - - ALT is now WIN866 - - - - - - WIN is now WIN1251 - - - - - - TCVN is now WIN1258 - - - - - - - - The original names still work. - - - - - - Add support for WIN1252 encoding (Roland Volkmann) - - - - - - Add support for four-byte UTF8 characters (John - Hansen) - - - Previously only one, two, and three-byte UTF8 characters - were supported. This is particularly important for support for - some Chinese character sets. - - - - - - Allow direct conversion between EUC_JP and - SJIS to improve performance (Atsushi Ogawa) - - - - - - Allow the UTF8 encoding to work on Windows (Magnus) - - - This is done by mapping UTF8 to the Windows-native UTF16 - implementation. - - - - - - - - - General Server-Side Language Changes - - - - - Fix ALTER LANGUAGE RENAME (Sergey Yatskevich) - - - - - - Allow function characteristics, like strictness and volatility, - to be modified via ALTER FUNCTION (Neil) - - - - - - Increase the maximum number of function arguments to 100 (Tom) - - - - - - Allow SQL and PL/pgSQL functions to use OUT and - INOUT parameters (Tom) - - - OUT is an alternate way for a function to return - values. Instead of using RETURN, values can be - returned by assigning to parameters declared as OUT or - INOUT. This is notationally simpler in some cases, - particularly so when multiple values need to be returned. - While returning multiple values from a function - was possible in previous releases, this greatly simplifies the - process. (The feature will be extended to other server-side - languages in future releases.) - - - - - - Move language handler functions into the pg_catalog schema - - - This makes it easier to drop the public schema if desired. - - - - - - Add SPI_getnspname() to SPI (Neil) - - - - - - - - PL/pgSQL Server-Side Language Changes - - - - - Overhaul the memory management of PL/pgSQL functions (Neil) - - - The parsetree of each function is now stored in a separate - memory context. This allows this memory to be easily reclaimed - when it is no longer needed. - - - - - - Check function syntax at CREATE FUNCTION time, - rather than at runtime (Neil) - - - Previously, most syntax errors were reported only when the - function was executed. - - - - - - Allow OPEN to open non-SELECT queries - like EXPLAIN and SHOW (Tom) - - - - - - No longer require functions to issue a RETURN - statement (Tom) - - - This is a byproduct of the newly added OUT and - INOUT functionality. RETURN can - be omitted when it is not needed to provide the function's - return value. - - - - - - Add support for an optional INTO clause to - PL/pgSQL's EXECUTE statement (Pavel Stehule, Neil) - - - - - - Make CREATE TABLE AS set ROW_COUNT (Tom) - - - - - - Define SQLSTATE and SQLERRM to return - the SQLSTATE and error message of the current - exception (Pavel Stehule, Neil) - - - These variables are only defined inside exception blocks. - - - - - - Allow the parameters to the RAISE statement to be - expressions (Pavel Stehule, Neil) - - - - - - Add a loop CONTINUE statement (Pavel Stehule, Neil) - - - - - - Allow block and loop labels (Pavel Stehule) - - - - - - - - - PL/Perl Server-Side Language Changes - - - - - Allow large result sets to be returned efficiently (Abhijit - Menon-Sen) - - - This allows functions to use return_next() to avoid - building the entire result set in memory. - - - - - - Allow one-row-at-a-time retrieval of query results (Abhijit Menon-Sen) - - - This allows functions to use spi_query() and - spi_fetchrow() to avoid accumulating the entire - result set in memory. - - - - - - Force PL/Perl to handle strings as UTF8 if the - server encoding is UTF8 (David Kamholz) - - - - - - Add a validator function for PL/Perl (Andrew) - - - This allows syntax errors to be reported at definition time, - rather than execution time. - - - - - - Allow PL/Perl to return a Perl array when the function returns - an array type (Andrew) - - - This basically maps PostgreSQL arrays - to Perl arrays. - - - - - - Allow Perl nonfatal warnings to generate NOTICE - messages (Andrew) - - - - - - Allow Perl's strict mode to be enabled (Andrew) - - - - - - - - - <application>psql</> Changes - - - - - Add \set ON_ERROR_ROLLBACK to allow statements in - a transaction to error without affecting the rest of the - transaction (Greg Sabino Mullane) - - - This is basically implemented by wrapping every statement in a - sub-transaction. - - - - - - Add support for \x hex strings in - psql variables (Bruce) - - - Octal escapes were already supported. - - - - - - Add support for troff -ms output format (Roger - Leigh) - - - - - - Allow the history file location to be controlled by - HISTFILE (Andreas Seltenreich) - - - This allows configuration of per-database history storage. - - - - - - Prevent \x (expanded mode) from affecting - the output of \d tablename (Neil) - - - - - - Add - - This option was added because some operating systems do not have - simple command-line activity logging functionality. - - - - - - Make \d show the tablespaces of indexes (Qingqing - Zhou) - - - - - - Allow psql help (\h) to - make a best guess on the proper help information (Greg Sabino - Mullane) - - - This allows the user to just add \h to the front of - the syntax error query and get help on the supported syntax. - Previously any additional query text beyond the command name - had to be removed to use \h. - - - - - - Add \pset numericlocale to allow numbers to be - output in a locale-aware format (Eugen Nedelcu) - - - For example, using C locale 100000 would - be output as 100,000.0 while a European locale might - output this value as 100.000,0. - - - - - - Make startup banner show both server version number and - psql's version number, when they are different (Bruce) - - - Also, a warning will be shown if the server and psql - are from different major releases. - - - - - - - - - <application>pg_dump</> Changes - - - - - Add - - This allows just the objects in a specified schema to be restored. - - - - - - Allow pg_dump to dump large objects even in - text mode (Tom) - - - With this change, large objects are now always dumped; the former - - - - - - Allow pg_dump to dump a consistent snapshot of - large objects (Tom) - - - - - - Dump comments for large objects (Tom) - - - - - - Add - - This allows a database to be dumped in an encoding that is - different from the server's encoding. This is valuable when - transferring the dump to a machine with a different encoding. - - - - - - Rely on pg_pltemplate for procedural languages (Tom) - - - If the call handler for a procedural language is in the - pg_catalog schema, pg_dump does not - dump the handler. Instead, it dumps the language using just - CREATE LANGUAGE name, - relying on the pg_pltemplate catalog to provide - the language's creation parameters at load time. - - - - - - - - - <application>libpq</application> Changes - - - - - Add a PGPASSFILE environment variable to specify the - password file's filename (Andrew) - - - - - - Add lo_create(), that is similar to - lo_creat() but allows the OID of the large object - to be specified (Tom) - - - - - - Make libpq consistently return an error - to the client application on malloc() - failure (Neil) - - - - - - - - Source Code Changes - - - - - Fix pgxs to support building against a relocated - installation - - - - - - Add spinlock support for the Itanium processor using Intel - compiler (Vikram Kalsi) - - - - - - Add Kerberos 5 support for Windows (Magnus) - - - - - - Add Chinese FAQ (laser@pgsqldb.com) - - - - - - Rename Rendezvous to Bonjour to match OS/X feature renaming - (Bruce) - - - - - - Add support for fsync_writethrough on - Darwin (Chris Campbell) - - - - - - Streamline the passing of information within the server, the - optimizer, and the lock system (Tom) - - - - - - Allow pg_config to be compiled using MSVC (Andrew) - - - This is required to build DBD::Pg using MSVC. - - - - - - Remove support for Kerberos V4 (Magnus) - - - Kerberos 4 had security vulnerabilities and is no longer - maintained. - - - - - - Code cleanups (Coverity static analysis performed by - EnterpriseDB) - - - - - - Modify postgresql.conf to use documentation defaults - on/off rather than - true/false (Bruce) - - - - - - Enhance pg_config to be able to report more - build-time values (Tom) - - - - - - Allow libpq to be built thread-safe - on Windows (Dave Page) - - - - - - Allow IPv6 connections to be used on Windows (Andrew) - - - - - - Add Server Administration documentation about I/O subsystem - reliability (Bruce) - - - - - - Move private declarations from gist.h to - gist_private.h (Neil) - - - - In previous releases, gist.h contained both the - public GiST API (intended for use by authors of GiST index - implementations) as well as some private declarations used by - the implementation of GiST itself. The latter have been moved - to a separate file, gist_private.h. Most GiST - index implementations should be unaffected. - - - - - - Overhaul GiST memory management (Neil) - - - - GiST methods are now always invoked in a short-lived memory - context. Therefore, memory allocated via palloc() - will be reclaimed automatically, so GiST index implementations - do not need to manually release allocated memory via - pfree(). - - - - - - - - Contrib Changes - - - - - Add /contrib/pg_buffercache contrib module (Mark - Kirkwood) - - - This displays the contents of the buffer cache, for debugging and - performance tuning purposes. - - - - - - Remove /contrib/array because it is obsolete (Tom) - - - - - - Clean up the /contrib/lo module (Tom) - - - - - - Move /contrib/findoidjoins to - /src/tools (Tom) - - - - - - Remove the <<, >>, - &<, and &> operators from - /contrib/cube - - - These operators were not useful. - - - - - - Improve /contrib/btree_gist (Janko Richter) - - - - - - Improve /contrib/pgbench (Tomoaki Sato, Tatsuo) - - - There is now a facility for testing with SQL command scripts given - by the user, instead of only a hard-wired command sequence. - - - - - - Improve /contrib/pgcrypto (Marko Kreen) - - - - - - - Implementation of OpenPGP symmetric-key and public-key encryption - - - Both RSA and Elgamal public-key algorithms are supported. - - - - - - Stand alone build: include SHA256/384/512 hashes, Fortuna PRNG - - - - - - OpenSSL build: support 3DES, use internal AES with OpenSSL < 0.9.7 - - - - - - Take build parameters (OpenSSL, zlib) from configure result - - - There is no need to edit the Makefile anymore. - - - - - - Remove support for libmhash and libmcrypt - - - - - - - - - - - diff --git a/doc/src/sgml/release-8.2.sgml b/doc/src/sgml/release-8.2.sgml deleted file mode 100644 index 8a67cf22cc..0000000000 --- a/doc/src/sgml/release-8.2.sgml +++ /dev/null @@ -1,7077 +0,0 @@ - - - - - Release 8.2.23 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 8.2.22. - For information about new features in the 8.2 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.2.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.2.23 - - - A dump/restore is not required for those running 8.2.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 8.2.22 - - - Release date: - 2011-09-26 - - - - This release contains a variety of fixes from 8.2.21. - For information about new features in the 8.2 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.2.X release series in December 2011. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.2.22 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Fix multiple bugs in GiST index page split processing (Heikki - Linnakangas) - - - - The probability of occurrence was low, but these could lead to index - corruption. - - - - - - Avoid possibly accessing off the end of memory in ANALYZE - (Noah Misch) - - - - This fixes a very-low-probability server crash scenario. - - - - - - Fix race condition in relcache init file invalidation (Tom Lane) - - - - There was a window wherein a new backend process could read a stale init - file but miss the inval messages that would tell it the data is stale. - The result would be bizarre failures in catalog accesses, typically - could not read block 0 in file ... later during startup. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix performance problem when constructing a large, lossy bitmap - (Tom Lane) - - - - - - Fix array- and path-creating functions to ensure padding bytes are - zeroes (Tom Lane) - - - - This avoids some situations where the planner will think that - semantically-equal constants are not equal, resulting in poor - optimization. - - - - - - Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) - - - - This could lead to loss of committed transactions after a server crash. - - - - - - Fix dump bug for VALUES in a view (Tom Lane) - - - - - - Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) - - - - This operation doesn't work as expected and can lead to failures. - - - - - - Defend against integer overflow when computing size of a hash table (Tom - Lane) - - - - - - Fix portability bugs in use of credentials control messages for - peer authentication (Tom Lane) - - - - - - Fix typo in pg_srand48 seed initialization (Andres Freund) - - - - This led to failure to use all bits of the provided seed. This function - is not used on most platforms (only those without srandom), - and the potential security exposure from a less-random-than-expected - seed seems minimal in any case. - - - - - - Avoid integer overflow when the sum of LIMIT and - OFFSET values exceeds 2^63 (Heikki Linnakangas) - - - - - - Add overflow checks to int4 and int8 versions of - generate_series() (Robert Haas) - - - - - - Fix trailing-zero removal in to_char() (Marti Raudsepp) - - - - In a format with FM and no digit positions - after the decimal point, zeroes to the left of the decimal point could - be removed incorrectly. - - - - - - Fix pg_size_pretty() to avoid overflow for inputs close to - 2^63 (Tom Lane) - - - - - - Fix psql's counting of script file line numbers during - COPY from a different file (Tom Lane) - - - - - - Fix pg_restore's direct-to-database mode for - standard_conforming_strings (Tom Lane) - - - - pg_restore could emit incorrect commands when restoring - directly to a database server from an archive file that had been made - with standard_conforming_strings set to on. - - - - - - Fix write-past-buffer-end and memory leak in libpq's - LDAP service lookup code (Albe Laurenz) - - - - - - In libpq, avoid failures when using nonblocking I/O - and an SSL connection (Martin Pihlak, Tom Lane) - - - - - - Improve libpq's handling of failures during connection startup - (Tom Lane) - - - - In particular, the response to a server report of fork() - failure during SSL connection startup is now saner. - - - - - - Make ecpglib write double values with 15 digits - precision (Akira Kurosawa) - - - - - - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) - (Tom Lane) - - - - contrib/pg_crypto's blowfish encryption code could give - wrong results on platforms where char is signed (which is most), - leading to encrypted passwords being weaker than they should be. - - - - - - Fix memory leak in contrib/seg (Heikki Linnakangas) - - - - - - Fix pgstatindex() to give consistent results for empty - indexes (Tom Lane) - - - - - - Allow building with perl 5.14 (Alex Hunsaker) - - - - - - Update configure script's method for probing existence of system - functions (Tom Lane) - - - - The version of autoconf we used in 8.3 and 8.2 could be fooled by - compilers that perform link-time optimization. - - - - - - Fix assorted issues with build and install file paths containing spaces - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2011i - for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. - - - - - - - - - - Release 8.2.21 - - - Release date: - 2011-04-18 - - - - This release contains a variety of fixes from 8.2.20. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.21 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Avoid potential deadlock during catalog cache initialization - (Nikhil Sontakke) - - - - In some cases the cache loading code would acquire share lock on a - system index before locking the index's catalog. This could deadlock - against processes trying to acquire exclusive locks in the other, - more standard order. - - - - - - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger - handling when there was a concurrent update to the target tuple - (Tom Lane) - - - - This bug has been observed to result in intermittent cannot - extract system attribute from virtual tuple failures while trying to - do UPDATE RETURNING ctid. There is a very small probability - of more serious errors, such as generating incorrect index entries for - the updated tuple. - - - - - - Disallow DROP TABLE when there are pending deferred trigger - events for the table (Tom Lane) - - - - Formerly the DROP would go through, leading to - could not open relation with OID nnn errors when the - triggers were eventually fired. - - - - - - Fix PL/Python memory leak involving array slices (Daniel Popowich) - - - - - - Fix pg_restore to cope with long lines (over 1KB) in - TOC files (Tom Lane) - - - - - - Put in more safeguards against crashing due to division-by-zero - with overly enthusiastic compiler optimization (Aurelien Jarno) - - - - - - Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) - - - - There was a hard-wired assumption that this system function was not - available on MIPS hardware on these systems. Use a compile-time test - instead, since more recent versions have it. - - - - - - Fix compilation failures on HP-UX (Heikki Linnakangas) - - - - - - Fix path separator used by pg_regress on Cygwin - (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2011f - for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, - and Turkey; also historical corrections for South Australia, Alaska, - and Hawaii. - - - - - - - - - - Release 8.2.20 - - - Release date: - 2011-01-31 - - - - This release contains a variety of fixes from 8.2.19. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.20 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Avoid failures when EXPLAIN tries to display a simple-form - CASE expression (Tom Lane) - - - - If the CASE's test expression was a constant, the planner - could simplify the CASE into a form that confused the - expression-display code, resulting in unexpected CASE WHEN - clause errors. - - - - - - Fix assignment to an array slice that is before the existing range - of subscripts (Tom Lane) - - - - If there was a gap between the newly added subscripts and the first - pre-existing subscript, the code miscalculated how many entries needed - to be copied from the old array's null bitmap, potentially leading to - data corruption or crash. - - - - - - Avoid unexpected conversion overflow in planner for very distant date - values (Tom Lane) - - - - The date type supports a wider range of dates than can be - represented by the timestamp types, but the planner assumed it - could always convert a date to timestamp with impunity. - - - - - - Fix pg_restore's text output for large objects (BLOBs) - when standard_conforming_strings is on (Tom Lane) - - - - Although restoring directly to a database worked correctly, string - escaping was incorrect if pg_restore was asked for - SQL text output and standard_conforming_strings had been - enabled in the source database. - - - - - - Fix erroneous parsing of tsquery values containing - ... & !(subexpression) | ... (Tom Lane) - - - - Queries containing this combination of operators were not executed - correctly. The same error existed in contrib/intarray's - query_int type and contrib/ltree's - ltxtquery type. - - - - - - Fix buffer overrun in contrib/intarray's input function - for the query_int type (Apple) - - - - This bug is a security risk since the function's return address could - be overwritten. Thanks to Apple Inc's security team for reporting this - issue and supplying the fix. (CVE-2010-4015) - - - - - - Fix bug in contrib/seg's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a seg column. - If you have such an index, consider REINDEXing it after - installing this update. (This is identical to the bug that was fixed in - contrib/cube in the previous update.) - - - - - - - - - - Release 8.2.19 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 8.2.18. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.19 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) - - - - This could result in bad buffer id: 0 failures or - corruption of index contents during replication. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Behave correctly if ORDER BY, LIMIT, - FOR UPDATE, or WITH is attached to the - VALUES part of INSERT ... VALUES (Tom Lane) - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix PL/Python's handling of set-returning functions - (Jan Urbanski) - - - - Attempts to call SPI functions within the iterator generating a set - result would fail. - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 8.2.18 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.2.17. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.18 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Fix Windows shared-memory allocation code - (Tsutomu Yamada, Magnus Hagander) - - - - This bug led to the often-reported could not reattach to shared - memory error message. This is a back-patch of a fix that was - applied to newer branches some time ago. - - - - - - Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on - Windows (Magnus Hagander) - - - - Under high load, Windows processes will sometimes fail at startup with - this error code. Formerly the postmaster treated this as a panic - condition and restarted the whole database, but that seems to be - an overreaction. - - - - - - Fix possible duplicate scans of UNION ALL member relations - (Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, - and provide additional detail in the resulting error messages - (Tom Lane) - - - - This should improve the system's robustness with corrupted indexes. - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Fix possible failure when hashing a pass-by-reference function result - (Tao Ma, Tom Lane) - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Add hstore(text, text) - function to contrib/hstore (Robert Haas) - - - - This function is the recommended substitute for the now-deprecated - => operator. It was back-patched so that future-proofed - code can be used with older server versions. Note that the patch will - be effective only after contrib/hstore is installed or - reinstalled in a particular database. Users might prefer to execute - the CREATE FUNCTION command by hand, instead. - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - Make Windows' N. Central Asia Standard Time timezone map to - Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander) - - - - Microsoft changed the DST behavior of this zone in the timezone update - from KB976098. Asia/Novosibirsk is a better match to its new behavior. - - - - - - - - - - Release 8.2.17 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.2.16. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.17 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Fix possible crash if a cache reset message is received during - rebuild of a relcache entry (Heikki) - - - - This error was introduced in 8.2.16 while fixing a related failure. - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Update pl/perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in pl/python (Andreas Freund, Tom) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Fix psql's \copy to not add spaces around - a dot within \copy (select ...) (Tom) - - - - Addition of spaces around the decimal point in a numeric literal would - result in a syntax error. - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including OS X. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Avoid possible crashes in syslogger process on Windows (Heikki) - - - - - - Deal more robustly with incomplete time zone information in the - Windows registry (Magnus) - - - - - - Update the set of known Windows time zone names (Magnus) - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - Also, add PKST (Pakistan Summer Time) to the default set of - timezone abbreviations. - - - - - - - - - - Release 8.2.16 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.2.15. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.16 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible deadlock during backend startup (Tom) - - - - - - Fix possible crashes due to not handling errors during relcache reload - cleanly (Tom) - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST - index page split (Yoichi Hirai) - - - - This would result in index corruption, or even more likely an error - during WAL replay, if we were unlucky enough to crash during - end-of-recovery cleanup after having completed an incomplete GIST - insertion. - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - Fix some more cases of temporary-file leakage (Heikki) - - - - This corrects a problem introduced in the previous minor release. - One case that failed is when a plpgsql function returning set is - called within another function's exception handler. - - - - - - Improve constraint exclusion processing of boolean-variable cases, - in particular make it possible to exclude a partition that has a - bool_column = false constraint (Tom) - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix possible infinite loop if SSL_read or - SSL_write fails without setting errno (Tom) - - - - This is reportedly possible with some Windows versions of - openssl. - - - - - - Fix psql's numericlocale option to not - format strings it shouldn't in latex and troff output formats (Heikki) - - - - - - Make psql return the correct exit status (3) when - ON_ERROR_STOP and --single-transaction are - both specified and an error occurs during the implied COMMIT - (Bruce) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Fix possible failure when calling PL/Perl functions from PL/PerlU - or vice versa (Tim Bunce) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Make building of contrib/xml2 more robust on Windows - (Andrew) - - - - - - Fix race condition in Windows signal handling (Radu Ilie) - - - - One known symptom of this bug is that rows in pg_listener - could be dropped under heavy load. - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.2.15 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.2.14. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.15 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.14, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Ensure that shared tuple-level locks held by prepared transactions are - not ignored (Heikki) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix incorrect logic for GiST index page splits, when the split depends - on a non-first column of the index (Paul Ramsey) - - - - - - Don't error out if recycling or removing an old WAL file fails at the - end of checkpoint (Heikki) - - - - It's better to treat the problem as non-fatal and allow the checkpoint - to complete. Future checkpoints will retry the removal. Such problems - are not expected in normal operation, but have been seen to be - caused by misdesigned Windows anti-virus and backup software. - - - - - - Ensure WAL files aren't repeatedly archived on Windows (Heikki) - - - - This is another symptom that could happen if some other process - interfered with deletion of a no-longer-needed file. - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Fix processing of ownership dependencies during CREATE OR - REPLACE FUNCTION (Tom) - - - - - - Fix bug with calling plperl from plperlu or vice - versa (Tom) - - - - An error exit from the inner function could result in crashes due to - failure to re-select the correct Perl interpreter for the outer function. - - - - - - Fix session-lifespan memory leak when a PL/Perl function is redefined - (Tom) - - - - - - Ensure that Perl arrays are properly converted to - PostgreSQL arrays when returned by a set-returning - PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) - - - - This worked correctly already for non-set-returning functions. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update the timezone abbreviation files to match current reality (Joachim - Wieland) - - - - This includes adding IDT and SGT to the default - timezone abbreviation set. - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.2.14 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.2.13. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.14 - - - A dump/restore is not required for those running 8.2.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 8.2.14. - Also, if you are upgrading from a version earlier than 8.2.11, - see . - - - - - - Changes - - - - - - Force WAL segment switch during pg_start_backup() - (Heikki) - - - - This avoids corner cases that could render a base backup unusable. - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Make LOAD of an already-loaded loadable module - into a no-op (Tom) - - - - Formerly, LOAD would attempt to unload and re-load the - module, but this is unsafe and not all that useful. - - - - - - Disallow empty passwords during LDAP authentication (Magnus) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix bugs associated with fetching a whole-row value from the - output of a Sort or Materialize plan node (Tom) - - - - - - Revert planner change that disabled partial-index and constraint - exclusion optimizations when there were more than 100 clauses in - an AND or OR list (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Avoid performance degradation in bulk inserts into GIN indexes - when the input values are (nearly) in sorted order (Tom) - - - - - - Correctly enforce NOT NULL domain constraints in some contexts in - PL/pgSQL (Tom) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Make contrib/hstore throw an error when a key or - value is too long to fit in its data structure, rather than - silently truncating it (Andrew Gierth) - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, - Argentina/San_Luis, Cuba, Jordan (historical correction only), - Mauritius, Morocco, Palestine, Syria, Tunisia. - - - - - - - - - - Release 8.2.13 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 8.2.12. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.13 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.11, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Fix possible failure in contrib/tsearch2 when C locale is - used with a multi-byte encoding (Teodor) - - - - Crashes were possible on platforms where wchar_t is narrower - than int; Windows in particular. - - - - - - Fix extreme inefficiency in contrib/tsearch2 parser's - handling of an email-like string containing multiple @ - characters (Heikki) - - - - - - Fix decompilation of CASE WHEN with an implicit coercion - (Tom) - - - - This mistake could lead to Assert failures in an Assert-enabled build, - or an unexpected CASE WHEN clause error message in other - cases, when trying to examine or dump a view. - - - - - - Fix possible misassignment of the owner of a TOAST table's rowtype (Tom) - - - - If CLUSTER or a rewriting variant of ALTER TABLE - were executed by someone other than the table owner, the - pg_type entry for the table's TOAST table would end up - marked as owned by that someone. This caused no immediate problems, - since the permissions on the TOAST rowtype aren't examined by any - ordinary database operation. However, it could lead to unexpected - failures if one later tried to drop the role that issued the command - (in 8.1 or 8.2), or owner of data type appears to be invalid - warnings from pg_dump after having done so (in 8.3). - - - - - - Fix PL/pgSQL to not treat INTO after INSERT as - an INTO-variables clause anywhere in the string, not only at the start; - in particular, don't fail for INSERT INTO within - CREATE RULE (Tom) - - - - - - Clean up PL/pgSQL error status variables fully at block exit - (Ashesh Vashi and Dave Page) - - - - This is not a problem for PL/pgSQL itself, but the omission could cause - the PL/pgSQL Debugger to crash while examining the state of a function. - - - - - - Retry failed calls to CallNamedPipe() on Windows - (Steve Marshall, Magnus) - - - - It appears that this function can sometimes fail transiently; - we previously treated any failure as a hard error, which could - confuse LISTEN/NOTIFY as well as other - operations. - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 8.2.12 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 8.2.11. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.12 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.11, - see . - - - - - - Changes - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Fix possible Assert failure if a statement executed in PL/pgSQL is - rewritten into another kind of statement, for example if an - INSERT is rewritten into an UPDATE (Heikki) - - - - - - Ensure that a snapshot is available to datatype input functions (Tom) - - - - This primarily affects domains that are declared with CHECK - constraints involving user-defined stable or immutable functions. Such - functions typically fail if no snapshot has been set. - - - - - - Make it safer for SPI-using functions to be used within datatype I/O; - in particular, to be used in domain check constraints (Tom) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Fix a problem that made UPDATE RETURNING tableoid - return zero instead of the correct OID (Tom) - - - - - - Fix planner misestimation of selectivity when transitive equality - is applied to an outer-join clause (Tom) - - - - This could result in bad plans for queries like - ... from a left join b on a.a1 = b.b1 where a.a1 = 42 ... - - - - - - Improve optimizer's handling of long IN lists (Tom) - - - - This change avoids wasting large amounts of time on such lists - when constraint exclusion is enabled. - - - - - - Ensure that the contents of a holdable cursor don't depend on the - contents of TOAST tables (Tom) - - - - Previously, large field values in a cursor result might be represented - as TOAST pointers, which would fail if the referenced table got dropped - before the cursor is read, or if the large value is deleted and then - vacuumed away. This cannot happen with an ordinary cursor, - but it could with a cursor that is held past its creating transaction. - - - - - - Fix memory leak when a set-returning function is terminated without - reading its whole result (Tom) - - - - - - Fix contrib/dblink's - dblink_get_result(text,bool) function (Joe) - - - - - - Fix possible garbage output from contrib/sslinfo functions - (Tom) - - - - - - Fix configure script to properly report failure when - unable to obtain linkage information for PL/Perl (Andrew) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - Update time zone data files to tzdata release 2009a (for - Kathmandu and historical DST corrections in Switzerland, Cuba) - - - - - - - - - - Release 8.2.11 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 8.2.10. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.11 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.7, - see . Also, if you were running a previous - 8.2.X release, it is recommended to REINDEX all GiST - indexes after the upgrade. - - - - - - Changes - - - - - - Fix GiST index corruption due to marking the wrong index entry - dead after a deletion (Teodor) - - - - This would result in index searches failing to find rows they - should have found. Corrupted indexes can be fixed with - REINDEX. - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix possible crash when deeply nested functions are invoked from - a trigger (Tom) - - - - - - Improve optimization of expression IN - (expression-list) queries (Tom, per an idea from Robert - Haas) - - - - Cases in which there are query variables on the right-hand side had been - handled less efficiently in 8.2.x and 8.3.x than in prior versions. - The fix restores 8.1 behavior for such cases. - - - - - - Fix mis-expansion of rule queries when a sub-SELECT appears - in a function call in FROM, a multi-row VALUES - list, or a RETURNING list (Tom) - - - - The usual symptom of this problem is an unrecognized node type - error. - - - - - - Fix memory leak during rescan of a hashed aggregation plan (Neil) - - - - - - Ensure an error is reported when a newly-defined PL/pgSQL trigger - function is invoked as a normal function (Tom) - - - - - - Prevent possible collision of relfilenode numbers - when moving a table to another tablespace with ALTER SET - TABLESPACE (Heikki) - - - - The command tried to re-use the existing filename, instead of - picking one that is known unused in the destination directory. - - - - - - Fix incorrect tsearch2 headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Fix ecpg's parsing of CREATE ROLE (Michael) - - - - - - Fix recent breakage of pg_ctl restart (Tom) - - - - - - Ensure pg_control is opened in binary mode - (Itagaki Takahiro) - - - - pg_controldata and pg_resetxlog - did this incorrectly, and so could fail on Windows. - - - - - - Update time zone data files to tzdata release 2008i (for - DST law changes in Argentina, Brazil, Mauritius, Syria) - - - - - - - - - - Release 8.2.10 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 8.2.9. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.10 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.7, - see . - - - - - - Changes - - - - - - Fix bug in btree WAL recovery code (Heikki) - - - - Recovery failed if the WAL ended partway through a page split operation. - - - - - - Fix potential miscalculation of datfrozenxid (Alvaro) - - - - This error may explain some recent reports of failure to remove old - pg_clog data. - - - - - - Widen local lock counters from 32 to 64 bits (Tom) - - - - This responds to reports that the counters could overflow in - sufficiently long transactions, leading to unexpected lock is - already held errors. - - - - - - Fix possible duplicate output of tuples during a GiST index scan (Teodor) - - - - - - Fix missed permissions checks when a view contains a simple - UNION ALL construct (Heikki) - - - - Permissions for the referenced tables were checked properly, but not - permissions for the view itself. - - - - - - Add checks in executor startup to ensure that the tuples produced by an - INSERT or UPDATE will match the target table's - current rowtype (Tom) - - - - ALTER COLUMN TYPE, followed by re-use of a previously - cached plan, could produce this type of situation. The check protects - against data corruption and/or crashes that could ensue. - - - - - - Fix possible repeated drops during DROP OWNED (Tom) - - - - This would typically result in strange errors such as cache - lookup failed for relation NNN. - - - - - - Fix AT TIME ZONE to first try to interpret its timezone - argument as a timezone abbreviation, and only try it as a full timezone - name if that fails, rather than the other way around as formerly (Tom) - - - - The timestamp input functions have always resolved ambiguous zone names - in this order. Making AT TIME ZONE do so as well improves - consistency, and fixes a compatibility bug introduced in 8.1: - in ambiguous cases we now behave the same as 8.0 and before did, - since in the older versions AT TIME ZONE accepted - only abbreviations. - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Prevent integer overflows during units conversion when displaying a - configuration parameter that has units (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Allow spaces in the suffix part of an LDAP URL in - pg_hba.conf (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner bug with nested sub-select expressions (Tom) - - - - If the outer sub-select has no direct dependency on the parent query, - but the inner one does, the outer value might not get recalculated - for new parent query rows. - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Fix PL/pgSQL to not fail when a FOR loop's target variable - is a record containing composite-type fields (Tom) - - - - - - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful - about the encoding of data sent to or from Tcl (Tom) - - - - - - On Windows, work around a Microsoft bug by preventing - libpq from trying to send more than 64kB per system call - (Magnus) - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - Fix pg_ctl to properly preserve postmaster - command-line arguments across a restart (Bruce) - - - - - - Update time zone data files to tzdata release 2008f (for - DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, - Pakistan, Palestine, and Paraguay) - - - - - - - - - - Release 8.2.9 - - - Release date: - 2008-06-12 - - - - This release contains one serious and one minor bug fix over 8.2.8. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.9 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.7, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - Make ALTER AGGREGATE ... OWNER TO update - pg_shdepend (Tom) - - - - This oversight could lead to problems if the aggregate was later - involved in a DROP OWNED or REASSIGN OWNED - operation. - - - - - - - - - - Release 8.2.8 - - - Release date: - never released - - - - This release contains a variety of fixes from 8.2.7. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.8 - - - A dump/restore is not required for those running 8.2.X. - However, if you are upgrading from a version earlier than 8.2.7, - see . - - - - - - Changes - - - - - - Fix ERRORDATA_STACK_SIZE exceeded crash that - occurred on Windows when using UTF-8 database encoding and a different - client encoding (Tom) - - - - - - Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new - column is correctly checked to see if it's been initialized to all - non-nulls (Brendan Jurd) - - - - Previous versions neglected to check this requirement at all. - - - - - - Fix possible CREATE TABLE failure when inheriting the - same constraint from multiple parent relations that - inherited that constraint from a common ancestor (Tom) - - - - - - Fix pg_get_ruledef() to show the alias, if any, attached - to the target table of an UPDATE or DELETE - (Tom) - - - - - - Fix GIN bug that could result in a too many LWLocks - taken failure (Teodor) - - - - - - Avoid possible crash when decompressing corrupted data - (Zdenek Kotala) - - - - - - Repair two places where SIGTERM exit of a backend could leave corrupted - state in shared memory (Tom) - - - - Neither case is very important if SIGTERM is used to shut down the - whole database cluster together, but there was a problem if someone - tried to SIGTERM individual backends. - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix several datatype input functions, notably array_in(), - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Update time zone data files to tzdata release 2008c (for - DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, and - Argentina/San_Luis) - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix broken GiST comparison function for contrib/tsearch2's - tsquery type (Teodor) - - - - - - Fix possible crashes in contrib/cube functions (Tom) - - - - - - Fix core dump in contrib/xml2's - xpath_table() function when the input query returns a - NULL value (Tom) - - - - - - Fix contrib/xml2's makefile to not override - CFLAGS (Tom) - - - - - - Fix DatumGetBool macro to not fail with gcc - 4.3 (Tom) - - - - This problem affects old style (V0) C functions that - return boolean. The fix is already in 8.3, but the need to - back-patch it was not realized at the time. - - - - - - - - - - Release 8.2.7 - - - Release date: - 2008-03-17 - - - - This release contains a variety of fixes from 8.2.6. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.7 - - - A dump/restore is not required for those running 8.2.X. - However, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the Windows locale - issue described below. - - - - - - Changes - - - - - - Fix character string comparison for Windows locales that consider - different character combinations as equal (Tom) - - - - This fix applies only on Windows and only when using UTF-8 - database encoding. The same fix was made for all other cases - over two years ago, but Windows with UTF-8 uses a separate code - path that was not updated. If you are using a locale that - considers some non-identical strings as equal, you may need to - REINDEX to fix existing indexes on textual columns. - - - - - - Repair potential deadlock between concurrent VACUUM FULL - operations on different system catalogs (Tom) - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Disallow LISTEN and UNLISTEN within a - prepared transaction (Tom) - - - - This was formerly allowed but trying to do it had various unpleasant - consequences, notably that the originating backend could not exit - as long as an UNLISTEN remained uncommitted. - - - - - - Disallow dropping a temporary table within a - prepared transaction (Heikki) - - - - This was correctly disallowed by 8.1, but the check was inadvertently - broken in 8.2. - - - - - - Fix rare crash when an error occurs during a query using a hash index - (Heikki) - - - - - - Fix memory leaks in certain usages of set-returning functions (Neil) - - - - - - Fix input of datetime values for February 29 in years BC (Tom) - - - - The former coding was mistaken about which years were leap years. - - - - - - Fix unrecognized node type error in some variants of - ALTER OWNER (Tom) - - - - - - Ensure pg_stat_activity.waiting flag - is cleared when a lock wait is aborted (Tom) - - - - - - Fix handling of process permissions on Windows Vista (Dave, Magnus) - - - - In particular, this fix allows starting the server as the Administrator - user. - - - - - - Update time zone data files to tzdata release 2008a - (in particular, recent Chile changes); adjust timezone abbreviation - VET (Venezuela) to mean UTC-4:30, not UTC-4:00 (Tom) - - - - - - Fix pg_ctl to correctly extract the postmaster's port - number from command-line options (Itagaki Takahiro, Tom) - - - - Previously, pg_ctl start -w could try to contact the - postmaster on the wrong port, leading to bogus reports of startup - failure. - - - - - - Use - - - This is known to be necessary when building PostgreSQL - with gcc 4.3 or later. - - - - - - - Correctly enforce statement_timeout values longer - than INT_MAX microseconds (about 35 minutes) (Tom) - - - - This bug affects only builds with - - - - - Fix unexpected PARAM_SUBLINK ID planner error when - constant-folding simplifies a sub-select (Tom) - - - - - - Fix logical errors in constraint-exclusion handling of IS - NULL and NOT expressions (Tom) - - - - The planner would sometimes exclude partitions that should not - have been excluded because of the possibility of NULL results. - - - - - - Fix another cause of failed to build any N-way joins - planner errors (Tom) - - - - This could happen in cases where a clauseless join needed to be - forced before a join clause could be exploited. - - - - - - Fix incorrect constant propagation in outer-join planning (Tom) - - - - The planner could sometimes incorrectly conclude that a variable - could be constrained to be equal to a constant, leading - to wrong query results. - - - - - - Fix display of constant expressions in ORDER BY - and GROUP BY (Tom) - - - - An explicitly casted constant would be shown incorrectly. This could - for example lead to corruption of a view definition during - dump and reload. - - - - - - Fix libpq to handle NOTICE messages correctly - during COPY OUT (Tom) - - - - This failure has only been observed to occur when a user-defined - datatype's output routine issues a NOTICE, but there is no - guarantee it couldn't happen due to other causes. - - - - - - - - - - Release 8.2.6 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 8.2.5, - including fixes for significant security issues. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.6 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Repair assorted bugs in the regular-expression package (Tom, Will Drewry) - - - - Suitably crafted regular-expression patterns could cause crashes, - infinite or near-infinite looping, and/or massive memory consumption, - all of which pose denial-of-service hazards for applications that - accept regex search patterns from untrustworthy sources. - (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 8.2.5 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Fix bugs in WAL replay for GIN indexes (Teodor) - - - - - - Fix GIN index build to work properly when - maintenance_work_mem is 4GB or more (Tom) - - - - - - Update time zone data files to tzdata release 2007k - (in particular, recent Argentina changes) (Tom) - - - - - - Improve planner's handling of LIKE/regex estimation in non-C locales - (Tom) - - - - - - Fix planning-speed problem for deep outer-join nests, as well as - possible poor choice of join order (Tom) - - - - - - Fix planner failure in some cases of WHERE false AND var IN - (SELECT ...) (Tom) - - - - - - Make CREATE TABLE ... SERIAL and - ALTER SEQUENCE ... OWNED BY not change the - currval() state of the sequence (Tom) - - - - - - Preserve the tablespace and storage parameters of indexes that are - rebuilt by ALTER TABLE ... ALTER COLUMN TYPE (Tom) - - - - - - Make archive recovery always start a new WAL timeline, rather than only - when a recovery stop time was used (Simon) - - - - This avoids a corner-case risk of trying to overwrite an existing - archived copy of the last WAL segment, and seems simpler and cleaner - than the original definition. - - - - - - Make VACUUM not use all of maintenance_work_mem - when the table is too small for it to be useful (Alvaro) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Make corr() return the correct result for negative - correlation values (Neil) - - - - - - Fix overflow in extract(epoch from interval) for intervals - exceeding 68 years (Tom) - - - - - - Fix PL/Perl to not fail when a UTF-8 regular expression is used - in a trusted function (Andrew) - - - - - - Fix PL/Perl to cope when platform's Perl defines type bool - as int rather than char (Tom) - - - - While this could theoretically happen anywhere, no standard build of - Perl did things this way ... until Mac OS X 10.5. - - - - - - Fix PL/Python to work correctly with Python 2.5 on 64-bit machines - (Marko Kreen) - - - - - - Fix PL/Python to not crash on long exception messages (Alvaro) - - - - - - Fix pg_dump to correctly handle inheritance child tables - that have default expressions different from their parent's (Tom) - - - - - - Fix libpq crash when PGPASSFILE refers - to a file that is not a plain file (Martin Pitt) - - - - - - ecpg parser fixes (Michael) - - - - - - Make contrib/pgcrypto defend against - OpenSSL libraries that fail on keys longer than 128 - bits; which is the case at least on some Solaris versions (Marko Kreen) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Fix tsvector and tsquery output routines to - escape backslashes correctly (Teodor, Bruce) - - - - - - Fix crash of to_tsvector() on huge input strings (Teodor) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - Update gettimeofday configuration check so that - PostgreSQL can be built on newer versions of - MinGW (Magnus) - - - - - - - - - - Release 8.2.5 - - - Release date: - 2007-09-17 - - - - This release contains a variety of fixes from 8.2.4. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.5 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Fix ALTER DOMAIN ADD CONSTRAINT for cases involving - domains over domains (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Fix some planner problems with outer joins, notably poor - size estimation for t1 LEFT JOIN t2 WHERE t2.col IS NULL - (Tom) - - - - - - Allow the interval data type to accept input consisting only of - milliseconds or microseconds (Neil) - - - - - - Allow timezone name to appear before the year in timestamp input (Tom) - - - - - - Fixes for GIN indexes used by /contrib/tsearch2 (Teodor) - - - - - - Speed up rtree index insertion (Teodor) - - - - - - Fix excessive logging of SSL error messages (Tom) - - - - - - Fix logging so that log messages are never interleaved when using - the syslogger process (Andrew) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Fix incorrect handling of some foreign-key corner cases (Tom) - - - - - - Fix stddev_pop(numeric) and var_pop(numeric) (Tom) - - - - - - Prevent REINDEX and CLUSTER from failing - due to attempting to process temporary tables of other sessions (Alvaro) - - - - - - Update the time zone database rules, particularly New Zealand's upcoming changes (Tom) - - - - - - Windows socket and semaphore improvements (Magnus) - - - - - - Make pg_ctl -w work properly in Windows service mode (Dave Page) - - - - - - Fix memory allocation bug when using MIT Kerberos on Windows (Magnus) - - - - - - Suppress timezone name (%Z) in log timestamps on Windows - because of possible encoding mismatches (Tom) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - Restrict /contrib/pgstattuple functions to superusers, for security reasons (Tom) - - - - - - Do not let /contrib/intarray try to make its GIN opclass - the default (this caused problems at dump/restore) (Tom) - - - - - - - - - - Release 8.2.4 - - - Release date: - 2007-04-23 - - - - This release contains a variety of fixes from 8.2.3, - including a security fix. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.4 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - Fix shared_preload_libraries for Windows - by forcing reload in each backend (Korry Douglas) - - - - - - Fix to_char() so it properly upper/lower cases localized day or month - names (Pavel Stehule) - - - - - - /contrib/tsearch2 crash fixes (Teodor) - - - - - - Require COMMIT PREPARED to be executed in the same - database as the transaction was prepared in (Heikki) - - - - - - Allow pg_dump to do binary backups larger than two gigabytes - on Windows (Magnus) - - - - - - New traditional (Taiwan) Chinese FAQ (Zhou Daojing) - - - - - - Prevent the statistics collector from writing to disk too frequently (Tom) - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - Fix bug in domains that use array types (Tom) - - - - - - Fix pg_dump so it can dump a serial column's sequence - using - - - - - Planner fixes, including improving outer join and bitmap scan - selection logic (Tom) - - - - - - Fix possible wrong answers or crash when a PL/pgSQL function tries - to RETURN from within an EXCEPTION block - (Tom) - - - - - - Fix PANIC during enlargement of a hash index (Tom) - - - - - - Fix POSIX-style timezone specs to follow new USA DST rules (Tom) - - - - - - - - - - Release 8.2.3 - - - Release date: - 2007-02-07 - - - - This release contains two fixes from 8.2.2. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.3 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Remove overly-restrictive check for type length in constraints and - functional indexes(Tom) - - - - - - Fix optimization so MIN/MAX in subqueries can again use indexes (Tom) - - - - - - - - - - Release 8.2.2 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 8.2.1, including - a security fix. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.2 - - - A dump/restore is not required for those running 8.2.X. - - - - - - Changes - - - - - - Remove security vulnerabilities that allowed connected users - to read backend memory (Tom) - - - - The vulnerabilities involve suppressing the normal check that a SQL - function returns the data type it's declared to, and changing the - data type of a table column (CVE-2007-0555, CVE-2007-0556). These - errors can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix not-so-rare-anymore bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Fix Borland C compile scripts (L Bayuk) - - - - - - Properly handle to_char('CC') for years ending in - 00 (Tom) - - - - Year 2000 is in the twentieth century, not the twenty-first. - - - - - - /contrib/tsearch2 localization improvements (Tatsuo, Teodor) - - - - - - Fix incorrect permission check in - information_schema.key_column_usage view (Tom) - - - - The symptom is relation with OID nnnnn does not exist errors. - To get this fix without using initdb, use CREATE OR - REPLACE VIEW to install the corrected definition found in - share/information_schema.sql. Note you will need to do - this in each database. - - - - - - Improve VACUUM performance for databases with many tables (Tom) - - - - - - Fix for rare Assert() crash triggered by UNION (Tom) - - - - - - Fix potentially incorrect results from index searches using - ROW inequality conditions (Tom) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - Fix bogus permission denied failures occurring on Windows - due to attempts to fsync already-deleted files (Magnus, Tom) - - - - - - Fix bug that could cause the statistics collector - to hang on Windows (Magnus) - - - - This would in turn lead to autovacuum not working. - - - - - - Fix possible crashes when an already-in-use PL/pgSQL function is - updated (Tom) - - - - - - Improve PL/pgSQL handling of domain types (Sergiy Vyshnevetskiy, Tom) - - - - - - Fix possible errors in processing PL/pgSQL exception blocks (Tom) - - - - - - - - - - Release 8.2.1 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 8.2. - For information about new features in the 8.2 major release, see - . - - - - Migration to Version 8.2.1 - - - A dump/restore is not required for those running 8.2. - - - - - - Changes - - - - - - Fix crash with SELECT ... LIMIT ALL (also - LIMIT NULL) (Tom) - - - - - - Several /contrib/tsearch2 fixes (Teodor) - - - - - - On Windows, make log messages coming from the operating system use - ASCII encoding (Hiroshi Saito) - - - - This fixes a conversion problem when there is a mismatch between - the encoding of the operating system and database server. - - - - - - Fix Windows linking of pg_dump using - win32.mak - (Hiroshi Saito) - - - - - - Fix planner mistakes for outer join queries (Tom) - - - - - - Fix several problems in queries involving sub-SELECTs (Tom) - - - - - - Fix potential crash in SPI during subtransaction abort (Tom) - - - - This affects all PL functions since they all use SPI. - - - - - - Improve build speed of PDF documentation (Peter) - - - - - - Re-add JST (Japan) timezone abbreviation (Tom) - - - - - - Improve optimization decisions related to index scans (Tom) - - - - - - Have psql print multi-byte combining characters as - before, rather than output as \u (Tom) - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - Make pg_dumpall assume that databases have public - CONNECT privilege, when dumping from a pre-8.2 server (Tom) - - - - This preserves the previous behavior that anyone can connect to a - database if allowed by pg_hba.conf. - - - - - - - - - - Release 8.2 - - - Release date: - 2006-12-05 - - - - Overview - - - This release adds many functionality and performance improvements that - were requested by users, including: - - - - - - Query language enhancements including INSERT/UPDATE/DELETE - RETURNING, multirow VALUES lists, and - optional target-table alias in - UPDATE/DELETE - - - - - - Index creation without blocking concurrent - INSERT/UPDATE/DELETE - operations - - - - - - Many query optimization improvements, including support for - reordering outer joins - - - - - - Improved sorting performance with lower memory usage - - - - - - More efficient locking with better concurrency - - - - - - More efficient vacuuming - - - - - - Easier administration of warm standby servers - - - - - - New FILLFACTOR support for tables and indexes - - - - - - Monitoring, logging, and performance tuning additions - - - - - - More control over creating and dropping objects - - - - - - Table inheritance relationships can be defined - for and removed from pre-existing tables - - - - - - COPY TO can copy the output of an arbitrary - SELECT statement - - - - - - Array improvements, including nulls in arrays - - - - - - Aggregate-function improvements, including multiple-input - aggregates and SQL:2003 statistical functions - - - - - - Many contrib/ improvements - - - - - - - - - - - Migration to Version 8.2 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - - - - Set escape_string_warning - to on by default (Bruce) - - - - This issues a warning if backslash escapes are used in - non-escape (non-E'') - strings. - - - - - - Change the row - constructor syntax (ROW(...)) so that - list elements foo.* will be expanded to a list - of their member fields, rather than creating a nested - row type field as formerly (Tom) - - - - The new behavior is substantially more useful since it - allows, for example, triggers to check for data changes - with IF row(new.*) IS DISTINCT FROM row(old.*). - The old behavior is still available by omitting .*. - - - - - - Make row comparisons - follow SQL standard semantics and allow them - to be used in index scans (Tom) - - - - Previously, row = and <> comparisons followed the - standard but < <= > >= did not. A row comparison - can now be used as an index constraint for a multicolumn - index matching the row value. - - - - - - Make row IS NOT NULL - tests follow SQL standard semantics (Tom) - - - - The former behavior conformed to the standard for simple cases - with IS NULL, but IS NOT NULL would return - true if any row field was non-null, whereas the standard says it - should return true only when all fields are non-null. - - - - - - Make SET - CONSTRAINT affect only one constraint (Kris Jurka) - - - - In previous releases, SET CONSTRAINT modified - all constraints with a matching name. In this release, - the schema search path is used to modify only the first - matching constraint. A schema specification is also - supported. This more nearly conforms to the SQL standard. - - - - - - Remove RULE permission for tables, for security reasons - (Tom) - - - - As of this release, only a table's owner can create or modify - rules for the table. For backwards compatibility, - GRANT/REVOKE RULE is still accepted, - but it does nothing. - - - - - - Array comparison improvements (Tom) - - - - Now array dimensions are also compared. - - - - - - Change array concatenation - to match documented behavior (Tom) - - - - This changes the previous behavior where concatenation - would modify the array lower bound. - - - - - - Make command-line options of postmaster - and postgres - identical (Peter) - - - - This allows the postmaster to pass arguments to each backend - without using -o. Note that some options are now - only available as long-form options, because there were conflicting - single-letter options. - - - - - - Deprecate use of postmaster symbolic link (Peter) - - - - postmaster and postgres - commands now act identically, with the behavior determined - by command-line options. The postmaster symbolic link is - kept for compatibility, but is not really needed. - - - - - - Change log_duration - to output even if the query is not output (Tom) - - - - In prior releases, log_duration only printed if - the query appeared earlier in the log. - - - - - - Make to_char(time) - and to_char(interval) - treat HH and HH12 as 12-hour - intervals - - - - Most applications should use HH24 unless they - want a 12-hour display. - - - - - - Zero unmasked bits in conversion from INET to CIDR (Tom) - - - - This ensures that the converted value is actually valid for - CIDR. - - - - - - Remove australian_timezones configuration variable - (Joachim Wieland) - - - - This variable has been superseded by a more general facility - for configuring timezone abbreviations. - - - - - - Improve cost estimation for nested-loop index scans (Tom) - - - - This might eliminate the need to set unrealistically small - values of random_page_cost. - If you have been using a very small random_page_cost, - please recheck your test cases. - - - - - - Change behavior of pg_dump -n and - -t options. (Greg Sabino Mullane) - - - See the pg_dump manual page for details. - - - - - - Change libpq - PQdsplen() to return a useful value (Martijn - van Oosterhout) - - - - - - Declare libpq - PQgetssl() as returning void *, - rather than SSL * (Martijn van Oosterhout) - - - - This allows applications to use the function without including - the OpenSSL headers. - - - - - - C-language loadable modules must now include a - PG_MODULE_MAGIC - macro call for version compatibility checking - (Martijn van Oosterhout) - - - - - - For security's sake, modules used by a PL/PerlU function are no - longer available to PL/Perl functions (Andrew) - - - - This also implies that data can no longer be shared between a PL/Perl - function and a PL/PerlU function. - Some Perl installations have not been compiled with the correct flags - to allow multiple interpreters to exist within a single process. - In this situation PL/Perl and PL/PerlU cannot both be used in a - single backend. The solution is to get a Perl installation which - supports multiple interpreters. - - - - - - - In contrib/xml2/, rename xml_valid() to - xml_is_well_formed() (Tom) - - - - xml_valid() will remain for backward compatibility, - but its behavior will change to do schema checking in a future - release. - - - - - - Remove contrib/ora2pg/, now at - - - - - - Remove contrib modules that have been migrated to PgFoundry: - adddepend, dbase, dbmirror, - fulltextindex, mac, userlock - - - - - - Remove abandoned contrib modules: - mSQL-interface, tips - - - - - - Remove QNX and BEOS ports (Bruce) - - - - These ports no longer had active maintainers. - - - - - - - - Changes - - - Below you will find a detailed account of the - changes between PostgreSQL 8.2 and - the previous major release. - - - - Performance Improvements - - - - - Allow the planner to reorder outer - joins in some circumstances (Tom) - - - - In previous releases, outer joins would always be evaluated in - the order written in the query. This change allows the - query optimizer to consider reordering outer joins, in cases where - it can determine that the join order can be changed without - altering the meaning of the query. This can make a - considerable performance difference for queries involving - multiple outer joins or mixed inner and outer joins. - - - - - - Improve efficiency of IN - (list-of-expressions) clauses (Tom) - - - - - - Improve sorting speed and reduce memory usage (Simon, Tom) - - - - - - Improve subtransaction performance (Alvaro, Itagaki Takahiro, - Tom) - - - - - - Add FILLFACTOR to table and index creation (ITAGAKI - Takahiro) - - - - This leaves extra free space in each table or index page, - allowing improved performance as the database grows. This - is particularly valuable to maintain clustering. - - - - - - Increase default values for shared_buffers - and max_fsm_pages - (Andrew) - - - - - - Improve locking performance by breaking the lock manager tables into - sections - (Tom) - - - - This allows locking to be more fine-grained, reducing - contention. - - - - - - Reduce locking requirements of sequential scans (Qingqing - Zhou) - - - - - - Reduce locking required for database creation and destruction - (Tom) - - - - - - Improve the optimizer's selectivity estimates for LIKE, ILIKE, and - regular expression - operations (Tom) - - - - - - Improve planning of joins to inherited - tables and UNION - ALL views (Tom) - - - - - - Allow constraint - exclusion to be applied to inherited UPDATE and - DELETE queries (Tom) - - - - SELECT already honored constraint exclusion. - - - - - - Improve planning of constant WHERE clauses, such as - a condition that depends only on variables inherited from an - outer query level (Tom) - - - - - - Protocol-level unnamed prepared statements are re-planned - for each set of BIND values (Tom) - - - - This improves performance because the exact parameter values - can be used in the plan. - - - - - - Speed up vacuuming of B-Tree indexes (Heikki Linnakangas, - Tom) - - - - - - Avoid extra scan of tables without indexes during VACUUM (Greg Stark) - - - - - - Improve multicolumn GiST - indexing (Oleg, Teodor) - - - - - - Remove dead index entries before B-Tree page split (Junji - Teramoto) - - - - - - - - - Server Changes - - - - - Allow a forced switch to a new transaction log file (Simon, Tom) - - - - This is valuable for keeping warm standby slave servers - in sync with the master. Transaction log file switching now also happens - automatically during pg_stop_backup(). - This ensures that all - transaction log files needed for recovery can be archived immediately. - - - - - - Add WAL informational functions (Simon) - - - - Add functions for interrogating the current transaction log insertion - point and determining WAL filenames from the - hex WAL locations displayed by pg_stop_backup() - and related functions. - - - - - - Improve recovery from a crash during WAL replay (Simon) - - - - The server now does periodic checkpoints during WAL - recovery, so if there is a crash, future WAL - recovery is shortened. This also eliminates the need for - warm standby servers to replay the entire log since the - base backup if they crash. - - - - - - Improve reliability of long-term WAL replay - (Heikki, Simon, Tom) - - - - Formerly, trying to roll forward through more than 2 billion - transactions would not work due to XID wraparound. This meant - warm standby servers had to be reloaded - from fresh base backups periodically. - - - - - - Add archive_timeout - to force transaction log file switches at a given interval (Simon) - - - - This enforces a maximum replication delay for warm standby servers. - - - - - - Add native LDAP - authentication (Magnus Hagander) - - - - This is particularly useful for platforms that do not - support PAM, such as Windows. - - - - - - Add GRANT - CONNECT ON DATABASE (Gevik Babakhani) - - - - This gives SQL-level control over database access. It works as - an additional filter on top of the existing - pg_hba.conf - controls. - - - - - - Add support for SSL - Certificate Revocation List (CRL) files - (Libor Hohoš) - - - - The server and libpq both recognize CRL - files now. - - - - - - GiST indexes are - now clusterable (Teodor) - - - - - - Remove routine autovacuum server log entries (Bruce) - - - - pg_stat_activity - now shows autovacuum activity. - - - - - - Track maximum XID age within individual tables, instead of whole databases (Alvaro) - - - - This reduces the overhead involved in preventing transaction - ID wraparound, by avoiding unnecessary VACUUMs. - - - - - - Add last vacuum and analyze timestamp columns to the stats - collector (Larry Rosenman) - - - - These values now appear in the pg_stat_*_tables - system views. - - - - - - Improve performance of statistics monitoring, especially - stats_command_string - (Tom, Bruce) - - - - This release enables stats_command_string by - default, now that its overhead is minimal. This means - pg_stat_activity - will now show all active queries by default. - - - - - - Add a waiting column to pg_stat_activity - (Tom) - - - - This allows pg_stat_activity to show all the - information included in the ps display. - - - - - - Add configuration parameter update_process_title - to control whether the ps display is updated - for every command (Bruce) - - - - On platforms where it is expensive to update the ps - display, it might be worthwhile to turn this off and rely solely on - pg_stat_activity for status information. - - - - - - Allow units to be specified in configuration settings - (Peter) - - - - For example, you can now set shared_buffers - to 32MB rather than mentally converting sizes. - - - - - - Add support for include - directives in postgresql.conf (Joachim - Wieland) - - - - - - Improve logging of protocol-level prepare/bind/execute - messages (Bruce, Tom) - - - - Such logging now shows statement names, bind parameter - values, and the text of the query being executed. Also, - the query text is properly included in logged error messages - when enabled by log_min_error_statement. - - - - - - Prevent max_stack_depth - from being set to unsafe values - - - - On platforms where we can determine the actual kernel stack depth - limit (which is most), make sure that the initial default value of - max_stack_depth is safe, and reject attempts to set it - to unsafely large values. - - - - - - Enable highlighting of error location in query in more - cases (Tom) - - - - The server is now able to report a specific error location for - some semantic errors (such as unrecognized column name), rather - than just for basic syntax errors as before. - - - - - - Fix failed to re-find parent key errors in - VACUUM (Tom) - - - - - - Clean out pg_internal.init cache files during server - restart (Simon) - - - - This avoids a hazard that the cache files might contain stale - data after PITR recovery. - - - - - - Fix race condition for truncation of a large relation across a - gigabyte boundary by VACUUM (Tom) - - - - - - Fix bug causing needless deadlock errors on row-level locks (Tom) - - - - - - Fix bugs affecting multi-gigabyte hash indexes (Tom) - - - - - - Each backend process is now its own process group leader (Tom) - - - - This allows query cancel to abort subprocesses invoked from a - backend or archive/recovery process. - - - - - - - - - Query Changes - - - - - Add INSERT/UPDATE/DELETE - RETURNING (Jonah Harris, Tom) - - - - This allows these commands to return values, such as the - computed serial key for a new row. In the UPDATE - case, values from the updated version of the row are returned. - - - - - - Add support for multiple-row VALUES clauses, - per SQL standard (Joe, Tom) - - - - This allows INSERT to insert multiple rows of - constants, or queries to generate result sets using constants. - For example, INSERT ... VALUES (...), (...), - ...., and SELECT * FROM (VALUES (...), (...), - ....) AS alias(f1, ...). - - - - - - Allow UPDATE - and DELETE - to use an alias for the target table (Atsushi Ogawa) - - - - The SQL standard does not permit an alias in these commands, but - many database systems allow one anyway for notational convenience. - - - - - - Allow UPDATE - to set multiple columns with a list of values (Susanne - Ebrecht) - - - - This is basically a short-hand for assigning the columns - and values in pairs. The syntax is UPDATE tab - SET (column, ...) = (val, ...). - - - - - - Make row comparisons work per standard (Tom) - - - - The forms <, <=, >, >= now compare rows lexicographically, - that is, compare the first elements, if equal compare the second - elements, and so on. Formerly they expanded to an AND condition - across all the elements, which was neither standard nor very useful. - - - - - - Add CASCADE - option to TRUNCATE (Joachim Wieland) - - - - This causes TRUNCATE to automatically include all tables - that reference the specified table(s) via foreign keys. While - convenient, this is a dangerous tool — use with caution! - - - - - - Support FOR UPDATE and FOR SHARE - in the same SELECT - command (Tom) - - - - - - Add IS NOT - DISTINCT FROM (Pavel Stehule) - - - - This operator is similar to equality (=), but - evaluates to true when both left and right operands are - NULL, and to false when just one is, rather than - yielding NULL in these cases. - - - - - - Improve the length output used by UNION/INTERSECT/EXCEPT - (Tom) - - - - When all corresponding columns are of the same defined length, that - length is used for the result, rather than a generic length. - - - - - - Allow ILIKE - to work for multi-byte encodings (Tom) - - - - Internally, ILIKE now calls lower() - and then uses LIKE. Locale-specific regular - expression patterns still do not work in these encodings. - - - - - - Enable standard_conforming_strings - to be turned on (Kevin Grittner) - - - - This allows backslash escaping in strings to be disabled, - making PostgreSQL more - standards-compliant. The default is off for backwards - compatibility, but future releases will default this to on. - - - - - - Do not flatten subqueries that contain volatile - functions in their target lists (Jaime Casanova) - - - - This prevents surprising behavior due to multiple evaluation - of a volatile function (such as random() - or nextval()). It might cause performance - degradation in the presence of functions that are unnecessarily - marked as volatile. - - - - - - Add system views pg_prepared_statements - and pg_cursors - to show prepared statements and open cursors (Joachim Wieland, Neil) - - - - These are very useful in pooled connection setups. - - - - - - Support portal parameters in EXPLAIN and EXECUTE (Tom) - - - - This allows, for example, JDBC ? parameters to - work in these commands. - - - - - - If SQL-level PREPARE parameters - are unspecified, infer their types from the content of the - query (Neil) - - - - Protocol-level PREPARE already did this. - - - - - - Allow LIMIT and OFFSET to exceed - two billion (Dhanaraj M) - - - - - - - - - Object Manipulation Changes - - - - - Add TABLESPACE clause to CREATE TABLE AS - (Neil) - - - - This allows a tablespace to be specified for the new table. - - - - - - Add ON COMMIT clause to CREATE TABLE AS - (Neil) - - - - This allows temporary tables to be truncated or dropped on - transaction commit. The default behavior is for the table - to remain until the session ends. - - - - - - Add INCLUDING CONSTRAINTS to CREATE TABLE LIKE - (Greg Stark) - - - - This allows easy copying of CHECK constraints to a new - table. - - - - - - Allow the creation of placeholder (shell) types (Martijn van Oosterhout) - - - - A shell type declaration creates a type name, without specifying - any of the details of the type. Making a shell type is useful - because it allows cleaner declaration of the type's input/output - functions, which must exist before the type can be defined for - real. The syntax is CREATE TYPE typename. - - - - - - Aggregate functions - now support multiple input parameters (Sergey Koposov, Tom) - - - - - - Add new aggregate creation syntax (Tom) - - - - The new syntax is CREATE AGGREGATE - aggname (input_type) - (parameter_list). This more - naturally supports the new multi-parameter aggregate - functionality. The previous syntax is still supported. - - - - - - Add ALTER ROLE PASSWORD NULL - to remove a previously set role password (Peter) - - - - - - Add DROP object IF EXISTS for many - object types (Andrew) - - - - This allows DROP operations on non-existent - objects without generating an error. - - - - - - Add DROP OWNED - to drop all objects owned by a role (Alvaro) - - - - - - Add REASSIGN - OWNED to reassign ownership of all objects owned - by a role (Alvaro) - - - - This, and DROP OWNED above, facilitate dropping - roles. - - - - - - Add GRANT ON SEQUENCE - syntax (Bruce) - - - - This was added for setting sequence-specific permissions. - GRANT ON TABLE for sequences is still supported - for backward compatibility. - - - - - - Add USAGE - permission for sequences that allows only currval() - and nextval(), not setval() - (Bruce) - - - - USAGE permission allows more fine-grained - control over sequence access. Granting USAGE - allows users to increment - a sequence, but prevents them from setting the sequence to - an arbitrary value using setval(). - - - - - - Add ALTER TABLE - [ NO ] INHERIT (Greg Stark) - - - - This allows inheritance to be adjusted dynamically, rather than - just at table creation and destruction. This is very valuable - when using inheritance to implement table partitioning. - - - - - - Allow comments on global - objects to be stored globally (Kris Jurka) - - - - Previously, comments attached to databases were stored in individual - databases, making them ineffective, and there was no provision - at all for comments on roles or tablespaces. This change adds a new - shared catalog pg_shdescription - and stores comments on databases, roles, and tablespaces therein. - - - - - - - - - Utility Command Changes - - - - - Add option to allow indexes to be created without blocking - concurrent writes to the table (Greg Stark, Tom) - - - - The new syntax is CREATE - INDEX CONCURRENTLY. The default behavior is - still to block table modification while an index is being - created. - - - - - - Provide advisory - locking functionality (Abhijit Menon-Sen, Tom) - - - - This is a new locking API designed to replace what used to be - in /contrib/userlock. The userlock code is now on pgfoundry. - - - - - - Allow COPY to - dump a SELECT query (Zoltan Boszormenyi, Karel - Zak) - - - - This allows COPY to dump arbitrary SQL - queries. The syntax is COPY (SELECT ...) TO. - - - - - - Make the COPY - command return a command tag that includes the number of - rows copied (Volkan YAZICI) - - - - - - Allow VACUUM - to expire rows without being affected by other concurrent - VACUUM operations (Hannu Krossing, Alvaro, Tom) - - - - - - Make initdb - detect the operating system locale and set the default - DateStyle accordingly (Peter) - - - - This makes it more likely that the installed - postgresql.conf DateStyle value will - be as desired. - - - - - - Reduce number of progress messages displayed by initdb (Tom) - - - - - - - - - Date/Time Changes - - - - - Allow full timezone names in timestamp input values - (Joachim Wieland) - - - - For example, '2006-05-24 21:11 - America/New_York'::timestamptz. - - - - - - Support configurable timezone abbreviations (Joachim Wieland) - - - - A desired set of timezone abbreviations can be chosen via the - configuration parameter timezone_abbreviations. - - - - - - Add pg_timezone_abbrevs - and pg_timezone_names - views to show supported timezones (Magnus Hagander) - - - - - - Add clock_timestamp(), - statement_timestamp(), - and transaction_timestamp() - (Bruce) - - - - clock_timestamp() is the current wall-clock time, - statement_timestamp() is the time the current - statement arrived at the server, and - transaction_timestamp() is an alias for - now(). - - - - - - Allow to_char() - to print localized month and day names (Euler Taveira de - Oliveira) - - - - - - Allow to_char(time) - and to_char(interval) - to output AM/PM specifications - (Bruce) - - - - Intervals and times are treated as 24-hour periods, e.g. - 25 hours is considered AM. - - - - - - Add new function justify_interval() - to adjust interval units (Mark Dilger) - - - - - - Allow timezone offsets up to 14:59 away from GMT - - - - Kiribati uses GMT+14, so we'd better accept that. - - - - - - Interval computation improvements (Michael Glaesemann, Bruce) - - - - - - - - - Other Data Type and Function Changes - - - - - Allow arrays to contain NULL elements (Tom) - - - - - - Allow assignment to array elements not contiguous with the existing - entries (Tom) - - - - The intervening array positions will be filled with nulls. - This is per SQL standard. - - - - - - New built-in operators - for array-subset comparisons (@>, - <@, &&) (Teodor, Tom) - - - - These operators can be indexed for many data types using - GiST or GIN indexes. - - - - - - Add convenient arithmetic operations on - INET/CIDR values (Stephen R. van den - Berg) - - - - The new operators are & (and), | - (or), ~ (not), inet + int8, - inet - int8, and - inet - inet. - - - - - - Add new aggregate functions - from SQL:2003 (Neil) - - - - The new functions are var_pop(), - var_samp(), stddev_pop(), and - stddev_samp(). var_samp() and - stddev_samp() are merely renamings of the - existing aggregates variance() and - stddev(). The latter names remain available - for backward compatibility. - - - - - - Add SQL:2003 statistical aggregates - (Sergey Koposov) - - - - New functions: regr_intercept(), - regr_slope(), regr_r2(), - corr(), covar_samp(), - covar_pop(), regr_avgx(), - regr_avgy(), regr_sxy(), - regr_sxx(), regr_syy(), - regr_count(). - - - - - - Allow domains to be - based on other domains (Tom) - - - - - - Properly enforce domain CHECK constraints - everywhere (Neil, Tom) - - - - For example, the result of a user-defined function that is - declared to return a domain type is now checked against the - domain's constraints. This closes a significant hole in the domain - implementation. - - - - - - Fix problems with dumping renamed SERIAL columns - (Tom) - - - - The fix is to dump a SERIAL column by explicitly - specifying its DEFAULT and sequence elements, - and reconstructing the SERIAL column on reload - using a new ALTER - SEQUENCE OWNED BY command. This also allows - dropping a SERIAL column specification. - - - - - - Add a server-side sleep function pg_sleep() - (Joachim Wieland) - - - - - - Add all comparison operators for the tid (tuple id) data - type (Mark Kirkwood, Greg Stark, Tom) - - - - - - - - - PL/pgSQL Server-Side Language Changes - - - - - Add TG_table_name and TG_table_schema to - trigger parameters (Andrew) - - - - TG_relname is now deprecated. Comparable - changes have been made in the trigger parameters for the other - PLs as well. - - - - - - Allow FOR statements to return values to scalars - as well as records and row types (Pavel Stehule) - - - - - - Add a BY clause to the FOR loop, - to control the iteration increment (Jaime Casanova) - - - - - - Add STRICT to SELECT - INTO (Matt Miller) - - - - STRICT mode throws an exception if more or less - than one row is returned by the SELECT, for - Oracle PL/SQL compatibility. - - - - - - - - - PL/Perl Server-Side Language Changes - - - - - Add table_name and table_schema to - trigger parameters (Adam Sjøgren) - - - - - - Add prepared queries (Dmitry Karasik) - - - - - - Make $_TD trigger data a global variable (Andrew) - - - - Previously, it was lexical, which caused unexpected sharing - violations. - - - - - - Run PL/Perl and PL/PerlU in separate interpreters, for security - reasons (Andrew) - - - In consequence, they can no longer share data nor loaded modules. - Also, if Perl has not been compiled with the requisite flags to - allow multiple interpreters, only one of these languages can be used - in any given backend process. - - - - - - - - - PL/Python Server-Side Language Changes - - - - - Named parameters are passed as ordinary variables, as well as in the - args[] array (Sven Suursoho) - - - - - - Add table_name and table_schema to - trigger parameters (Andrew) - - - - - - Allow returning of composite types and result sets (Sven Suursoho) - - - - - - Return result-set as list, iterator, - or generator (Sven Suursoho) - - - - - - Allow functions to return void (Neil) - - - - - - Python 2.5 is now supported (Tom) - - - - - - - - - <link linkend="APP-PSQL"><application>psql</></link> Changes - - - - - Add new command \password for changing role - password with client-side password encryption (Peter) - - - - - - Allow \c to connect to a new host and port - number (David, Volkan YAZICI) - - - - - - Add tablespace display to \l+ (Philip Yarra) - - - - - - Improve \df slash command to include the argument - names and modes (OUT or INOUT) of - the function (David Fetter) - - - - - - Support binary COPY (Andreas Pflug) - - - - - - Add option to run the entire session in a single transaction - (Simon) - - - - Use option -1 or --single-transaction. - - - - - - Support for automatically retrieving SELECT - results in batches using a cursor (Chris Mair) - - - - This is enabled using \set FETCH_COUNT - n. This - feature allows large result sets to be retrieved in - psql without attempting to buffer the entire - result set in memory. - - - - - - Make multi-line values align in the proper column - (Martijn van Oosterhout) - - - - Field values containing newlines are now displayed in a more - readable fashion. - - - - - - Save multi-line statements as a single entry, rather than - one line at a time (Sergey E. Koposov) - - - - This makes up-arrow recall of queries easier. (This is - not available on Windows, because that platform uses the native - command-line editing present in the operating system.) - - - - - - Make the line counter 64-bit so it can handle files with more - than two billion lines (David Fetter) - - - - - - Report both the returned data and the command status tag - for INSERT/UPDATE/DELETE - RETURNING (Tom) - - - - - - - - - <link linkend="APP-PGDUMP"><application>pg_dump</></link> Changes - - - - - Allow complex selection of objects to be included or excluded - by pg_dump (Greg Sabino Mullane) - - - - pg_dump now supports multiple -n - (schema) and -t (table) options, and adds - -N and -T options to exclude objects. - Also, the arguments of these switches can now be wild-card expressions - rather than single object names, for example - -t 'foo*', and a schema can be part of - a -t or -T switch, for example - -t schema1.table1. - - - - - - Add pg_restore - --no-data-for-failed-tables option to suppress - loading data if table creation failed (i.e., the table already - exists) (Martin Pitt) - - - - - - Add pg_restore - option to run the entire session in a single transaction - (Simon) - - - - Use option -1 or --single-transaction. - - - - - - - - - <link linkend="libpq"><application>libpq</></link> Changes - - - - - Add PQencryptPassword() - to encrypt passwords (Tom) - - - - This allows passwords to be sent pre-encrypted for commands - like ALTER ROLE ... - PASSWORD. - - - - - - Add function PQisthreadsafe() - (Bruce) - - - - This allows applications to query the thread-safety status - of the library. - - - - - - Add PQdescribePrepared(), - PQdescribePortal(), - and related functions to return information about previously - prepared statements and open cursors (Volkan YAZICI) - - - - - - Allow LDAP lookups - from pg_service.conf - (Laurenz Albe) - - - - - - Allow a hostname in ~/.pgpass - to match the default socket directory (Bruce) - - - - A blank hostname continues to match any Unix-socket connection, - but this addition allows entries that are specific to one of - several postmasters on the machine. - - - - - - - - - <link linkend="ecpg"><application>ecpg</></link> Changes - - - - - Allow SHOW to - put its result into a variable (Joachim Wieland) - - - - - - Add COPY TO STDOUT - (Joachim Wieland) - - - - - - Add regression tests (Joachim Wieland, Michael) - - - - - - Major source code cleanups (Joachim Wieland, Michael) - - - - - - - - - <application>Windows</> Port - - - - - Allow MSVC to compile the PostgreSQL - server (Magnus, Hiroshi Saito) - - - - - - Add MSVC support for utility commands and pg_dump (Hiroshi - Saito) - - - - - - Add support for Windows code pages 1253, - 1254, 1255, and 1257 - (Kris Jurka) - - - - - - Drop privileges on startup, so that the server can be started from - an administrative account (Magnus) - - - - - - Stability fixes (Qingqing Zhou, Magnus) - - - - - - Add native semaphore implementation (Qingqing Zhou) - - - - The previous code mimicked SysV semaphores. - - - - - - - - - Source Code Changes - - - - - Add GIN (Generalized - Inverted iNdex) index access method (Teodor, Oleg) - - - - - - Remove R-tree indexing (Tom) - - - - Rtree has been re-implemented using GiST. Among other - differences, this means that rtree indexes now have support - for crash recovery via write-ahead logging (WAL). - - - - - - Reduce libraries needlessly linked into the backend (Martijn - van Oosterhout, Tom) - - - - - - Add a configure flag to allow libedit to be preferred over - GNU readline (Bruce) - - - - Use configure --with-libedit-preferred. - - - - - - Allow installation into directories containing spaces - (Peter) - - - - - - Improve ability to relocate installation directories (Tom) - - - - - - Add support for Solaris x86_64 using the - Solaris compiler (Pierre Girard, Theo - Schlossnagle, Bruce) - - - - - - Add DTrace support (Robert Lor) - - - - - - Add PG_VERSION_NUM for use by third-party - applications wanting to test the backend version in C using > - and < comparisons (Bruce) - - - - - - Add XLOG_BLCKSZ as independent from BLCKSZ - (Mark Wong) - - - - - - Add LWLOCK_STATS define to report locking - activity (Tom) - - - - - - Emit warnings for unknown configure options - (Martijn van Oosterhout) - - - - - - Add server support for plugin libraries - that can be used for add-on tasks such as debugging and performance - measurement (Korry Douglas) - - - - This consists of two features: a table of rendezvous - variables that allows separately-loaded shared libraries to - communicate, and a new configuration parameter local_preload_libraries - that allows libraries to be loaded into specific sessions without - explicit cooperation from the client application. This allows - external add-ons to implement features such as a PL/pgSQL debugger. - - - - - - Rename existing configuration parameter - preload_libraries to shared_preload_libraries - (Tom) - - - - This was done for clarity in comparison to - local_preload_libraries. - - - - - - Add new configuration parameter server_version_num - (Greg Sabino Mullane) - - - - This is like server_version, but is an - integer, e.g. 80200. This allows applications to - make version checks more easily. - - - - - - Add a configuration parameter seq_page_cost - (Tom) - - - - - - Re-implement the regression test script as a C program - (Magnus, Tom) - - - - - - Allow loadable modules to allocate shared memory and - lightweight locks (Marc Munro) - - - - - - Add automatic initialization and finalization of dynamically - loaded libraries (Ralf Engelschall, Tom) - - - - New functions - _PG_init() and _PG_fini() are - called if the library defines such symbols. Hence we no - longer need to specify an initialization function in - shared_preload_libraries; we can assume that - the library used the _PG_init() convention - instead. - - - - - - Add PG_MODULE_MAGIC - header block to all shared object files (Martijn van - Oosterhout) - - - - The magic block prevents version mismatches between loadable object - files and servers. - - - - - - Add shared library support for AIX (Laurenz Albe) - - - - - - New XML - documentation section (Bruce) - - - - - - - - - Contrib Changes - - - - - Major tsearch2 improvements (Oleg, Teodor) - - - - - - - multibyte encoding support, including UTF8 - - - - - query rewriting support - - - - - improved ranking functions - - - - - thesaurus dictionary support - - - - - Ispell dictionaries now recognize MySpell - format, used by OpenOffice - - - - - GIN support - - - - - - - - - - Add adminpack module containing Pgadmin administration - functions (Dave) - - - - These functions provide additional file system access - routines not present in the default PostgreSQL - server. - - - - - - Add sslinfo module (Victor Wagner) - - - - Reports information about the current connection's SSL - certificate. - - - - - - Add pgrowlocks module (Tatsuo) - - - - This shows row locking information for a specified table. - - - - - - Add hstore module (Oleg, Teodor) - - - - - - Add isn module, replacing isbn_issn (Jeremy Kronuz) - - - - This new implementation supports EAN13, UPC, - ISBN (books), ISMN (music), and - ISSN (serials). - - - - - - Add index information functions to pgstattuple (ITAGAKI Takahiro, - Satoshi Nagayasu) - - - - - - Add pg_freespacemap module to display free space map information - (Mark Kirkwood) - - - - - - pgcrypto now has all planned functionality (Marko Kreen) - - - - - Include iMath library in pgcrypto to have the public-key encryption - functions always available. - - - - - Add SHA224 algorithm that was missing in OpenBSD code. - - - - - Activate builtin code for SHA224/256/384/512 hashes on older - OpenSSL to have those algorithms always available. - - - - - New function gen_random_bytes() that returns cryptographically strong - randomness. Useful for generating encryption keys. - - - - - Remove digest_exists(), hmac_exists() and cipher_exists() functions. - - - - - - - - Improvements to cube module (Joshua Reich) - - - - New functions are cube(float[]), - cube(float[], float[]), and - cube_subset(cube, int4[]). - - - - - - Add async query capability to dblink (Kai Londenberg, - Joe Conway) - - - - - - New operators for array-subset comparisons (@>, - <@, &&) (Tom) - - - - Various contrib packages already had these operators for their - datatypes, but the naming wasn't consistent. We have now added - consistently named array-subset comparison operators to the core code - and all the contrib packages that have such functionality. - (The old names remain available, but are deprecated.) - - - - - - Add uninstall scripts for all contrib packages that have install - scripts (David, Josh Drake) - - - - - - - - - diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml deleted file mode 100644 index 693d725557..0000000000 --- a/doc/src/sgml/release-8.3.sgml +++ /dev/null @@ -1,8549 +0,0 @@ - - - - - Release 8.3.23 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 8.3.22. - For information about new features in the 8.3 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.3.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.3.23 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 8.3.22 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 8.3.21. - For information about new features in the 8.3 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.3.X release series in February 2013. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.3.22 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE INDEX - CONCURRENTLY (Andres Freund, Tom Lane) - - - - Fix CREATE INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to the precheck logic for a foreign-key enforcement - trigger. That could result in a crash, or in an incorrect decision - about whether to fire the trigger. - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - Fix race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 8.3.21 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 8.3.20. - For information about new features in the 8.3 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.3.X release series in February 2013. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.3.21 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Improve page-splitting decisions in GiST indexes (Alexander Korotkov, - Robert Haas, Tom Lane) - - - - Multi-column GiST indexes might suffer unexpected bloat due to this - error. - - - - - - Fix cascading privilege revoke to stop if privileges are still held - (Tom Lane) - - - - If we revoke a grant option from some role X, but - X still holds that option via a grant from someone - else, we should not recursively revoke the corresponding privilege - from role(s) Y that X had granted it - to. - - - - - - Fix handling of SIGFPE when PL/Perl is in use (Andres Freund) - - - - Perl resets the process's SIGFPE handler to - SIG_IGN, which could result in crashes later on. Restore - the normal Postgres signal handler after initializing PL/Perl. - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 8.3.20 - - - Release date: - 2012-08-17 - - - - This release contains a variety of fixes from 8.3.19. - For information about new features in the 8.3 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.3.X release series in February 2013. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.3.20 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Prevent access to external files/URLs via XML entity references - (Noah Misch, Tom Lane) - - - - xml_parse() would attempt to fetch external files or - URLs as needed to resolve DTD and entity references in an XML value, - thus allowing unprivileged database users to attempt to fetch data - with the privileges of the database server. While the external data - wouldn't get returned directly to the user, portions of it could be - exposed in error messages if the data didn't parse as valid XML; and - in any case the mere ability to check existence of a file might be - useful to an attacker. (CVE-2012-3489) - - - - - - Prevent access to external files/URLs via contrib/xml2's - xslt_process() (Peter Eisentraut) - - - - libxslt offers the ability to read and write both - files and URLs through stylesheet commands, thus allowing - unprivileged database users to both read and write data with the - privileges of the database server. Disable that through proper use - of libxslt's security options. (CVE-2012-3488) - - - - Also, remove xslt_process()'s ability to fetch documents - and stylesheets from external files/URLs. While this was a - documented feature, it was long regarded as a bad idea. - The fix for CVE-2012-3489 broke that capability, and rather than - expend effort on trying to fix it, we're just going to summarily - remove it. - - - - - - Prevent too-early recycling of btree index pages (Noah Misch) - - - - When we allowed read-only transactions to skip assigning XIDs, we - introduced the possibility that a deleted btree page could be - recycled while a read-only transaction was still in flight to it. - This would result in incorrect index search results. The probability - of such an error occurring in the field seems very low because of the - timing requirements, but nonetheless it should be fixed. - - - - - - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) - - - - If ALTER SEQUENCE was executed on a freshly created or - reset sequence, and then precisely one nextval() call - was made on it, and then the server crashed, WAL replay would restore - the sequence to a state in which it appeared that no - nextval() had been done, thus allowing the first - sequence value to be returned again by the next - nextval() call. In particular this could manifest for - serial columns, since creation of a serial column's sequence - includes an ALTER SEQUENCE OWNED BY step. - - - - - - Ensure the backup_label file is fsync'd after - pg_start_backup() (Dave Kerr) - - - - - - Back-patch 9.1 improvement to compress the fsync request queue - (Robert Haas) - - - - This improves performance during checkpoints. The 9.1 change - has now seen enough field testing to seem safe to back-patch. - - - - - - Only allow autovacuum to be auto-canceled by a directly blocked - process (Tom Lane) - - - - The original coding could allow inconsistent behavior in some cases; - in particular, an autovacuum could get canceled after less than - deadlock_timeout grace period. - - - - - - Improve logging of autovacuum cancels (Robert Haas) - - - - - - Fix log collector so that log_truncate_on_rotation works - during the very first log rotation after server start (Tom Lane) - - - - - - Ensure that a whole-row reference to a subquery doesn't include any - extra GROUP BY or ORDER BY columns (Tom Lane) - - - - - - Disallow copying whole-row references in CHECK - constraints and index definitions during CREATE TABLE - (Tom Lane) - - - - This situation can arise in CREATE TABLE with - LIKE or INHERITS. The copied whole-row - variable was incorrectly labeled with the row type of the original - table not the new one. Rejecting the case seems reasonable for - LIKE, since the row types might well diverge later. For - INHERITS we should ideally allow it, with an implicit - coercion to the parent table's row type; but that will require more - work than seems safe to back-patch. - - - - - - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki - Linnakangas, Tom Lane) - - - - - - Fix extraction of common prefixes from regular expressions (Tom Lane) - - - - The code could get confused by quantified parenthesized - subexpressions, such as ^(foo)?bar. This would lead to - incorrect index optimization of searches for such patterns. - - - - - - Report errors properly in contrib/xml2's - xslt_process() (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012e - for DST law changes in Morocco and Tokelau - - - - - - - - - - Release 8.3.19 - - - Release date: - 2012-06-04 - - - - This release contains a variety of fixes from 8.3.18. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.19 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Fix incorrect password transformation in - contrib/pgcrypto's DES crypt() function - (Solar Designer) - - - - If a password string contained the byte value 0x80, the - remainder of the password was ignored, causing the password to be much - weaker than it appeared. With this fix, the rest of the string is - properly included in the DES hash. Any stored password values that are - affected by this bug will thus no longer match, so the stored values may - need to be updated. (CVE-2012-2143) - - - - - - Ignore SECURITY DEFINER and SET attributes for - a procedural language's call handler (Tom Lane) - - - - Applying such attributes to a call handler could crash the server. - (CVE-2012-2655) - - - - - - Allow numeric timezone offsets in timestamp input to be up to - 16 hours away from UTC (Tom Lane) - - - - Some historical time zones have offsets larger than 15 hours, the - previous limit. This could result in dumped data values being rejected - during reload. - - - - - - Fix timestamp conversion to cope when the given time is exactly the - last DST transition time for the current timezone (Tom Lane) - - - - This oversight has been there a long time, but was not noticed - previously because most DST-using zones are presumed to have an - indefinite sequence of future DST transitions. - - - - - - Fix text to name and char to name - casts to perform string truncation correctly in multibyte encodings - (Karl Schnaitter) - - - - - - Fix memory copying bug in to_tsquery() (Heikki Linnakangas) - - - - - - Fix slow session startup when pg_attribute is very large - (Tom Lane) - - - - If pg_attribute exceeds one-fourth of - shared_buffers, cache rebuilding code that is sometimes - needed during session start would trigger the synchronized-scan logic, - causing it to take many times longer than normal. The problem was - particularly acute if many new sessions were starting at once. - - - - - - Ensure sequential scans check for query cancel reasonably often (Merlin - Moncure) - - - - A scan encountering many consecutive pages that contain no live tuples - would not respond to interrupts meanwhile. - - - - - - Ensure the Windows implementation of PGSemaphoreLock() - clears ImmediateInterruptOK before returning (Tom Lane) - - - - This oversight meant that a query-cancel interrupt received later - in the same query could be accepted at an unsafe time, with - unpredictable but not good consequences. - - - - - - Show whole-row variables safely when printing views or rules - (Abbas Butt, Tom Lane) - - - - Corner cases involving ambiguous names (that is, the name could be - either a table or column name of the query) were printed in an - ambiguous way, risking that the view or rule would be interpreted - differently after dump and reload. Avoid the ambiguous case by - attaching a no-op cast. - - - - - - Ensure autovacuum worker processes perform stack depth checking - properly (Heikki Linnakangas) - - - - Previously, infinite recursion in a function invoked by - auto-ANALYZE could crash worker processes. - - - - - - Fix logging collector to not lose log coherency under high load (Andrew - Dunstan) - - - - The collector previously could fail to reassemble large messages if it - got too busy. - - - - - - Fix logging collector to ensure it will restart file rotation - after receiving SIGHUP (Tom Lane) - - - - - - Fix PL/pgSQL's GET DIAGNOSTICS command when the target - is the function's first variable (Tom Lane) - - - - - - Fix several performance problems in pg_dump when - the database contains many objects (Jeff Janes, Tom Lane) - - - - pg_dump could get very slow if the database contained - many schemas, or if many objects are in dependency loops, or if there - are many owned sequences. - - - - - - Fix contrib/dblink's dblink_exec() to not leak - temporary database connections upon error (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012c - for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland - Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; - also historical corrections for Canada. - - - - - - - - - - Release 8.3.18 - - - Release date: - 2012-02-27 - - - - This release contains a variety of fixes from 8.3.17. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.18 - - - A dump/restore is not required for those running 8.3.X. - - - - However, if you are upgrading from a version earlier than 8.3.17, - see . - - - - - - Changes - - - - - - Require execute permission on the trigger function for - CREATE TRIGGER (Robert Haas) - - - - This missing check could allow another user to execute a trigger - function with forged input data, by installing it on a table he owns. - This is only of significance for trigger functions marked - SECURITY DEFINER, since otherwise trigger functions run - as the table owner anyway. (CVE-2012-0866) - - - - - - Convert newlines to spaces in names written in pg_dump - comments (Robert Haas) - - - - pg_dump was incautious about sanitizing object names - that are emitted within SQL comments in its output script. A name - containing a newline would at least render the script syntactically - incorrect. Maliciously crafted object names could present a SQL - injection risk when the script is reloaded. (CVE-2012-0868) - - - - - - Fix btree index corruption from insertions concurrent with vacuuming - (Tom Lane) - - - - An index page split caused by an insertion could sometimes cause a - concurrently-running VACUUM to miss removing index entries - that it should remove. After the corresponding table rows are removed, - the dangling index entries would cause errors (such as could not - read block N in file ...) or worse, silently wrong query results - after unrelated rows are re-inserted at the now-free table locations. - This bug has been present since release 8.2, but occurs so infrequently - that it was not diagnosed until now. If you have reason to suspect - that it has happened in your database, reindexing the affected index - will fix things. - - - - - - Allow non-existent values for some settings in ALTER - USER/DATABASE SET (Heikki Linnakangas) - - - - Allow default_text_search_config, - default_tablespace, and temp_tablespaces to be - set to names that are not known. This is because they might be known - in another database where the setting is intended to be used, or for the - tablespace cases because the tablespace might not be created yet. The - same issue was previously recognized for search_path, and - these settings now act like that one. - - - - - - Track the OID counter correctly during WAL replay, even when it wraps - around (Tom Lane) - - - - Previously the OID counter would remain stuck at a high value until the - system exited replay mode. The practical consequences of that are - usually nil, but there are scenarios wherein a standby server that's - been promoted to master might take a long time to advance the OID - counter to a reasonable value once values are needed. - - - - - - Fix regular expression back-references with * attached - (Tom Lane) - - - - Rather than enforcing an exact string match, the code would effectively - accept any string that satisfies the pattern sub-expression referenced - by the back-reference symbol. - - - - A similar problem still afflicts back-references that are embedded in a - larger quantified expression, rather than being the immediate subject - of the quantifier. This will be addressed in a future - PostgreSQL release. - - - - - - Fix recently-introduced memory leak in processing of - inet/cidr values (Heikki Linnakangas) - - - - A patch in the December 2011 releases of PostgreSQL - caused memory leakage in these operations, which could be significant - in scenarios such as building a btree index on such a column. - - - - - - Avoid double close of file handle in syslogger on Windows (MauMau) - - - - Ordinarily this error was invisible, but it would cause an exception - when running on a debug version of Windows. - - - - - - Fix I/O-conversion-related memory leaks in plpgsql - (Andres Freund, Jan Urbanski, Tom Lane) - - - - Certain operations would leak memory until the end of the current - function. - - - - - - Improve pg_dump's handling of inherited table columns - (Tom Lane) - - - - pg_dump mishandled situations where a child column has - a different default expression than its parent column. If the default - is textually identical to the parent's default, but not actually the - same (for instance, because of schema search path differences) it would - not be recognized as different, so that after dump and restore the - child would be allowed to inherit the parent's default. Child columns - that are NOT NULL where their parent is not could also be - restored subtly incorrectly. - - - - - - Fix pg_restore's direct-to-database mode for - INSERT-style table data (Tom Lane) - - - - Direct-to-database restores from archive files made with - - - - - - Fix error in contrib/intarray's int[] & - int[] operator (Guillaume Lelarge) - - - - If the smallest integer the two input arrays have in common is 1, - and there are smaller values in either array, then 1 would be - incorrectly omitted from the result. - - - - - - Fix error detection in contrib/pgcrypto's - encrypt_iv() and decrypt_iv() - (Marko Kreen) - - - - These functions failed to report certain types of invalid-input errors, - and would instead return random garbage values for incorrect input. - - - - - - Fix one-byte buffer overrun in contrib/test_parser - (Paul Guyot) - - - - The code would try to read one more byte than it should, which would - crash in corner cases. - Since contrib/test_parser is only example code, this is - not a security issue in itself, but bad example code is still bad. - - - - - - Use __sync_lock_test_and_set() for spinlocks on ARM, if - available (Martin Pitt) - - - - This function replaces our previous use of the SWPB - instruction, which is deprecated and not available on ARMv6 and later. - Reports suggest that the old code doesn't fail in an obvious way on - recent ARM boards, but simply doesn't interlock concurrent accesses, - leading to bizarre failures in multiprocess operation. - - - - - - Use - - - This prevents assorted scenarios wherein recent versions of gcc will - produce creative results. - - - - - - Allow use of threaded Python on FreeBSD (Chris Rees) - - - - Our configure script previously believed that this combination wouldn't - work; but FreeBSD fixed the problem, so remove that error check. - - - - - - - - - - Release 8.3.17 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 8.3.16. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.17 - - - A dump/restore is not required for those running 8.3.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Make DatumGetInetP() unpack inet datums that have a 1-byte - header, and add a new macro, DatumGetInetPP(), that does - not (Heikki Linnakangas) - - - - This change affects no core code, but might prevent crashes in add-on - code that expects DatumGetInetP() to produce an unpacked - datum as per usual convention. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Avoid floating-point underflow while tracking buffer allocation rate - (Greg Matthews) - - - - While harmless in itself, on certain platforms this would result in - annoying kernel log messages. - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Fix pg_dump to dump user-defined casts between - auto-generated types, such as table rowtypes (Tom Lane) - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Fix incorrect coding in contrib/dict_int and - contrib/dict_xsyn (Tom Lane) - - - - Some functions incorrectly assumed that memory returned by - palloc() is guaranteed zeroed. - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 8.3.16 - - - Release date: - 2011-09-26 - - - - This release contains a variety of fixes from 8.3.15. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.16 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane) - - - - These bugs could result in index corruption after reindexing a system - catalog. They are not believed to affect user indexes. - - - - - - Fix multiple bugs in GiST index page split processing (Heikki - Linnakangas) - - - - The probability of occurrence was low, but these could lead to index - corruption. - - - - - - Fix possible buffer overrun in tsvector_concat() - (Tom Lane) - - - - The function could underestimate the amount of memory needed for its - result, leading to server crashes. - - - - - - Fix crash in xml_recv when processing a - standalone parameter (Tom Lane) - - - - - - Avoid possibly accessing off the end of memory in ANALYZE - and in SJIS-2004 encoding conversion (Noah Misch) - - - - This fixes some very-low-probability server crash scenarios. - - - - - - Fix race condition in relcache init file invalidation (Tom Lane) - - - - There was a window wherein a new backend process could read a stale init - file but miss the inval messages that would tell it the data is stale. - The result would be bizarre failures in catalog accesses, typically - could not read block 0 in file ... later during startup. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix performance problem when constructing a large, lossy bitmap - (Tom Lane) - - - - - - Fix array- and path-creating functions to ensure padding bytes are - zeroes (Tom Lane) - - - - This avoids some situations where the planner will think that - semantically-equal constants are not equal, resulting in poor - optimization. - - - - - - Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) - - - - This could lead to loss of committed transactions after a server crash. - - - - - - Fix dump bug for VALUES in a view (Tom Lane) - - - - - - Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) - - - - This operation doesn't work as expected and can lead to failures. - - - - - - Defend against integer overflow when computing size of a hash table (Tom - Lane) - - - - - - Fix cases where CLUSTER might attempt to access - already-removed TOAST data (Tom Lane) - - - - - - Fix portability bugs in use of credentials control messages for - peer authentication (Tom Lane) - - - - - - Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari, - Magnus Hagander) - - - - The typical symptom of this problem was The function requested is - not supported errors during SSPI login. - - - - - - Fix typo in pg_srand48 seed initialization (Andres Freund) - - - - This led to failure to use all bits of the provided seed. This function - is not used on most platforms (only those without srandom), - and the potential security exposure from a less-random-than-expected - seed seems minimal in any case. - - - - - - Avoid integer overflow when the sum of LIMIT and - OFFSET values exceeds 2^63 (Heikki Linnakangas) - - - - - - Add overflow checks to int4 and int8 versions of - generate_series() (Robert Haas) - - - - - - Fix trailing-zero removal in to_char() (Marti Raudsepp) - - - - In a format with FM and no digit positions - after the decimal point, zeroes to the left of the decimal point could - be removed incorrectly. - - - - - - Fix pg_size_pretty() to avoid overflow for inputs close to - 2^63 (Tom Lane) - - - - - - In pg_ctl, support silent mode for service registrations - on Windows (MauMau) - - - - - - Fix psql's counting of script file line numbers during - COPY from a different file (Tom Lane) - - - - - - Fix pg_restore's direct-to-database mode for - standard_conforming_strings (Tom Lane) - - - - pg_restore could emit incorrect commands when restoring - directly to a database server from an archive file that had been made - with standard_conforming_strings set to on. - - - - - - Fix write-past-buffer-end and memory leak in libpq's - LDAP service lookup code (Albe Laurenz) - - - - - - In libpq, avoid failures when using nonblocking I/O - and an SSL connection (Martin Pihlak, Tom Lane) - - - - - - Improve libpq's handling of failures during connection startup - (Tom Lane) - - - - In particular, the response to a server report of fork() - failure during SSL connection startup is now saner. - - - - - - Improve libpq's error reporting for SSL failures (Tom - Lane) - - - - - - Make ecpglib write double values with 15 digits - precision (Akira Kurosawa) - - - - - - In ecpglib, be sure LC_NUMERIC setting is - restored after an error (Michael Meskes) - - - - - - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) - (Tom Lane) - - - - contrib/pg_crypto's blowfish encryption code could give - wrong results on platforms where char is signed (which is most), - leading to encrypted passwords being weaker than they should be. - - - - - - Fix memory leak in contrib/seg (Heikki Linnakangas) - - - - - - Fix pgstatindex() to give consistent results for empty - indexes (Tom Lane) - - - - - - Allow building with perl 5.14 (Alex Hunsaker) - - - - - - Update configure script's method for probing existence of system - functions (Tom Lane) - - - - The version of autoconf we used in 8.3 and 8.2 could be fooled by - compilers that perform link-time optimization. - - - - - - Fix assorted issues with build and install file paths containing spaces - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2011i - for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. - - - - - - - - - - Release 8.3.15 - - - Release date: - 2011-04-18 - - - - This release contains a variety of fixes from 8.3.14. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.15 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Disallow including a composite type in itself (Tom Lane) - - - - This prevents scenarios wherein the server could recurse infinitely - while processing the composite type. While there are some possible - uses for such a structure, they don't seem compelling enough to - justify the effort required to make sure it always works safely. - - - - - - Avoid potential deadlock during catalog cache initialization - (Nikhil Sontakke) - - - - In some cases the cache loading code would acquire share lock on a - system index before locking the index's catalog. This could deadlock - against processes trying to acquire exclusive locks in the other, - more standard order. - - - - - - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger - handling when there was a concurrent update to the target tuple - (Tom Lane) - - - - This bug has been observed to result in intermittent cannot - extract system attribute from virtual tuple failures while trying to - do UPDATE RETURNING ctid. There is a very small probability - of more serious errors, such as generating incorrect index entries for - the updated tuple. - - - - - - Disallow DROP TABLE when there are pending deferred trigger - events for the table (Tom Lane) - - - - Formerly the DROP would go through, leading to - could not open relation with OID nnn errors when the - triggers were eventually fired. - - - - - - Fix PL/Python memory leak involving array slices (Daniel Popowich) - - - - - - Fix pg_restore to cope with long lines (over 1KB) in - TOC files (Tom Lane) - - - - - - Put in more safeguards against crashing due to division-by-zero - with overly enthusiastic compiler optimization (Aurelien Jarno) - - - - - - Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) - - - - There was a hard-wired assumption that this system function was not - available on MIPS hardware on these systems. Use a compile-time test - instead, since more recent versions have it. - - - - - - Fix compilation failures on HP-UX (Heikki Linnakangas) - - - - - - Fix version-incompatibility problem with libintl on - Windows (Hiroshi Inoue) - - - - - - Fix usage of xcopy in Windows build scripts to - work correctly under Windows 7 (Andrew Dunstan) - - - - This affects the build scripts only, not installation or usage. - - - - - - Fix path separator used by pg_regress on Cygwin - (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2011f - for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, - and Turkey; also historical corrections for South Australia, Alaska, - and Hawaii. - - - - - - - - - - Release 8.3.14 - - - Release date: - 2011-01-31 - - - - This release contains a variety of fixes from 8.3.13. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.14 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Avoid failures when EXPLAIN tries to display a simple-form - CASE expression (Tom Lane) - - - - If the CASE's test expression was a constant, the planner - could simplify the CASE into a form that confused the - expression-display code, resulting in unexpected CASE WHEN - clause errors. - - - - - - Fix assignment to an array slice that is before the existing range - of subscripts (Tom Lane) - - - - If there was a gap between the newly added subscripts and the first - pre-existing subscript, the code miscalculated how many entries needed - to be copied from the old array's null bitmap, potentially leading to - data corruption or crash. - - - - - - Avoid unexpected conversion overflow in planner for very distant date - values (Tom Lane) - - - - The date type supports a wider range of dates than can be - represented by the timestamp types, but the planner assumed it - could always convert a date to timestamp with impunity. - - - - - - Fix pg_restore's text output for large objects (BLOBs) - when standard_conforming_strings is on (Tom Lane) - - - - Although restoring directly to a database worked correctly, string - escaping was incorrect if pg_restore was asked for - SQL text output and standard_conforming_strings had been - enabled in the source database. - - - - - - Fix erroneous parsing of tsquery values containing - ... & !(subexpression) | ... (Tom Lane) - - - - Queries containing this combination of operators were not executed - correctly. The same error existed in contrib/intarray's - query_int type and contrib/ltree's - ltxtquery type. - - - - - - Fix buffer overrun in contrib/intarray's input function - for the query_int type (Apple) - - - - This bug is a security risk since the function's return address could - be overwritten. Thanks to Apple Inc's security team for reporting this - issue and supplying the fix. (CVE-2010-4015) - - - - - - Fix bug in contrib/seg's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a seg column. - If you have such an index, consider REINDEXing it after - installing this update. (This is identical to the bug that was fixed in - contrib/cube in the previous update.) - - - - - - - - - - Release 8.3.13 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 8.3.12. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.13 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) - - - - This could result in bad buffer id: 0 failures or - corruption of index contents during replication. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Fix persistent slowdown of autovacuum workers when multiple workers - remain active for a long time (Tom Lane) - - - - The effective vacuum_cost_limit for an autovacuum worker - could drop to nearly zero if it processed enough tables, causing it - to run extremely slowly. - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Behave correctly if ORDER BY, LIMIT, - FOR UPDATE, or WITH is attached to the - VALUES part of INSERT ... VALUES (Tom Lane) - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Fix postmaster crash when connection acceptance - (accept() or one of the calls made immediately after it) - fails, and the postmaster was compiled with GSSAPI support (Alexander - Chernikov) - - - - - - Fix missed unlink of temporary files when log_temp_files - is active (Tom Lane) - - - - If an error occurred while attempting to emit the log message, the - unlink was not done, resulting in accumulation of temp files. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix PL/Python's handling of set-returning functions - (Jan Urbanski) - - - - Attempts to call SPI functions within the iterator generating a set - result would fail. - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 8.3.12 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.3.11. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.12 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on - Windows (Magnus Hagander) - - - - Under high load, Windows processes will sometimes fail at startup with - this error code. Formerly the postmaster treated this as a panic - condition and restarted the whole database, but that seems to be - an overreaction. - - - - - - Fix incorrect usage of non-strict OR joinclauses in Append indexscans - (Tom Lane) - - - - This is a back-patch of an 8.4 fix that was missed in the 8.3 branch. - This corrects an error introduced in 8.3.8 that could cause incorrect - results for outer joins when the inner relation is an inheritance tree - or UNION ALL subquery. - - - - - - Fix possible duplicate scans of UNION ALL member relations - (Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Fix failure to mark cached plans as transient (Tom Lane) - - - - If a plan is prepared while CREATE INDEX CONCURRENTLY is - in progress for one of the referenced tables, it is supposed to be - re-planned once the index is ready for use. This was not happening - reliably. - - - - - - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, - and provide additional detail in the resulting error messages - (Tom Lane) - - - - This should improve the system's robustness with corrupted indexes. - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Fix possible failure when hashing a pass-by-reference function result - (Tao Ma, Tom Lane) - - - - - - Improve merge join's handling of NULLs in the join columns (Tom Lane) - - - - A merge join can now stop entirely upon reaching the first NULL, - if the sort order is such that NULLs sort high. - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Avoid holding open old WAL segments in the walwriter process - (Magnus Hagander, Heikki Linnakangas) - - - - The previous coding would prevent removal of no-longer-needed segments. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - Fix REASSIGN OWNED to handle operator classes and families - (Asko Tiidumaa) - - - - - - Fix possible core dump when comparing two empty tsquery values - (Tom Lane) - - - - - - Fix LIKE's handling of patterns containing % - followed by _ (Tom Lane) - - - - We've fixed this before, but there were still some incorrectly-handled - cases. - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - Make psql recognize DISCARD ALL as a command that should - not be encased in a transaction block in autocommit-off mode - (Itagaki Takahiro) - - - - - - Fix ecpg to process data from RETURNING - clauses correctly (Michael Meskes) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Add hstore(text, text) - function to contrib/hstore (Robert Haas) - - - - This function is the recommended substitute for the now-deprecated - => operator. It was back-patched so that future-proofed - code can be used with older server versions. Note that the patch will - be effective only after contrib/hstore is installed or - reinstalled in a particular database. Users might prefer to execute - the CREATE FUNCTION command by hand, instead. - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - Make Windows' N. Central Asia Standard Time timezone map to - Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander) - - - - Microsoft changed the DST behavior of this zone in the timezone update - from KB976098. Asia/Novosibirsk is a better match to its new behavior. - - - - - - - - - - Release 8.3.11 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.3.10. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.11 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Fix possible crash if a cache reset message is received during - rebuild of a relcache entry (Heikki) - - - - This error was introduced in 8.3.10 while fixing a related failure. - - - - - - Apply per-function GUC settings while running the language validator - for the function (Itagaki Takahiro) - - - - This avoids failures if the function's code is invalid without the - setting; an example is that SQL functions may not parse if the - search_path is not correct. - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Ensure the archiver process responds to changes in - archive_command as soon as possible (Tom) - - - - - - Update pl/perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in pl/python (Andreas Freund, Tom) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Fix psql's \copy to not add spaces around - a dot within \copy (select ...) (Tom) - - - - Addition of spaces around the decimal point in a numeric literal would - result in a syntax error. - - - - - - Fix unnecessary GIN indexes do not support whole-index scans - errors for unsatisfiable queries using contrib/intarray - operators (Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including OS X. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Avoid possible crashes in syslogger process on Windows (Heikki) - - - - - - Deal more robustly with incomplete time zone information in the - Windows registry (Magnus) - - - - - - Update the set of known Windows time zone names (Magnus) - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - Also, add PKST (Pakistan Summer Time) to the default set of - timezone abbreviations. - - - - - - - - - - Release 8.3.10 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.3.9. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.10 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible deadlock during backend startup (Tom) - - - - - - Fix possible crashes due to not handling errors during relcache reload - cleanly (Tom) - - - - - - Fix possible crash due to use of dangling pointer to a cached plan - (Tatsuo) - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST - index page split (Yoichi Hirai) - - - - This would result in index corruption, or even more likely an error - during WAL replay, if we were unlucky enough to crash during - end-of-recovery cleanup after having completed an incomplete GIST - insertion. - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix assorted crashes in xml processing caused by sloppy - memory management (Tom) - - - - This is a back-patch of changes first applied in 8.4. The 8.3 code - was known buggy, but the new code was sufficiently different to not - want to back-patch it until it had gotten some field testing. - - - - - - Fix bug with trying to update a field of an element of a - composite-type array column (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - Fix some more cases of temporary-file leakage (Heikki) - - - - This corrects a problem introduced in the previous minor release. - One case that failed is when a plpgsql function returning set is - called within another function's exception handler. - - - - - - Improve constraint exclusion processing of boolean-variable cases, - in particular make it possible to exclude a partition that has a - bool_column = false constraint (Tom) - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix possible infinite loop if SSL_read or - SSL_write fails without setting errno (Tom) - - - - This is reportedly possible with some Windows versions of - openssl. - - - - - - Disallow GSSAPI authentication on local connections, - since it requires a hostname to function correctly (Magnus) - - - - - - Make ecpg report the proper SQLSTATE if the connection - disappears (Michael) - - - - - - Fix psql's numericlocale option to not - format strings it shouldn't in latex and troff output formats (Heikki) - - - - - - Make psql return the correct exit status (3) when - ON_ERROR_STOP and --single-transaction are - both specified and an error occurs during the implied COMMIT - (Bruce) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Fix possible failure when calling PL/Perl functions from PL/PerlU - or vice versa (Tim Bunce) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Allow zero-dimensional arrays in contrib/ltree operations - (Tom) - - - - This case was formerly rejected as an error, but it's more convenient to - treat it the same as a zero-element array. In particular this avoids - unnecessary failures when an ltree operation is applied to the - result of ARRAY(SELECT ...) and the sub-select returns no - rows. - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Make building of contrib/xml2 more robust on Windows - (Andrew) - - - - - - Fix race condition in Windows signal handling (Radu Ilie) - - - - One known symptom of this bug is that rows in pg_listener - could be dropped under heavy load. - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.3.9 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.3.8. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.9 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.8, - see . - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Avoid crash on empty thesaurus dictionary (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Ensure that shared tuple-level locks held by prepared transactions are - not ignored (Heikki) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix memory leak in syslogger process when rotating to a new CSV logfile - (Tom) - - - - - - Fix Windows permission-downgrade logic (Jesse Morris) - - - - This fixes some cases where the database failed to start on Windows, - often with misleading error messages such as could not locate - matching postgres executable. - - - - - - Fix incorrect logic for GiST index page splits, when the split depends - on a non-first column of the index (Paul Ramsey) - - - - - - Don't error out if recycling or removing an old WAL file fails at the - end of checkpoint (Heikki) - - - - It's better to treat the problem as non-fatal and allow the checkpoint - to complete. Future checkpoints will retry the removal. Such problems - are not expected in normal operation, but have been seen to be - caused by misdesigned Windows anti-virus and backup software. - - - - - - Ensure WAL files aren't repeatedly archived on Windows (Heikki) - - - - This is another symptom that could happen if some other process - interfered with deletion of a no-longer-needed file. - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Raise the maximum authentication token (Kerberos ticket) size in GSSAPI - and SSPI authentication methods (Ian Turner) - - - - While the old 2000-byte limit was more than enough for Unix Kerberos - implementations, tickets issued by Windows Domain Controllers can be - much larger. - - - - - - Re-enable collection of access statistics for sequences (Akira Kurosawa) - - - - This used to work but was broken in 8.3. - - - - - - Fix processing of ownership dependencies during CREATE OR - REPLACE FUNCTION (Tom) - - - - - - Fix incorrect handling of WHERE - x=x conditions (Tom) - - - - In some cases these could get ignored as redundant, but they aren't - — they're equivalent to x IS NOT NULL. - - - - - - Make text search parser accept underscores in XML attributes (Peter) - - - - - - Fix encoding handling in xml binary input (Heikki) - - - - If the XML header doesn't specify an encoding, we now assume UTF-8 by - default; the previous handling was inconsistent. - - - - - - Fix bug with calling plperl from plperlu or vice - versa (Tom) - - - - An error exit from the inner function could result in crashes due to - failure to re-select the correct Perl interpreter for the outer function. - - - - - - Fix session-lifespan memory leak when a PL/Perl function is redefined - (Tom) - - - - - - Ensure that Perl arrays are properly converted to - PostgreSQL arrays when returned by a set-returning - PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) - - - - This worked correctly already for non-set-returning functions. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - In contrib/pg_standby, disable triggering failover with a - signal on Windows (Fujii Masao) - - - - This never did anything useful, because Windows doesn't have Unix-style - signals, but recent changes made it actually crash. - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update the timezone abbreviation files to match current reality (Joachim - Wieland) - - - - This includes adding IDT and SGT to the default - timezone abbreviation set. - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.3.8 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.3.7. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.8 - - - A dump/restore is not required for those running 8.3.X. - However, if you have any hash indexes on interval columns, - you must REINDEX them after updating to 8.3.8. - Also, if you are upgrading from a version earlier than 8.3.5, - see . - - - - - - Changes - - - - - - Fix Windows shared-memory allocation code (Tsutomu Yamada, Magnus) - - - - This bug led to the often-reported could not reattach - to shared memory error message. - - - - - - Force WAL segment switch during pg_start_backup() - (Heikki) - - - - This avoids corner cases that could render a base backup unusable. - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Make LOAD of an already-loaded loadable module - into a no-op (Tom) - - - - Formerly, LOAD would attempt to unload and re-load the - module, but this is unsafe and not all that useful. - - - - - - Disallow empty passwords during LDAP authentication (Magnus) - - - - - - Fix handling of sub-SELECTs appearing in the arguments of - an outer-level aggregate function (Tom) - - - - - - Fix bugs associated with fetching a whole-row value from the - output of a Sort or Materialize plan node (Tom) - - - - - - Prevent synchronize_seqscans from changing the results of - scrollable and WITH HOLD cursors (Tom) - - - - - - Revert planner change that disabled partial-index and constraint - exclusion optimizations when there were more than 100 clauses in - an AND or OR list (Tom) - - - - - - Fix hash calculation for data type interval (Tom) - - - - This corrects wrong results for hash joins on interval values. - It also changes the contents of hash indexes on interval columns. - If you have any such indexes, you must REINDEX them - after updating. - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Fix calculation of distance between a point and a line segment (Tom) - - - - This led to incorrect results from a number of geometric operators. - - - - - - Fix money data type to work in locales where currency - amounts have no fractional digits, e.g. Japan (Itagaki Takahiro) - - - - - - Fix LIKE for case where pattern contains %_ - (Tom) - - - - - - Properly round datetime input like - 00:12:57.9999999999999999999999999999 (Tom) - - - - - - Fix memory leaks in XML operations (Tom) - - - - - - Fix poor choice of page split point in GiST R-tree operator classes - (Teodor) - - - - - - Ensure that a fast shutdown request will forcibly terminate - open sessions, even if a smart shutdown was already in progress - (Fujii Masao) - - - - - - Avoid performance degradation in bulk inserts into GIN indexes - when the input values are (nearly) in sorted order (Tom) - - - - - - Correctly enforce NOT NULL domain constraints in some contexts in - PL/pgSQL (Tom) - - - - - - Fix portability issues in plperl initialization (Andrew Dunstan) - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Improve pg_dump's efficiency when there are - many large objects (Tamas Vincze) - - - - - - Use SIGUSR1, not SIGQUIT, as the - failover signal for pg_standby (Heikki) - - - - - - Make pg_standby's maxretries option - behave as documented (Fujii Masao) - - - - - - Make contrib/hstore throw an error when a key or - value is too long to fit in its data structure, rather than - silently truncating it (Andrew Gierth) - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Jordan, Pakistan, - Argentina/San_Luis, Cuba, Jordan (historical correction only), - Mauritius, Morocco, Palestine, Syria, Tunisia. - - - - - - - - - - Release 8.3.7 - - - Release date: - 2009-03-16 - - - - This release contains a variety of fixes from 8.3.6. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.7 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.5, - see . - - - - - - Changes - - - - - - Prevent error recursion crashes when encoding conversion fails (Tom) - - - - This change extends fixes made in the last two minor releases for - related failure scenarios. The previous fixes were narrowly tailored - for the original problem reports, but we have now recognized that - any error thrown by an encoding conversion function could - potentially lead to infinite recursion while trying to report the - error. The solution therefore is to disable translation and encoding - conversion and report the plain-ASCII form of any error message, - if we find we have gotten into a recursive error reporting situation. - (CVE-2009-0922) - - - - - - Disallow CREATE CONVERSION with the wrong encodings - for the specified conversion function (Heikki) - - - - This prevents one possible scenario for encoding conversion failure. - The previous change is a backstop to guard against other kinds of - failures in the same area. - - - - - - Fix xpath() to not modify the path expression unless - necessary, and to make a saner attempt at it when necessary (Andrew) - - - - The SQL standard suggests that xpath should work on data - that is a document fragment, but libxml doesn't support - that, and indeed it's not clear that this is sensible according to the - XPath standard. xpath attempted to work around this - mismatch by modifying both the data and the path expression, but the - modification was buggy and could cause valid searches to fail. Now, - xpath checks whether the data is in fact a well-formed - document, and if so invokes libxml with no change to the - data or path expression. Otherwise, a different modification method - that is somewhat less likely to fail is used. - - - - - The new modification method is still not 100% satisfactory, and it - seems likely that no real solution is possible. This patch should - therefore be viewed as a band-aid to keep from breaking existing - applications unnecessarily. It is likely that - PostgreSQL 8.4 will simply reject use of - xpath on data that is not a well-formed document. - - - - - - - Fix core dump when to_char() is given format codes that - are inappropriate for the type of the data argument (Tom) - - - - - - Fix possible failure in text search when C locale is used with - a multi-byte encoding (Teodor) - - - - Crashes were possible on platforms where wchar_t is narrower - than int; Windows in particular. - - - - - - Fix extreme inefficiency in text search parser's handling of an - email-like string containing multiple @ characters (Heikki) - - - - - - Fix planner problem with sub-SELECT in the output list - of a larger subquery (Tom) - - - - The known symptom of this bug is a failed to locate grouping - columns error that is dependent on the datatype involved; - but there could be other issues as well. - - - - - - Fix decompilation of CASE WHEN with an implicit coercion - (Tom) - - - - This mistake could lead to Assert failures in an Assert-enabled build, - or an unexpected CASE WHEN clause error message in other - cases, when trying to examine or dump a view. - - - - - - Fix possible misassignment of the owner of a TOAST table's rowtype (Tom) - - - - If CLUSTER or a rewriting variant of ALTER TABLE - were executed by someone other than the table owner, the - pg_type entry for the table's TOAST table would end up - marked as owned by that someone. This caused no immediate problems, - since the permissions on the TOAST rowtype aren't examined by any - ordinary database operation. However, it could lead to unexpected - failures if one later tried to drop the role that issued the command - (in 8.1 or 8.2), or owner of data type appears to be invalid - warnings from pg_dump after having done so (in 8.3). - - - - - - Change UNLISTEN to exit quickly if the current session has - never executed any LISTEN command (Tom) - - - - Most of the time this is not a particularly useful optimization, but - since DISCARD ALL invokes UNLISTEN, the previous - coding caused a substantial performance problem for applications that - made heavy use of DISCARD ALL. - - - - - - Fix PL/pgSQL to not treat INTO after INSERT as - an INTO-variables clause anywhere in the string, not only at the start; - in particular, don't fail for INSERT INTO within - CREATE RULE (Tom) - - - - - - Clean up PL/pgSQL error status variables fully at block exit - (Ashesh Vashi and Dave Page) - - - - This is not a problem for PL/pgSQL itself, but the omission could cause - the PL/pgSQL Debugger to crash while examining the state of a function. - - - - - - Retry failed calls to CallNamedPipe() on Windows - (Steve Marshall, Magnus) - - - - It appears that this function can sometimes fail transiently; - we previously treated any failure as a hard error, which could - confuse LISTEN/NOTIFY as well as other - operations. - - - - - - Add MUST (Mauritius Island Summer Time) to the default list - of known timezone abbreviations (Xavier Bugaud) - - - - - - - - - - Release 8.3.6 - - - Release date: - 2009-02-02 - - - - This release contains a variety of fixes from 8.3.5. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.6 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.5, - see . - - - - - - Changes - - - - - - Make DISCARD ALL release advisory locks, in addition - to everything it already did (Tom) - - - - This was decided to be the most appropriate behavior. This could - affect existing applications, however. - - - - - - Fix whole-index GiST scans to work correctly (Teodor) - - - - This error could cause rows to be lost if a table is clustered - on a GiST index. - - - - - - Fix crash of xmlconcat(NULL) (Peter) - - - - - - Fix possible crash in ispell dictionary if high-bit-set - characters are used as flags (Teodor) - - - - This is known to be done by one widely available Norwegian dictionary, - and the same condition may exist in others. - - - - - - Fix misordering of pg_dump output for composite types - (Tom) - - - - The most likely problem was for user-defined operator classes to - be dumped after indexes or views that needed them. - - - - - - Improve handling of URLs in headline() function (Teodor) - - - - - - Improve handling of overlength headlines in headline() - function (Teodor) - - - - - - Prevent possible Assert failure or misconversion if an encoding - conversion is created with the wrong conversion function for the - specified pair of encodings (Tom, Heikki) - - - - - - Fix possible Assert failure if a statement executed in PL/pgSQL is - rewritten into another kind of statement, for example if an - INSERT is rewritten into an UPDATE (Heikki) - - - - - - Ensure that a snapshot is available to datatype input functions (Tom) - - - - This primarily affects domains that are declared with CHECK - constraints involving user-defined stable or immutable functions. Such - functions typically fail if no snapshot has been set. - - - - - - Make it safer for SPI-using functions to be used within datatype I/O; - in particular, to be used in domain check constraints (Tom) - - - - - - Avoid unnecessary locking of small tables in VACUUM - (Heikki) - - - - - - Fix a problem that sometimes kept ALTER TABLE ENABLE/DISABLE - RULE from being recognized by active sessions (Tom) - - - - - - Fix a problem that made UPDATE RETURNING tableoid - return zero instead of the correct OID (Tom) - - - - - - Allow functions declared as taking ANYARRAY to work on - the pg_statistic columns of that type (Tom) - - - - This used to work, but was unintentionally broken in 8.3. - - - - - - Fix planner misestimation of selectivity when transitive equality - is applied to an outer-join clause (Tom) - - - - This could result in bad plans for queries like - ... from a left join b on a.a1 = b.b1 where a.a1 = 42 ... - - - - - - Improve optimizer's handling of long IN lists (Tom) - - - - This change avoids wasting large amounts of time on such lists - when constraint exclusion is enabled. - - - - - - Prevent synchronous scan during GIN index build (Tom) - - - - Because GIN is optimized for inserting tuples in increasing TID order, - choosing to use a synchronous scan could slow the build by a factor of - three or more. - - - - - - Ensure that the contents of a holdable cursor don't depend on the - contents of TOAST tables (Tom) - - - - Previously, large field values in a cursor result might be represented - as TOAST pointers, which would fail if the referenced table got dropped - before the cursor is read, or if the large value is deleted and then - vacuumed away. This cannot happen with an ordinary cursor, - but it could with a cursor that is held past its creating transaction. - - - - - - Fix memory leak when a set-returning function is terminated without - reading its whole result (Tom) - - - - - - Fix encoding conversion problems in XML functions when the database - encoding isn't UTF-8 (Tom) - - - - - - Fix contrib/dblink's - dblink_get_result(text,bool) function (Joe) - - - - - - Fix possible garbage output from contrib/sslinfo functions - (Tom) - - - - - - Fix incorrect behavior of contrib/tsearch2 compatibility - trigger when it's fired more than once in a command (Teodor) - - - - - - Fix possible mis-signaling in autovacuum (Heikki) - - - - - - Support running as a service on Windows 7 beta (Dave and Magnus) - - - - - - Fix ecpg's handling of varchar structs (Michael) - - - - - - Fix configure script to properly report failure when - unable to obtain linkage information for PL/Perl (Andrew) - - - - - - Make all documentation reference pgsql-bugs and/or - pgsql-hackers as appropriate, instead of the - now-decommissioned pgsql-ports and pgsql-patches - mailing lists (Tom) - - - - - - Update time zone data files to tzdata release 2009a (for - Kathmandu and historical DST corrections in Switzerland, Cuba) - - - - - - - - - - Release 8.3.5 - - - Release date: - 2008-11-03 - - - - This release contains a variety of fixes from 8.3.4. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.5 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.1, - see . Also, if you were running a previous - 8.3.X release, it is recommended to REINDEX all GiST - indexes after the upgrade. - - - - - - Changes - - - - - - Fix GiST index corruption due to marking the wrong index entry - dead after a deletion (Teodor) - - - - This would result in index searches failing to find rows they - should have found. Corrupted indexes can be fixed with - REINDEX. - - - - - - Fix backend crash when the client encoding cannot represent a localized - error message (Tom) - - - - We have addressed similar issues before, but it would still fail if - the character has no equivalent message itself couldn't - be converted. The fix is to disable localization and send the plain - ASCII error message when we detect such a situation. - - - - - - Fix possible crash in bytea-to-XML mapping (Michael McMaster) - - - - - - Fix possible crash when deeply nested functions are invoked from - a trigger (Tom) - - - - - - Improve optimization of expression IN - (expression-list) queries (Tom, per an idea from Robert - Haas) - - - - Cases in which there are query variables on the right-hand side had been - handled less efficiently in 8.2.x and 8.3.x than in prior versions. - The fix restores 8.1 behavior for such cases. - - - - - - Fix mis-expansion of rule queries when a sub-SELECT appears - in a function call in FROM, a multi-row VALUES - list, or a RETURNING list (Tom) - - - - The usual symptom of this problem is an unrecognized node type - error. - - - - - - Fix Assert failure during rescan of an IS NULL - search of a GiST index (Teodor) - - - - - - Fix memory leak during rescan of a hashed aggregation plan (Neil) - - - - - - Ensure an error is reported when a newly-defined PL/pgSQL trigger - function is invoked as a normal function (Tom) - - - - - - Force a checkpoint before CREATE DATABASE starts to copy - files (Heikki) - - - - This prevents a possible failure if files had recently been deleted - in the source database. - - - - - - Prevent possible collision of relfilenode numbers - when moving a table to another tablespace with ALTER SET - TABLESPACE (Heikki) - - - - The command tried to re-use the existing filename, instead of - picking one that is known unused in the destination directory. - - - - - - Fix incorrect text search headline generation when single query - item matches first word of text (Sushant Sinha) - - - - - - Fix improper display of fractional seconds in interval values when - using a non-ISO datestyle in an - - - - - Make ILIKE compare characters case-insensitively - even when they're escaped (Andrew) - - - - - - Ensure DISCARD is handled properly by statement logging (Tom) - - - - - - Fix incorrect logging of last-completed-transaction time during - PITR recovery (Tom) - - - - - - Ensure SPI_getvalue and SPI_getbinval - behave correctly when the passed tuple and tuple descriptor have - different numbers of columns (Tom) - - - - This situation is normal when a table has had columns added or removed, - but these two functions didn't handle it properly. - The only likely consequence is an incorrect error indication. - - - - - - Mark SessionReplicationRole as PGDLLIMPORT - so it can be used by Slony on Windows (Magnus) - - - - - - Fix small memory leak when using libpq's - gsslib parameter (Magnus) - - - - The space used by the parameter string was not freed at connection - close. - - - - - - Ensure libgssapi is linked into libpq - if needed (Markus Schaaf) - - - - - - Fix ecpg's parsing of CREATE ROLE (Michael) - - - - - - Fix recent breakage of pg_ctl restart (Tom) - - - - - - Ensure pg_control is opened in binary mode - (Itagaki Takahiro) - - - - pg_controldata and pg_resetxlog - did this incorrectly, and so could fail on Windows. - - - - - - Update time zone data files to tzdata release 2008i (for - DST law changes in Argentina, Brazil, Mauritius, Syria) - - - - - - - - - - Release 8.3.4 - - - Release date: - 2008-09-22 - - - - This release contains a variety of fixes from 8.3.3. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.4 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.1, - see . - - - - - - Changes - - - - - - Fix bug in btree WAL recovery code (Heikki) - - - - Recovery failed if the WAL ended partway through a page split operation. - - - - - - Fix potential use of wrong cutoff XID for HOT page pruning (Alvaro) - - - - This error created a risk of corruption in system - catalogs that are consulted by VACUUM: dead tuple versions - might be removed too soon. The impact of this on actual database - operations would be minimal, since the system doesn't follow MVCC - rules while examining catalogs, but it might result in transiently - wrong output from pg_dump or other client programs. - - - - - - Fix potential miscalculation of datfrozenxid (Alvaro) - - - - This error may explain some recent reports of failure to remove old - pg_clog data. - - - - - - Fix incorrect HOT updates after pg_class is reindexed - (Tom) - - - - Corruption of pg_class could occur if REINDEX - TABLE pg_class was followed in the same session by an ALTER - TABLE RENAME or ALTER TABLE SET SCHEMA command. - - - - - - Fix missed combo cid case (Karl Schnaitter) - - - - This error made rows incorrectly invisible to a transaction in which they - had been deleted by multiple subtransactions that all aborted. - - - - - - Prevent autovacuum from crashing if the table it's currently - checking is deleted at just the wrong time (Alvaro) - - - - - - Widen local lock counters from 32 to 64 bits (Tom) - - - - This responds to reports that the counters could overflow in - sufficiently long transactions, leading to unexpected lock is - already held errors. - - - - - - Fix possible duplicate output of tuples during a GiST index scan (Teodor) - - - - - - Regenerate foreign key checking queries from scratch when either - table is modified (Tom) - - - - Previously, 8.3 would attempt to replan the query, but would work from - previously generated query text. This led to failures if a - table or column was renamed. - - - - - - Fix missed permissions checks when a view contains a simple - UNION ALL construct (Heikki) - - - - Permissions for the referenced tables were checked properly, but not - permissions for the view itself. - - - - - - Add checks in executor startup to ensure that the tuples produced by an - INSERT or UPDATE will match the target table's - current rowtype (Tom) - - - - This situation is believed to be impossible in 8.3, but it can happen in - prior releases, so a check seems prudent. - - - - - - Fix possible repeated drops during DROP OWNED (Tom) - - - - This would typically result in strange errors such as cache - lookup failed for relation NNN. - - - - - - Fix several memory leaks in XML operations (Kris Jurka, Tom) - - - - - - Fix xmlserialize() to raise error properly for - unacceptable target data type (Tom) - - - - - - Fix a couple of places that mis-handled multibyte characters in text - search configuration file parsing (Tom) - - - - Certain characters occurring in configuration files would always cause - invalid byte sequence for encoding failures. - - - - - - Provide file name and line number location for all errors reported - in text search configuration files (Tom) - - - - - - Fix AT TIME ZONE to first try to interpret its timezone - argument as a timezone abbreviation, and only try it as a full timezone - name if that fails, rather than the other way around as formerly (Tom) - - - - The timestamp input functions have always resolved ambiguous zone names - in this order. Making AT TIME ZONE do so as well improves - consistency, and fixes a compatibility bug introduced in 8.1: - in ambiguous cases we now behave the same as 8.0 and before did, - since in the older versions AT TIME ZONE accepted - only abbreviations. - - - - - - Fix datetime input functions to correctly detect integer overflow when - running on a 64-bit platform (Tom) - - - - - - Prevent integer overflows during units conversion when displaying a - configuration parameter that has units (Tom) - - - - - - Improve performance of writing very long log messages to syslog (Tom) - - - - - - Allow spaces in the suffix part of an LDAP URL in - pg_hba.conf (Tom) - - - - - - Fix bug in backwards scanning of a cursor on a SELECT DISTINCT - ON query (Tom) - - - - - - Fix planner bug that could improperly push down IS NULL - tests below an outer join (Tom) - - - - This was triggered by occurrence of IS NULL tests for - the same relation in all arms of an upper OR clause. - - - - - - Fix planner bug with nested sub-select expressions (Tom) - - - - If the outer sub-select has no direct dependency on the parent query, - but the inner one does, the outer value might not get recalculated - for new parent query rows. - - - - - - Fix planner to estimate that GROUP BY expressions yielding - boolean results always result in two groups, regardless of the - expressions' contents (Tom) - - - - This is very substantially more accurate than the regular GROUP - BY estimate for certain boolean tests like col - IS NULL. - - - - - - Fix PL/pgSQL to not fail when a FOR loop's target variable - is a record containing composite-type fields (Tom) - - - - - - Fix PL/Tcl to behave correctly with Tcl 8.5, and to be more careful - about the encoding of data sent to or from Tcl (Tom) - - - - - - Improve performance of PQescapeBytea() (Rudolf Leitgeb) - - - - - - On Windows, work around a Microsoft bug by preventing - libpq from trying to send more than 64kB per system call - (Magnus) - - - - - - Fix ecpg to handle variables properly in SET - commands (Michael) - - - - - - Improve pg_dump and pg_restore's - error reporting after failure to send a SQL command (Tom) - - - - - - Fix pg_ctl to properly preserve postmaster - command-line arguments across a restart (Bruce) - - - - - - Fix erroneous WAL file cutoff point calculation in - pg_standby (Simon) - - - - - - Update time zone data files to tzdata release 2008f (for - DST law changes in Argentina, Bahamas, Brazil, Mauritius, Morocco, - Pakistan, Palestine, and Paraguay) - - - - - - - - - - Release 8.3.3 - - - Release date: - 2008-06-12 - - - - This release contains one serious and one minor bug fix over 8.3.2. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.3 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.1, - see . - - - - - - Changes - - - - - - Make pg_get_ruledef() parenthesize negative constants (Tom) - - - - Before this fix, a negative constant in a view or rule might be dumped - as, say, -42::integer, which is subtly incorrect: it should - be (-42)::integer due to operator precedence rules. - Usually this would make little difference, but it could interact with - another recent patch to cause - PostgreSQL to reject what had been a valid - SELECT DISTINCT view query. Since this could result in - pg_dump output failing to reload, it is being treated - as a high-priority fix. The only released versions in which dump - output is actually incorrect are 8.3.1 and 8.2.7. - - - - - - Make ALTER AGGREGATE ... OWNER TO update - pg_shdepend (Tom) - - - - This oversight could lead to problems if the aggregate was later - involved in a DROP OWNED or REASSIGN OWNED - operation. - - - - - - - - - - Release 8.3.2 - - - Release date: - never released - - - - This release contains a variety of fixes from 8.3.1. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.2 - - - A dump/restore is not required for those running 8.3.X. - However, if you are upgrading from a version earlier than 8.3.1, - see . - - - - - - Changes - - - - - - Fix ERRORDATA_STACK_SIZE exceeded crash that - occurred on Windows when using UTF-8 database encoding and a different - client encoding (Tom) - - - - - - Fix incorrect archive truncation point calculation for the - %r macro in restore_command parameters - (Simon) - - - - This could lead to data loss if a warm-standby script relied on - %r to decide when to throw away WAL segment files. - - - - - - Fix ALTER TABLE ADD COLUMN ... PRIMARY KEY so that the new - column is correctly checked to see if it's been initialized to all - non-nulls (Brendan Jurd) - - - - Previous versions neglected to check this requirement at all. - - - - - - Fix REASSIGN OWNED so that it works on procedural - languages too (Alvaro) - - - - - - Fix problems with SELECT FOR UPDATE/SHARE occurring as a - subquery in a query with a non-SELECT top-level operation - (Tom) - - - - - - Fix possible CREATE TABLE failure when inheriting the - same constraint from multiple parent relations that - inherited that constraint from a common ancestor (Tom) - - - - - - Fix pg_get_ruledef() to show the alias, if any, attached - to the target table of an UPDATE or DELETE - (Tom) - - - - - - Restore the pre-8.3 behavior that an out-of-range block number in a - TID being used in a TidScan plan results in silently not matching any - rows (Tom) - - - - 8.3.0 and 8.3.1 threw an error instead. - - - - - - Fix GIN bug that could result in a too many LWLocks - taken failure (Teodor) - - - - - - Fix broken GiST comparison function for tsquery (Teodor) - - - - - - Fix tsvector_update_trigger() and ts_stat() - to accept domains over the types they expect to work with (Tom) - - - - - - Fix failure to support enum data types as foreign keys (Tom) - - - - - - Avoid possible crash when decompressing corrupted data - (Zdenek Kotala) - - - - - - Fix race conditions between delayed unlinks and DROP - DATABASE (Heikki) - - - - In the worst case this could result in deleting a newly created table - in a new database that happened to get the same OID as the - recently-dropped one; but of course that is an extremely - low-probability scenario. - - - - - - Repair two places where SIGTERM exit of a backend could leave corrupted - state in shared memory (Tom) - - - - Neither case is very important if SIGTERM is used to shut down the - whole database cluster together, but there was a problem if someone - tried to SIGTERM individual backends. - - - - - - Fix possible crash due to incorrect plan generated for an - x IN (SELECT y - FROM ...) clause when x and y - have different data types; and make sure the behavior is semantically - correct when the conversion from y's type to - x's type is lossy (Tom) - - - - - - Fix oversight that prevented the planner from substituting known Param - values as if they were constants (Tom) - - - - This mistake partially disabled optimization of unnamed - extended-Query statements in 8.3.0 and 8.3.1: in particular the - LIKE-to-indexscan optimization would never be applied if the LIKE - pattern was passed as a parameter, and constraint exclusion - depending on a parameter value didn't work either. - - - - - - Fix planner failure when an indexable MIN or - MAX aggregate is used with DISTINCT or - ORDER BY (Tom) - - - - - - Fix planner to ensure it never uses a physical tlist for a - plan node that is feeding a Sort node (Tom) - - - - This led to the sort having to push around more data than it really - needed to, since unused column values were included in the sorted - data. - - - - - - Avoid unnecessary copying of query strings (Tom) - - - - This fixes a performance problem introduced in 8.3.0 when a very large - number of commands are submitted as a single query string. - - - - - - Make TransactionIdIsCurrentTransactionId() use binary - search instead of linear search when checking child-transaction XIDs - (Heikki) - - - - This fixes some cases in which 8.3.0 was significantly - slower than earlier releases. - - - - - - Fix conversions between ISO-8859-5 and other encodings to handle - Cyrillic Yo characters (e and E with - two dots) (Sergey Burladyan) - - - - - - Fix several datatype input functions, notably array_in(), - that were allowing unused bytes in their results to contain - uninitialized, unpredictable values (Tom) - - - - This could lead to failures in which two apparently identical literal - values were not seen as equal, resulting in the parser complaining - about unmatched ORDER BY and DISTINCT - expressions. - - - - - - Fix a corner case in regular-expression substring matching - (substring(string from - pattern)) (Tom) - - - - The problem occurs when there is a match to the pattern overall but - the user has specified a parenthesized subexpression and that - subexpression hasn't got a match. An example is - substring('foo' from 'foo(bar)?'). - This should return NULL, since (bar) isn't matched, but - it was mistakenly returning the whole-pattern match instead (ie, - foo). - - - - - - Prevent cancellation of an auto-vacuum that was launched to prevent - XID wraparound (Alvaro) - - - - - - Improve ANALYZE's handling of in-doubt tuples (those - inserted or deleted by a not-yet-committed transaction) so that the - counts it reports to the stats collector are more likely to be correct - (Pavan Deolasee) - - - - - - Fix initdb to reject a relative path for its - --xlogdir (-X) option (Tom) - - - - - - Make psql print tab characters as an appropriate - number of spaces, rather than \x09 as was done in - 8.3.0 and 8.3.1 (Bruce) - - - - - - Update time zone data files to tzdata release 2008c (for - DST law changes in Morocco, Iraq, Choibalsan, Pakistan, Syria, Cuba, and - Argentina/San_Luis) - - - - - - Add ECPGget_PGconn() function to - ecpglib (Michael) - - - - - - Fix incorrect result from ecpg's - PGTYPEStimestamp_sub() function (Michael) - - - - - - Fix handling of continuation line markers in ecpg - (Michael) - - - - - - Fix possible crashes in contrib/cube functions (Tom) - - - - - - Fix core dump in contrib/xml2's - xpath_table() function when the input query returns a - NULL value (Tom) - - - - - - Fix contrib/xml2's makefile to not override - CFLAGS, and make it auto-configure properly for - libxslt present or not (Tom) - - - - - - - - - - Release 8.3.1 - - - Release date: - 2008-03-17 - - - - This release contains a variety of fixes from 8.3.0. - For information about new features in the 8.3 major release, see - . - - - - Migration to Version 8.3.1 - - - A dump/restore is not required for those running 8.3.X. - However, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the Windows locale - issue described below. - - - - - - Changes - - - - - - Fix character string comparison for Windows locales that consider - different character combinations as equal (Tom) - - - - This fix applies only on Windows and only when using UTF-8 - database encoding. The same fix was made for all other cases - over two years ago, but Windows with UTF-8 uses a separate code - path that was not updated. If you are using a locale that - considers some non-identical strings as equal, you may need to - REINDEX to fix existing indexes on textual columns. - - - - - - Repair corner-case bugs in VACUUM FULL (Tom) - - - - A potential deadlock between concurrent VACUUM FULL - operations on different system catalogs was introduced in 8.2. - This has now been corrected. 8.3 made this worse because the - deadlock could occur within a critical code section, making it - a PANIC rather than just ERROR condition. - - - - Also, a VACUUM FULL that failed partway through - vacuuming a system catalog could result in cache corruption in - concurrent database sessions. - - - - Another VACUUM FULL bug introduced in 8.3 could - result in a crash or out-of-memory report when dealing with - pages containing no live tuples. - - - - - - Fix misbehavior of foreign key checks involving character - or bit columns (Tom) - - - - If the referencing column were of a different but compatible type - (for instance varchar), the constraint was enforced incorrectly. - - - - - - Avoid needless deadlock failures in no-op foreign-key checks (Stephan - Szabo, Tom) - - - - - - Fix possible core dump when re-planning a prepared query (Tom) - - - - This bug affected only protocol-level prepare operations, not - SQL PREPARE, and so tended to be seen only with - JDBC, DBI, and other client-side drivers that use prepared - statements heavily. - - - - - - Fix possible failure when re-planning a query that calls an SPI-using - function (Tom) - - - - - - Fix failure in row-wise comparisons involving columns of different - datatypes (Tom) - - - - - - Fix longstanding LISTEN/NOTIFY - race condition (Tom) - - - - In rare cases a session that had just executed a - LISTEN might not get a notification, even though - one would be expected because the concurrent transaction executing - NOTIFY was observed to commit later. - - - - A side effect of the fix is that a transaction that has executed - a not-yet-committed LISTEN command will not see any - row in pg_listener for the LISTEN, - should it choose to look; formerly it would have. This behavior - was never documented one way or the other, but it is possible that - some applications depend on the old behavior. - - - - - - Disallow LISTEN and UNLISTEN within a - prepared transaction (Tom) - - - - This was formerly allowed but trying to do it had various unpleasant - consequences, notably that the originating backend could not exit - as long as an UNLISTEN remained uncommitted. - - - - - - Disallow dropping a temporary table within a - prepared transaction (Heikki) - - - - This was correctly disallowed by 8.1, but the check was inadvertently - broken in 8.2 and 8.3. - - - - - - Fix rare crash when an error occurs during a query using a hash index - (Heikki) - - - - - - Fix incorrect comparison of tsquery values (Teodor) - - - - - - Fix incorrect behavior of LIKE with non-ASCII characters - in single-byte encodings (Rolf Jentsch) - - - - - - Disable xmlvalidate (Tom) - - - - This function should have been removed before 8.3 release, but - was inadvertently left in the source code. It poses a small - security risk since unprivileged users could use it to read the - first few characters of any file accessible to the server. - - - - - - Fix memory leaks in certain usages of set-returning functions (Neil) - - - - - - Make encode(bytea, 'escape') convert all - high-bit-set byte values into \nnn octal - escape sequences (Tom) - - - - This is necessary to avoid encoding problems when the database - encoding is multi-byte. This change could pose compatibility issues - for applications that are expecting specific results from - encode. - - - - - - Fix input of datetime values for February 29 in years BC (Tom) - - - - The former coding was mistaken about which years were leap years. - - - - - - Fix unrecognized node type error in some variants of - ALTER OWNER (Tom) - - - - - - Avoid tablespace permissions errors in CREATE TABLE LIKE - INCLUDING INDEXES (Tom) - - - - - - Ensure pg_stat_activity.waiting flag - is cleared when a lock wait is aborted (Tom) - - - - - - Fix handling of process permissions on Windows Vista (Dave, Magnus) - - - - In particular, this fix allows starting the server as the Administrator - user. - - - - - - Update time zone data files to tzdata release 2008a - (in particular, recent Chile changes); adjust timezone abbreviation - VET (Venezuela) to mean UTC-4:30, not UTC-4:00 (Tom) - - - - - - Fix ecpg problems with arrays (Michael) - - - - - - Fix pg_ctl to correctly extract the postmaster's port - number from command-line options (Itagaki Takahiro, Tom) - - - - Previously, pg_ctl start -w could try to contact the - postmaster on the wrong port, leading to bogus reports of startup - failure. - - - - - - Use - - - This is known to be necessary when building PostgreSQL - with gcc 4.3 or later. - - - - - - Enable building contrib/uuid-ossp with MSVC (Hiroshi Saito) - - - - - - - - - - Release 8.3 - - - Release date: - 2008-02-04 - - - - Overview - - - With significant new functionality and performance enhancements, - this release represents a major leap forward for - PostgreSQL. This was made possible by a growing - community that has dramatically accelerated the pace of - development. This release adds the following major features: - - - - - - - Full text search is integrated into the core database system - - - - - - Support for the SQL/XML standard, including new operators and an - XML data type - - - - - - Enumerated data types (ENUM) - - - - - - Arrays of composite types - - - - - - Universally Unique Identifier (UUID) data type - - - - - - Add control over whether NULLs sort first or last - - - - - - Updatable cursors - - - - - - Server configuration parameters can now be set on a per-function - basis - - - - - - User-defined types can now have type modifiers - - - - - - Automatically re-plan cached queries when table - definitions change or statistics are updated - - - - - - Numerous improvements in logging and statistics collection - - - - - - Support Security Service Provider Interface (SSPI) for - authentication on Windows - - - - - - Support multiple concurrent autovacuum processes, and other - autovacuum improvements - - - - - - Allow the whole PostgreSQL distribution to be compiled - with Microsoft Visual C++ - - - - - - - Major performance improvements are listed below. Most of - these enhancements are automatic and do not require user changes or - tuning: - - - - - - - Asynchronous commit delays writes to WAL during transaction commit - - - - - - Checkpoint writes can be spread over a longer time period to smooth - the I/O spike during each checkpoint - - - - - - Heap-Only Tuples (HOT) accelerate space reuse for - most UPDATEs and DELETEs - - - - - - Just-in-time background writer strategy improves disk write - efficiency - - - - - - Using non-persistent transaction IDs for read-only transactions - reduces overhead and VACUUM requirements - - - - - - Per-field and per-row storage overhead has been reduced - - - - - - Large sequential scans no longer force out frequently used - cached pages - - - - - - Concurrent large sequential scans can now share disk reads - - - - - - ORDER BY ... LIMIT can be done without sorting - - - - - - - The above items are explained in more detail in the sections below. - - - - - - Migration to Version 8.3 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - General - - - - - Non-character data types are no longer automatically cast to - TEXT (Peter, Tom) - - - - Previously, if a non-character value was supplied to an operator or - function that requires text input, it was automatically - cast to text, for most (though not all) built-in data types. - This no longer happens: an explicit cast to text is now - required for all non-character-string types. For example, these - expressions formerly worked: - - -substr(current_date, 1, 4) -23 LIKE '2%' - - - but will now draw function does not exist and operator - does not exist errors respectively. Use an explicit cast instead: - - -substr(current_date::text, 1, 4) -23::text LIKE '2%' - - - (Of course, you can use the more verbose CAST() syntax too.) - The reason for the change is that these automatic casts too often caused - surprising behavior. An example is that in previous releases, this - expression was accepted but did not do what was expected: - - -current_date < 2017-11-17 - - - This is actually comparing a date to an integer, which should be - (and now is) rejected — but in the presence of automatic - casts both sides were cast to text and a textual comparison - was done, because the text < text operator was able - to match the expression when no other < operator could. - - - - Types char(n) and - varchar(n) still cast to text - automatically. Also, automatic casting to text still works for - inputs to the concatenation (||) operator, so long as least - one input is a character-string type. - - - - - - Full text search features from contrib/tsearch2 have - been moved into the core server, with some minor syntax changes - - - - contrib/tsearch2 now contains a compatibility - interface. - - - - - - ARRAY(SELECT ...), where the SELECT - returns no rows, now returns an empty array, rather than NULL - (Tom) - - - - - - The array type name for a base data type is no longer always the base - type's name with an underscore prefix - - - - The old naming convention is still honored when possible, but - application code should no longer depend on it. Instead - use the new pg_type.typarray column to - identify the array data type associated with a given type. - - - - - - ORDER BY ... USING operator must now - use a less-than or greater-than operator that is - defined in a btree operator class - - - - This restriction was added to prevent inconsistent results. - - - - - - SET LOCAL changes now persist until - the end of the outermost transaction, unless rolled back (Tom) - - - - Previously SET LOCAL's effects were lost - after subtransaction commit (RELEASE SAVEPOINT - or exit from a PL/pgSQL exception block). - - - - - - Commands rejected in transaction blocks are now also rejected in - multiple-statement query strings (Tom) - - - - For example, "BEGIN; DROP DATABASE; COMMIT" will now be - rejected even if submitted as a single query message. - - - - - - ROLLBACK outside a transaction block now - issues NOTICE instead of WARNING (Bruce) - - - - - - Prevent NOTIFY/LISTEN/UNLISTEN - from accepting schema-qualified names (Bruce) - - - - Formerly, these commands accepted schema.relation but - ignored the schema part, which was confusing. - - - - - - ALTER SEQUENCE no longer affects the sequence's - currval() state (Tom) - - - - - - Foreign keys now must match indexable conditions for - cross-data-type references (Tom) - - - - This improves semantic consistency and helps avoid - performance problems. - - - - - - Restrict object size functions to users who have reasonable - permissions to view such information (Tom) - - - - For example, pg_database_size() now requires - CONNECT permission, which is granted to everyone by - default. pg_tablespace_size() requires - CREATE permission in the tablespace, or is allowed if - the tablespace is the default tablespace for the database. - - - - - - Remove the undocumented !!= (not in) operator (Tom) - - - - NOT IN (SELECT ...) is the proper way to - perform this operation. - - - - - - Internal hashing functions are now more uniformly-distributed (Tom) - - - - If application code was computing and storing hash values using - internal PostgreSQL hashing functions, the hash - values must be regenerated. - - - - - - C-code conventions for handling variable-length data values - have changed (Greg Stark, Tom) - - - - The new SET_VARSIZE() macro must be used - to set the length of generated varlena values. Also, it - might be necessary to expand (de-TOAST) input values - in more cases. - - - - - - Continuous archiving no longer reports each successful archive - operation to the server logs unless DEBUG level is used - (Simon) - - - - - - - - - Configuration Parameters - - - - - - Numerous changes in administrative server parameters - - - - bgwriter_lru_percent, - bgwriter_all_percent, - bgwriter_all_maxpages, - stats_start_collector, and - stats_reset_on_server_start are removed. - redirect_stderr is renamed to - logging_collector. - stats_command_string is renamed to - track_activities. - stats_block_level and stats_row_level - are merged into track_counts. - A new boolean configuration parameter, archive_mode, - controls archiving. Autovacuum's default settings have changed. - - - - - - Remove stats_start_collector parameter (Tom) - - - - We now always start the collector process, unless UDP - socket creation fails. - - - - - - Remove stats_reset_on_server_start parameter (Tom) - - - - This was removed because pg_stat_reset() - can be used for this purpose. - - - - - - Commenting out a parameter in postgresql.conf now - causes it to revert to its default value (Joachim Wieland) - - - - Previously, commenting out an entry left the parameter's value unchanged - until the next server restart. - - - - - - - - - - Character Encodings - - - - - - Add more checks for invalidly-encoded data (Andrew) - - - - This change plugs some holes that existed in literal backslash - escape string processing and COPY escape - processing. Now the de-escaped string is rechecked to see if the - result created an invalid multi-byte character. - - - - - - Disallow database encodings that are inconsistent with the server's - locale setting (Tom) - - - - On most platforms, C locale is the only locale that - will work with any database encoding. Other locale settings imply - a specific encoding and will misbehave if the database encoding - is something different. (Typical symptoms include bogus textual - sort order and wrong results from upper() or - lower().) The server now rejects attempts to create - databases that have an incompatible encoding. - - - - - - Ensure that chr() cannot create - invalidly-encoded values (Andrew) - - - - In UTF8-encoded databases the argument of chr() is - now treated as a Unicode code point. In other multi-byte encodings - chr()'s argument must designate a 7-bit ASCII - character. Zero is no longer accepted. - ascii() has been adjusted to match. - - - - - - Adjust convert() behavior to ensure encoding - validity (Andrew) - - - - The two argument form of convert() has been - removed. The three argument form now takes a bytea - first argument and returns a bytea. To cover the - loss of functionality, three new functions have been added: - - - - - - convert_from(bytea, name) returns - text — converts the first argument from the named - encoding to the database encoding - - - - - - convert_to(text, name) returns - bytea — converts the first argument from the - database encoding to the named encoding - - - - - - length(bytea, name) returns - integer — gives the length of the first - argument in characters in the named encoding - - - - - - - - Remove convert(argument USING conversion_name) - (Andrew) - - - - Its behavior did not match the SQL standard. - - - - - - Make JOHAB encoding client-only (Tatsuo) - - - - JOHAB is not safe as a server-side encoding. - - - - - - - - - - - Changes - - - Below you will find a detailed account of the - changes between PostgreSQL 8.3 and - the previous major release. - - - - Performance - - - - - Asynchronous commit delays writes to WAL during transaction commit - (Simon) - - - - This feature dramatically increases performance for short data-modifying - transactions. The disadvantage is that because disk writes are delayed, - if the database or operating system crashes before data is written to - the disk, committed data will be lost. This feature is useful for - applications that can accept some data loss. Unlike turning off - fsync, using asynchronous commit does not put - database consistency at risk; the worst case is that after a crash the - last few reportedly-committed transactions might not be committed after - all. - This feature is enabled by turning off synchronous_commit - (which can be done per-session or per-transaction, if some transactions - are critical and others are not). - wal_writer_delay can be adjusted to control the maximum - delay before transactions actually reach disk. - - - - - - Checkpoint writes can be spread over a longer time period to smooth - the I/O spike during each checkpoint (Itagaki Takahiro and Heikki - Linnakangas) - - - - Previously all modified buffers were forced to disk as quickly as - possible during a - checkpoint, causing an I/O spike that decreased server performance. - This new approach spreads out disk writes during checkpoints, - reducing peak I/O usage. (User-requested and shutdown checkpoints - are still written as quickly as possible.) - - - - - - Heap-Only Tuples (HOT) accelerate space reuse for most - UPDATEs and DELETEs (Pavan Deolasee, with - ideas from many others) - - - - UPDATEs and DELETEs leave dead tuples - behind, as do failed INSERTs. Previously only - VACUUM could reclaim space taken by dead tuples. With - HOT dead tuple space can be automatically reclaimed at - the time of INSERT or UPDATE if no changes - are made to indexed columns. This allows for more consistent - performance. Also, HOT avoids adding duplicate index - entries. - - - - - - Just-in-time background writer strategy improves disk write - efficiency (Greg Smith, Itagaki Takahiro) - - - - This greatly reduces the need for manual tuning of the background - writer. - - - - - - Per-field and per-row storage overhead have been reduced - (Greg Stark, Heikki Linnakangas) - - - - Variable-length data types with data values less than 128 bytes long - will see a storage decrease of 3 to 6 bytes. For example, two adjacent - char(1) fields now use 4 bytes instead of 16. Row headers - are also 4 bytes shorter than before. - - - - - - Using non-persistent transaction IDs for read-only transactions - reduces overhead and VACUUM requirements (Florian Pflug) - - - - Non-persistent transaction IDs do not increment the global - transaction counter. Therefore, they reduce the load on - pg_clog and increase the time between forced - vacuums to prevent transaction ID wraparound. - Other performance - improvements were also made that should improve concurrency. - - - - - - Avoid incrementing the command counter after a read-only command (Tom) - - - - There was formerly a hard limit of 232 - (4 billion) commands per transaction. Now only commands that - actually changed the database count, so while this limit still - exists, it should be significantly less annoying. - - - - - - Create a dedicated WAL writer process to off-load - work from backends (Simon) - - - - - - Skip unnecessary WAL writes for CLUSTER and - COPY (Simon) - - - - Unless WAL archiving is enabled, the system now avoids WAL writes - for CLUSTER and just fsync()s the - table at the end of the command. It also does the same for - COPY if the table was created in the same - transaction. - - - - - - Large sequential scans no longer force out frequently used - cached pages (Simon, Heikki, Tom) - - - - - - Concurrent large sequential scans can now share disk reads (Jeff Davis) - - - - This is accomplished by starting the new sequential scan in the - middle of the table (where another sequential scan is already - in-progress) and wrapping around to the beginning to finish. This - can affect the order of returned rows in a query that does not - specify ORDER BY. The synchronize_seqscans - configuration parameter can be used to disable this if necessary. - - - - - - ORDER BY ... LIMIT can be done without sorting - (Greg Stark) - - - - This is done by sequentially scanning the table and tracking just - the top N candidate rows, rather than performing a - full sort of the entire table. This is useful when there is no - matching index and the LIMIT is not large. - - - - - - Put a rate limit on messages sent to the statistics - collector by backends - (Tom) - - - - This reduces overhead for short transactions, but might sometimes - increase the delay before statistics are tallied. - - - - - - Improve hash join performance for cases with many NULLs (Tom) - - - - - - Speed up operator lookup for cases with non-exact datatype matches (Tom) - - - - - - - - - Server - - - - - Autovacuum is now enabled by default (Alvaro) - - - - Several changes were made to eliminate disadvantages of having - autovacuum enabled, thereby justifying the change in default. - Several other autovacuum parameter defaults were also modified. - - - - - - Support multiple concurrent autovacuum processes (Alvaro, Itagaki - Takahiro) - - - - This allows multiple vacuums to run concurrently. This prevents - vacuuming of a large table from delaying vacuuming of smaller tables. - - - - - - Automatically re-plan cached queries when table - definitions change or statistics are updated (Tom) - - - - Previously PL/pgSQL functions that referenced temporary tables - would fail if the temporary table was dropped and recreated - between function invocations, unless EXECUTE was - used. This improvement fixes that problem and many related issues. - - - - - - Add a temp_tablespaces parameter to control - the tablespaces for temporary tables and files (Jaime Casanova, - Albert Cervera, Bernd Helmle) - - - - This parameter defines a list of tablespaces to be used. This - enables spreading the I/O load across multiple tablespaces. A random - tablespace is chosen each time a temporary object is created. - Temporary files are no longer stored in per-database - pgsql_tmp/ directories but in per-tablespace - directories. - - - - - - Place temporary tables' TOAST tables in special schemas named - pg_toast_temp_nnn (Tom) - - - - This allows low-level code to recognize these tables as temporary, - which enables various optimizations such as not WAL-logging changes - and using local rather than shared buffers for access. This also - fixes a bug wherein backends unexpectedly held open file references - to temporary TOAST tables. - - - - - - Fix problem that a constant flow of new connection requests could - indefinitely delay the postmaster from completing a shutdown or - a crash restart (Tom) - - - - - - Guard against a very-low-probability data loss scenario by preventing - re-use of a deleted table's relfilenode until after the next - checkpoint (Heikki) - - - - - - Fix CREATE CONSTRAINT TRIGGER - to convert old-style foreign key trigger definitions into regular - foreign key constraints (Tom) - - - - This will ease porting of foreign key constraints carried forward from - pre-7.3 databases, if they were never converted using - contrib/adddepend. - - - - - - Fix DEFAULT NULL to override inherited defaults (Tom) - - - - DEFAULT NULL was formerly considered a noise phrase, but it - should (and now does) override non-null defaults that would otherwise - be inherited from a parent table or domain. - - - - - - Add new encodings EUC_JIS_2004 and SHIFT_JIS_2004 (Tatsuo) - - - - These new encodings can be converted to and from UTF-8. - - - - - - Change server startup log message from database system is - ready to database system is ready to accept - connections, and adjust its timing - - - - The message now appears only when the postmaster is really ready - to accept connections. - - - - - - - - - Monitoring - - - - - Add log_autovacuum_min_duration parameter to - support configurable logging of autovacuum activity (Simon, Alvaro) - - - - - - Add log_lock_waits parameter to log lock waiting - (Simon) - - - - - - Add log_temp_files parameter to log temporary - file usage (Bill Moran) - - - - - - Add log_checkpoints parameter to improve logging - of checkpoints (Greg Smith, Heikki) - - - - - - log_line_prefix now supports - %s and %c escapes in all - processes (Andrew) - - - - Previously these escapes worked only for user sessions, not for - background database processes. - - - - - - Add log_restartpoints to control logging of - point-in-time recovery restart points (Simon) - - - - - - Last transaction end time is now logged at end of recovery and at - each logged restart point (Simon) - - - - - - Autovacuum now reports its activity start time in - pg_stat_activity (Tom) - - - - - - Allow server log output in comma-separated value (CSV) format (Arul - Shaji, Greg Smith, Andrew Dunstan) - - - - CSV-format log files can easily be loaded into a database table for - subsequent analysis. - - - - - - Use PostgreSQL-supplied timezone support for formatting timestamps - displayed in the server log (Tom) - - - - This avoids Windows-specific problems with localized time zone - names that are in the wrong encoding. There is a new - log_timezone parameter that controls the timezone - used in log messages, independently of the client-visible - timezone parameter. - - - - - - New system view pg_stat_bgwriter displays - statistics about background writer activity (Magnus) - - - - - - Add new columns for database-wide tuple statistics to - pg_stat_database (Magnus) - - - - - - Add an xact_start (transaction start time) column to - pg_stat_activity (Neil) - - - - This makes it easier to identify long-running transactions. - - - - - - Add n_live_tuples and n_dead_tuples columns - to pg_stat_all_tables and related views (Glen - Parker) - - - - - - Merge stats_block_level and stats_row_level - parameters into a single parameter track_counts, which - controls all messages sent to the statistics collector process - (Tom) - - - - - - Rename stats_command_string parameter to - track_activities (Tom) - - - - - - Fix statistical counting of live and dead tuples to recognize that - committed and aborted transactions have different effects (Tom) - - - - - - - - - Authentication - - - - - Support Security Service Provider Interface (SSPI) for - authentication on Windows (Magnus) - - - - - - Support GSSAPI authentication (Henry Hotz, Magnus) - - - - This should be preferred to native Kerberos authentication because - GSSAPI is an industry standard. - - - - - - Support a global SSL configuration file (Victor Wagner) - - - - - - Add ssl_ciphers parameter to control accepted SSL ciphers - (Victor Wagner) - - - - - - Add a Kerberos realm parameter, krb_realm (Magnus) - - - - - - - - - Write-Ahead Log (<acronym>WAL</>) and Continuous Archiving - - - - - Change the timestamps recorded in transaction WAL records from - time_t to TimestampTz representation (Tom) - - - - This provides sub-second resolution in WAL, which can be useful for - point-in-time recovery. - - - - - - Reduce WAL disk space needed by warm standby servers (Simon) - - - - This change allows a warm standby server to pass the name of the earliest - still-needed WAL file to the recovery script, allowing automatic removal - of no-longer-needed WAL files. This is done using %r in - the restore_command parameter of - recovery.conf. - - - - - - New boolean configuration parameter, archive_mode, - controls archiving (Simon) - - - - Previously setting archive_command to an empty string - turned off archiving. Now archive_mode turns archiving - on and off, independently of archive_command. This is - useful for stopping archiving temporarily. - - - - - - - - - Queries - - - - - Full text search is integrated into the core database - system (Teodor, Oleg) - - - - Text search has been improved, moved into the core code, and is now - installed by default. contrib/tsearch2 now contains - a compatibility interface. - - - - - - Add control over whether NULLs sort first or last (Teodor, Tom) - - - - The syntax is ORDER BY ... NULLS FIRST/LAST. - - - - - - Allow per-column ascending/descending (ASC/DESC) - ordering options for indexes (Teodor, Tom) - - - - Previously a query using ORDER BY with mixed - ASC/DESC specifiers could not fully use - an index. Now an index can be fully used in such cases if the - index was created with matching - ASC/DESC specifications. - NULL sort order within an index can be controlled, too. - - - - - - Allow col IS NULL to use an index (Teodor) - - - - - - Updatable cursors (Arul Shaji, Tom) - - - - This eliminates the need to reference a primary key to - UPDATE or DELETE rows returned by a cursor. - The syntax is UPDATE/DELETE WHERE CURRENT OF. - - - - - - Allow FOR UPDATE in cursors (Arul Shaji, Tom) - - - - - - Create a general mechanism that supports casts to and from the - standard string types (TEXT, VARCHAR, - CHAR) for every datatype, by - invoking the datatype's I/O functions (Tom) - - - - Previously, such casts were available only for types that had - specialized function(s) for the purpose. - These new casts are assignment-only in the to-string direction, - explicit-only in the other direction, and therefore should create no - surprising behavior. - - - - - - Allow UNION and related constructs to return a domain - type, when all inputs are of that domain type (Tom) - - - - Formerly, the output would be considered to be of the domain's base - type. - - - - - - Allow limited hashing when using two different data types (Tom) - - - - This allows hash joins, hash indexes, hashed subplans, and hash - aggregation to be used in situations involving cross-data-type - comparisons, if the data types have compatible hash functions. - Currently, cross-data-type hashing support exists for - smallint/integer/bigint, - and for float4/float8. - - - - - - Improve optimizer logic for detecting when variables are equal - in a WHERE clause (Tom) - - - - This allows mergejoins to work with descending sort orders, and - improves recognition of redundant sort columns. - - - - - - Improve performance when planning large inheritance trees in - cases where most tables are excluded by constraints (Tom) - - - - - - - - - Object Manipulation - - - - - - Arrays of composite types (David Fetter, Andrew, Tom) - - - - In addition to arrays of explicitly-declared composite types, - arrays of the rowtypes of regular tables and views are now - supported, except for rowtypes of system catalogs, sequences, and TOAST - tables. - - - - - - - Server configuration parameters can now be set on a per-function - basis (Tom) - - - - For example, functions can now set their own - search_path to prevent unexpected behavior if a - different search_path exists at run-time. Security - definer functions should set search_path to - avoid security loopholes. - - - - - - CREATE/ALTER FUNCTION now supports - COST and ROWS options (Tom) - - - - COST allows specification of the cost of a - function call. ROWS allows specification of - the average number or rows returned by a set-returning function. - These values are used by the optimizer in choosing the best plan. - - - - - - Implement CREATE TABLE LIKE ... INCLUDING - INDEXES (Trevor Hardcastle, Nikhil Sontakke, Neil) - - - - - - Allow CREATE INDEX CONCURRENTLY to ignore - transactions in other databases (Simon) - - - - - - Add ALTER VIEW ... RENAME TO and ALTER - SEQUENCE ... RENAME TO (David Fetter, Neil) - - - - Previously this could only be done via ALTER TABLE ... - RENAME TO. - - - - - - Make CREATE/DROP/RENAME DATABASE wait briefly for - conflicting backends to exit before failing (Tom) - - - - This increases the likelihood that these commands will succeed. - - - - - - Allow triggers and rules to be deactivated in groups using a - configuration parameter, for replication purposes (Jan) - - - - This allows replication systems to disable triggers and rewrite - rules as a group without modifying the system catalogs directly. - The behavior is controlled by ALTER TABLE and a new - parameter session_replication_role. - - - - - - User-defined types can now have type modifiers (Teodor, Tom) - - - - This allows a user-defined type to take a modifier, like - ssnum(7). Previously only built-in - data types could have modifiers. - - - - - - - - - Utility Commands - - - - - Non-superuser database owners now are able to add trusted procedural - languages to their databases by default (Jeremy Drake) - - - - While this is reasonably safe, some administrators might wish to - revoke the privilege. It is controlled by - pg_pltemplate.tmpldbacreate. - - - - - - Allow a session's current parameter setting to be used as the - default for future sessions (Tom) - - - - This is done with SET ... FROM CURRENT in - CREATE/ALTER FUNCTION, ALTER - DATABASE, or ALTER ROLE. - - - - - - Implement new commands DISCARD ALL, - DISCARD PLANS, DISCARD - TEMPORARY, CLOSE ALL, and - DEALLOCATE ALL (Marko Kreen, Neil) - - - - These commands simplify resetting a database session to its initial - state, and are particularly useful for connection-pooling software. - - - - - - Make CLUSTER MVCC-safe (Heikki Linnakangas) - - - - Formerly, CLUSTER would discard all tuples - that were committed dead, even if there were still transactions - that should be able to see them under MVCC visibility rules. - - - - - - Add new CLUSTER syntax: CLUSTER - table USING index - (Holger Schurig) - - - - The old CLUSTER syntax is still supported, but - the new form is considered more logical. - - - - - - Fix EXPLAIN so it can show complex plans - more accurately (Tom) - - - - References to subplan outputs are now always shown correctly, - instead of using ?columnN? - for complicated cases. - - - - - - Limit the amount of information reported when a user is dropped - (Alvaro) - - - - Previously, dropping (or attempting to drop) a user who owned many - objects could result in large NOTICE or - ERROR messages listing all these objects; this - caused problems for some client applications. The length of the - message is now limited, although a full list is still sent to the - server log. - - - - - - - - - Data Types - - - - - Support for the SQL/XML standard, including new operators and an - XML data type (Nikolay Samokhvalov, Pavel Stehule, Peter) - - - - - - Enumerated data types (ENUM) (Tom Dunstan) - - - - This feature provides convenient support for fields that have a - small, fixed set of allowed values. An example of creating an - ENUM type is - CREATE TYPE mood AS ENUM ('sad', 'ok', 'happy'). - - - - - - Universally Unique Identifier (UUID) data type (Gevik - Babakhani, Neil) - - - - This closely matches RFC 4122. - - - - - - Widen the MONEY data type to 64 bits (D'Arcy Cain) - - - - This greatly increases the range of supported MONEY - values. - - - - - - Fix float4/float8 to handle - Infinity and NAN (Not A Number) - consistently (Bruce) - - - - The code formerly was not consistent about distinguishing - Infinity from overflow conditions. - - - - - - Allow leading and trailing whitespace during input of - boolean values (Neil) - - - - - - Prevent COPY from using digits and lowercase letters as - delimiters (Tom) - - - - - - - - - Functions - - - - - Add new regular expression functions - regexp_matches(), - regexp_split_to_array(), and - regexp_split_to_table() (Jeremy Drake, Neil) - - - - These functions provide extraction of regular expression - subexpressions and allow splitting a string using a POSIX regular - expression. - - - - - - Add lo_truncate() for large object truncation - (Kris Jurka) - - - - - - Implement width_bucket() for the float8 - data type (Neil) - - - - - - Add pg_stat_clear_snapshot() to discard - statistics snapshots collected during the current transaction - (Tom) - - - - The first request for statistics in a transaction takes a statistics - snapshot that does not change during the transaction. This function - allows the snapshot to be discarded and a new snapshot loaded during - the next statistics query. This is particularly useful for PL/pgSQL - functions, which are confined to a single transaction. - - - - - - Add isodow option to EXTRACT() and - date_part() (Bruce) - - - - This returns the day of the week, with Sunday as seven. - (dow returns Sunday as zero.) - - - - - - Add ID (ISO day of week) and IDDD (ISO - day of year) format codes for to_char(), - to_date(), and to_timestamp() (Brendan - Jurd) - - - - - - Make to_timestamp() and to_date() - assume TM (trim) option for potentially - variable-width fields (Bruce) - - - - This matches Oracle's behavior. - - - - - - Fix off-by-one conversion error in - to_date()/to_timestamp() - D (non-ISO day of week) fields (Bruce) - - - - - - Make setseed() return void, rather than a - useless integer value (Neil) - - - - - - Add a hash function for NUMERIC (Neil) - - - - This allows hash indexes and hash-based plans to be used with - NUMERIC columns. - - - - - - Improve efficiency of - LIKE/ILIKE, especially for - multi-byte character sets like UTF-8 (Andrew, Itagaki Takahiro) - - - - - - Make currtid() functions require - SELECT privileges on the target table (Tom) - - - - - - Add several txid_*() functions to query - active transaction IDs (Jan) - - - - This is useful for various replication solutions. - - - - - - - - - PL/pgSQL Server-Side Language - - - - - Add scrollable cursor support, including directional control in - FETCH (Pavel Stehule) - - - - - - Allow IN as an alternative to - FROM in PL/pgSQL's FETCH - statement, for consistency with the backend's - FETCH command (Pavel Stehule) - - - - - - Add MOVE to PL/pgSQL (Magnus, Pavel Stehule, - Neil) - - - - - - Implement RETURN QUERY (Pavel Stehule, Neil) - - - - This adds convenient syntax for PL/pgSQL set-returning functions - that want to return the result of a query. RETURN QUERY - is easier and more efficient than a loop - around RETURN NEXT. - - - - - - Allow function parameter names to be qualified with the - function's name (Tom) - - - - For example, myfunc.myvar. This is particularly - useful for specifying variables in a query where the variable - name might match a column name. - - - - - - Make qualification of variables with block labels work properly (Tom) - - - - Formerly, outer-level block labels could unexpectedly interfere with - recognition of inner-level record or row references. - - - - - - Tighten requirements for FOR loop - STEP values (Tom) - - - - Prevent non-positive STEP values, and handle - loop overflows. - - - - - - Improve accuracy when reporting syntax error locations (Tom) - - - - - - - - - Other Server-Side Languages - - - - - Allow type-name arguments to PL/Perl - spi_prepare() to be data type aliases in - addition to names found in pg_type (Andrew) - - - - - - Allow type-name arguments to PL/Python - plpy.prepare() to be data type aliases in - addition to names found in pg_type (Andrew) - - - - - - Allow type-name arguments to PL/Tcl spi_prepare to - be data type aliases in addition to names found in - pg_type (Andrew) - - - - - - Enable PL/PythonU to compile on Python 2.5 (Marko Kreen) - - - - - - Support a true PL/Python boolean type in compatible Python versions - (Python 2.3 and later) (Marko Kreen) - - - - - - Fix PL/Tcl problems with thread-enabled libtcl spawning - multiple threads within the backend (Steve Marshall, Paul Bayer, - Doug Knight) - - - - This caused all sorts of unpleasantness. - - - - - - - - - <link linkend="APP-PSQL"><application>psql</></link> - - - - - List disabled triggers separately in \d output - (Brendan Jurd) - - - - - - In \d patterns, always match $ - literally (Tom) - - - - - - Show aggregate return types in \da output - (Greg Sabino Mullane) - - - - - - Add the function's volatility status to the output of - \df+ (Neil) - - - - - - Add \prompt capability (Chad Wagner) - - - - - - Allow \pset, \t, and - \x to specify on or off, - rather than just toggling (Chad Wagner) - - - - - - Add \sleep capability (Jan) - - - - - - Enable \timing output for \copy (Andrew) - - - - - - Improve \timing resolution on Windows - (Itagaki Takahiro) - - - - - - Flush \o output after each backslash command (Tom) - - - - - - Correctly detect and report errors while reading a -f - input file (Peter) - - - - - - Remove -u option (this option has long been deprecated) - (Tom) - - - - - - - - - <link linkend="APP-PGDUMP"><application>pg_dump</></link> - - - - - Add --tablespaces-only and --roles-only - options to pg_dumpall (Dave Page) - - - - - - Add an output file option to - pg_dumpall (Dave Page) - - - - This is primarily useful on Windows, where output redirection of - child pg_dump processes does not work. - - - - - - Allow pg_dumpall to accept an initial-connection - database name rather than the default - template1 (Dave Page) - - - - - - In -n and -t switches, always match - $ literally (Tom) - - - - - - Improve performance when a database has thousands of objects (Tom) - - - - - - Remove -u option (this option has long been deprecated) - (Tom) - - - - - - - - - Other Client Applications - - - - - In initdb, allow the location of the - pg_xlog directory to be specified - (Euler Taveira de Oliveira) - - - - - - Enable server core dump generation in pg_regress - on supported operating systems (Andrew) - - - - - - Add a -t (timeout) parameter to pg_ctl - (Bruce) - - - - This controls how long pg_ctl will wait when waiting - for server startup or shutdown. Formerly the timeout was hard-wired - as 60 seconds. - - - - - - Add a pg_ctl option to control generation - of server core dumps (Andrew) - - - - - - Allow Control-C to cancel clusterdb, - reindexdb, and vacuumdb (Itagaki - Takahiro, Magnus) - - - - - - Suppress command tag output for createdb, - createuser, dropdb, and - dropuser (Peter) - - - - The --quiet option is ignored and will be removed in 8.4. - Progress messages when acting on all databases now go to stdout - instead of stderr because they are not actually errors. - - - - - - - - - <link linkend="libpq"><application>libpq</></link> - - - - - Interpret the dbName parameter of - PQsetdbLogin() as a conninfo string if - it contains an equals sign (Andrew) - - - - This allows use of conninfo strings in client - programs that still use PQsetdbLogin(). - - - - - - Support a global SSL configuration file (Victor - Wagner) - - - - - - Add environment variable PGSSLKEY to control - SSL hardware keys (Victor Wagner) - - - - - - Add lo_truncate() for large object - truncation (Kris Jurka) - - - - - - Add PQconnectionNeedsPassword() that returns - true if the server required a password but none was supplied - (Joe Conway, Tom) - - - - If this returns true after a failed connection attempt, a client - application should prompt the user for a password. In the past - applications have had to check for a specific error message string to - decide whether a password is needed; that approach is now - deprecated. - - - - - - Add PQconnectionUsedPassword() that returns - true if the supplied password was actually used - (Joe Conway, Tom) - - - - This is useful in some security contexts where it is important - to know whether a user-supplied password is actually valid. - - - - - - - - - <link linkend="ecpg"><application>ecpg</></link> - - - - - Use V3 frontend/backend protocol (Michael) - - - - This adds support for server-side prepared statements. - - - - - - Use native threads, instead of pthreads, on Windows (Magnus) - - - - - - Improve thread-safety of ecpglib (Itagaki Takahiro) - - - - - - Make the ecpg libraries export only necessary API symbols (Michael) - - - - - - - - - <application>Windows</> Port - - - - - Allow the whole PostgreSQL distribution to be compiled - with Microsoft Visual C++ (Magnus and others) - - - - This allows Windows-based developers to use familiar development - and debugging tools. - Windows executables made with Visual C++ might also have better - stability and performance than those made with other tool sets. - The client-only Visual C++ build scripts have been removed. - - - - - - Drastically reduce postmaster's memory usage when it has many child - processes (Magnus) - - - - - - Allow regression tests to be started by an administrative - user (Magnus) - - - - - - Add native shared memory implementation (Magnus) - - - - - - - - - Server Programming Interface (<acronym>SPI</>) - - - - - Add cursor-related functionality in SPI (Pavel Stehule) - - - - Allow access to the cursor-related planning options, and add - FETCH/MOVE routines. - - - - - - Allow execution of cursor commands through - SPI_execute (Tom) - - - - The macro SPI_ERROR_CURSOR still exists but will - never be returned. - - - - - - SPI plan pointers are now declared as SPIPlanPtr instead of - void * (Tom) - - - - This does not break application code, but switching is - recommended to help catch simple programming mistakes. - - - - - - - - - Build Options - - - - - Add configure option --enable-profiling - to enable code profiling (works only with gcc) - (Korry Douglas and Nikhil Sontakke) - - - - - - Add configure option --with-system-tzdata - to use the operating system's time zone database (Peter) - - - - - - Fix PGXS so extensions can be built against PostgreSQL - installations whose pg_config program does not - appear first in the PATH (Tom) - - - - - - Support gmake draft when building the - SGML documentation (Bruce) - - - - Unless draft is used, the documentation build will - now be repeated if necessary to ensure the index is up-to-date. - - - - - - - - - Source Code - - - - - Rename macro DLLIMPORT to PGDLLIMPORT to - avoid conflicting with third party includes (like Tcl) that - define DLLIMPORT (Magnus) - - - - - - Create operator families to improve planning of - queries involving cross-data-type comparisons (Tom) - - - - - - Update GIN extractQuery() API to allow signalling - that nothing can satisfy the query (Teodor) - - - - - - Move NAMEDATALEN definition from - postgres_ext.h to pg_config_manual.h - (Peter) - - - - - - Provide strlcpy() and - strlcat() on all platforms, and replace - error-prone uses of strncpy(), - strncat(), etc (Peter) - - - - - - Create hooks to let an external plugin monitor (or even replace) the - planner and create plans for hypothetical situations (Gurjeet - Singh, Tom) - - - - - - Create a function variable join_search_hook to let plugins - override the join search order portion of the planner (Julius - Stroffek) - - - - - - Add tas() support for Renesas' M32R processor - (Kazuhiro Inaoka) - - - - - - quote_identifier() and - pg_dump no longer quote keywords that are - unreserved according to the grammar (Tom) - - - - - - Change the on-disk representation of the NUMERIC - data type so that the sign_dscale word comes - before the weight (Tom) - - - - - - Use SYSV semaphores rather than POSIX on Darwin - >= 6.0, i.e., OS X 10.2 and up (Chris Marcellino) - - - - - - Add acronym and NFS documentation - sections (Bruce) - - - - - - "Postgres" is now documented as an accepted alias for - "PostgreSQL" (Peter) - - - - - - Add documentation about preventing database server spoofing when - the server is down (Bruce) - - - - - - - - - Contrib - - - - - Move contrib README content into the - main PostgreSQL documentation (Albert Cervera i - Areny) - - - - - - Add contrib/pageinspect module for low-level - page inspection (Simon, Heikki) - - - - - - Add contrib/pg_standby module for controlling - warm standby operation (Simon) - - - - - - Add contrib/uuid-ossp module for generating - UUID values using the OSSP UUID library (Peter) - - - - Use configure - --with-ossp-uuid to activate. This takes - advantage of the new UUID builtin type. - - - - - - Add contrib/dict_int, - contrib/dict_xsyn, and - contrib/test_parser modules to provide - sample add-on text search dictionary templates and parsers - (Sergey Karpov) - - - - - - Allow contrib/pgbench to set the fillfactor (Pavan - Deolasee) - - - - - - Add timestamps to contrib/pgbench -l - (Greg Smith) - - - - - - Add usage count statistics to - contrib/pgbuffercache (Greg Smith) - - - - - - Add GIN support for contrib/hstore (Teodor) - - - - - - Add GIN support for contrib/pg_trgm (Guillaume Smet, Teodor) - - - - - - Update OS/X startup scripts in - contrib/start-scripts (Mark Cotner, David - Fetter) - - - - - - Restrict pgrowlocks() and - dblink_get_pkey() to users who have - SELECT privilege on the target table (Tom) - - - - - - Restrict contrib/pgstattuple functions to - superusers (Tom) - - - - - - contrib/xml2 is deprecated and planned for - removal in 8.4 (Peter) - - - - The new XML support in core PostgreSQL supersedes this module. - - - - - - - - diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml deleted file mode 100644 index ac5a92f5a7..0000000000 --- a/doc/src/sgml/release-8.4.sgml +++ /dev/null @@ -1,10080 +0,0 @@ - - - - - Release 8.4.22 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 8.4.21. - For information about new features in the 8.4 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 8.4.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 8.4.22 - - - A dump/restore is not required for those running 8.4.X. - - - - However, this release corrects an index corruption problem in some GiST - indexes. See the first changelog entry below to find out whether your - installation has been affected and what steps you should take if so. - - - - Also, if you are upgrading from a version earlier than 8.4.19, - see . - - - - - - Changes - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - Fix linking of libpython on OS X (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 8.4.21 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 8.4.20. - For information about new features in the 8.4 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.4.X release series in July 2014. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.4.21 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.19, - see . - - - - - - Changes - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 8.4.20 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 8.4.19. - For information about new features in the 8.4 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 8.4.X release series in July 2014. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 8.4.20 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.19, - see . - - - - - - Changes - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 8.4.19 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 8.4.18. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.19 - - - A dump/restore is not required for those running 8.4.X. - - - - However, this release corrects a potential data corruption - issue. See the first changelog entry below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 8.4.17, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. Users - upgrading from release 8.4.8 or earlier are not affected, but all later - versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 8.4.18 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 8.4.17. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.18 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.17, - see . - - - - - - Changes - - - - - - Prevent corruption of multi-byte characters when attempting to - case-fold identifiers (Andrew Dunstan) - - - - PostgreSQL case-folds non-ASCII characters only - when using a single-byte server encoding. - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Fix memory overcommit bug when work_mem is using more - than 24GB of memory (Stephen Frost) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Properly compute row estimates for boolean columns containing many NULL - values (Andrew Gierth) - - - - Previously tests like col IS NOT TRUE and col IS - NOT FALSE did not properly factor in NULL values when estimating - plan costs. - - - - - - Prevent pushing down WHERE clauses into unsafe - UNION/INTERSECT subqueries (Tom Lane) - - - - Subqueries of a UNION or INTERSECT that - contain set-returning functions or volatile functions in their - SELECT lists could be improperly optimized, leading to - run-time errors or incorrect query results. - - - - - - Fix rare case of failed to locate grouping columns - planner failure (Tom Lane) - - - - - - Improve view dumping code's handling of dropped columns in referenced - tables (Tom Lane) - - - - - - Fix possible deadlock during concurrent CREATE INDEX - CONCURRENTLY operations (Tom Lane) - - - - - - Fix regexp_matches() handling of zero-length matches - (Jeevan Chalke) - - - - Previously, zero-length matches like '^' could return too many matches. - - - - - - Fix crash for overly-complex regular expressions (Heikki Linnakangas) - - - - - - Fix regular expression match failures for back references combined with - non-greedy quantifiers (Jeevan Chalke) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Fix pgp_pub_decrypt() so it works for secret keys with - passwords (Marko Kreen) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - Avoid possible failure when performing transaction control commands (e.g - ROLLBACK) in prepared queries (Tom Lane) - - - - - - Ensure that floating-point data input accepts standard spellings - of infinity on all platforms (Tom Lane) - - - - The C99 standard says that allowable spellings are inf, - +inf, -inf, infinity, - +infinity, and -infinity. Make sure we - recognize these even if the platform's strtod function - doesn't. - - - - - - Expand ability to compare rows to records and arrays (Rafal Rzepecki, - Tom Lane) - - - - - - Update time zone data files to tzdata release 2013d - for DST law changes in Israel, Morocco, Palestine, and Paraguay. - Also, historical zone data corrections for Macquarie Island. - - - - - - - - - - Release 8.4.17 - - - Release date: - 2013-04-04 - - - - This release contains a variety of fixes from 8.4.16. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.17 - - - A dump/restore is not required for those running 8.4.X. - - - - However, this release corrects several errors in management of GiST - indexes. After installing this update, it is advisable to - REINDEX any GiST indexes that meet one or more of the - conditions described below. - - - - Also, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Reset OpenSSL randomness state in each postmaster child process - (Marko Kreen) - - - - This avoids a scenario wherein random numbers generated by - contrib/pgcrypto functions might be relatively easy for - another database user to guess. The risk is only significant when - the postmaster is configured with ssl = on - but most connections don't use SSL encryption. (CVE-2013-1900) - - - - - - Fix GiST indexes to not use fuzzy geometric comparisons when - it's not appropriate to do so (Alexander Korotkov) - - - - The core geometric types perform comparisons using fuzzy - equality, but gist_box_same must do exact comparisons, - else GiST indexes using it might become inconsistent. After installing - this update, users should REINDEX any GiST indexes on - box, polygon, circle, or point - columns, since all of these use gist_box_same. - - - - - - Fix erroneous range-union and penalty logic in GiST indexes that use - contrib/btree_gist for variable-width data types, that is - text, bytea, bit, and numeric - columns (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in useless - index bloat. Users are advised to REINDEX such indexes - after installing this update. - - - - - - Fix bugs in GiST page splitting code for multi-column indexes - (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in indexes - that are unnecessarily inefficient to search. Users are advised to - REINDEX multi-column GiST indexes after installing this - update. - - - - - - Fix infinite-loop risk in regular expression compilation (Tom Lane, - Don Porter) - - - - - - Fix potential null-pointer dereference in regular expression compilation - (Tom Lane) - - - - - - Fix to_char() to use ASCII-only case-folding rules where - appropriate (Tom Lane) - - - - This fixes misbehavior of some template patterns that should be - locale-independent, but mishandled I and - i in Turkish locales. - - - - - - Fix unwanted rejection of timestamp 1999-12-31 24:00:00 - (Tom Lane) - - - - - - Remove useless picksplit doesn't support secondary split log - messages (Josh Hansen, Tom Lane) - - - - This message seems to have been added in expectation of code that was - never written, and probably never will be, since GiST's default - handling of secondary splits is actually pretty good. So stop nagging - end users about it. - - - - - - Fix possible failure to send a session's last few transaction - commit/abort counts to the statistics collector (Tom Lane) - - - - - - Eliminate memory leaks in PL/Perl's spi_prepare() function - (Alex Hunsaker, Tom Lane) - - - - - - Fix pg_dumpall to handle database names containing - = correctly (Heikki Linnakangas) - - - - - - Avoid crash in pg_dump when an incorrect connection - string is given (Heikki Linnakangas) - - - - - - Ignore invalid indexes in pg_dump (Michael Paquier) - - - - Dumping invalid indexes can cause problems at restore time, for example - if the reason the index creation failed was because it tried to enforce - a uniqueness condition not satisfied by the table's data. Also, if the - index creation is in fact still in progress, it seems reasonable to - consider it to be an uncommitted DDL change, which - pg_dump wouldn't be expected to dump anyway. - - - - - - Fix contrib/pg_trgm's similarity() function - to return zero for trigram-less strings (Tom Lane) - - - - Previously it returned NaN due to internal division by zero. - - - - - - Update time zone data files to tzdata release 2013b - for DST law changes in Chile, Haiti, Morocco, Paraguay, and some - Russian areas. Also, historical zone data corrections for numerous - places. - - - - Also, update the time zone abbreviation files for recent changes in - Russia and elsewhere: CHOT, GET, - IRKT, KGT, KRAT, MAGT, - MAWT, MSK, NOVT, OMST, - TKT, VLAT, WST, YAKT, - YEKT now follow their current meanings, and - VOLT (Europe/Volgograd) and MIST - (Antarctica/Macquarie) are added to the default abbreviations list. - - - - - - - - - - Release 8.4.16 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 8.4.15. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.16 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Update minimum recovery point when truncating a relation file (Heikki - Linnakangas) - - - - Once data has been discarded, it's no longer safe to stop recovery at - an earlier point in the timeline. - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Fix error in vacuum_freeze_table_age - implementation (Andres Freund) - - - - In installations that have existed for more than vacuum_freeze_min_age - transactions, this mistake prevented autovacuum from using partial-table - scans, so that a full-table scan would always happen instead. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Reject out-of-range dates in to_date() (Hitoshi Harada) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Make ecpglib use translated messages properly - (Chen Huajun) - - - - - - Properly install ecpg_compat and - pgtypes libraries on MSVC (Jiang Guiqing) - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 8.4.15 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 8.4.14. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.15 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE INDEX - CONCURRENTLY (Andres Freund, Tom Lane) - - - - Fix CREATE INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to the precheck logic for a foreign-key enforcement - trigger. That could result in a crash, or in an incorrect decision - about whether to fire the trigger. - - - - - - Fix ALTER COLUMN TYPE to handle inherited check - constraints properly (Pavan Deolasee) - - - - This worked correctly in pre-8.4 releases, and now works correctly - in 8.4 and later. - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - Fix race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 8.4.14 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 8.4.13. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.14 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Fix planner's assignment of executor parameters, and fix executor's - rescan logic for CTE plan nodes (Tom Lane) - - - - These errors could result in wrong answers from queries that scan the - same WITH subquery multiple times. - - - - - - Improve page-splitting decisions in GiST indexes (Alexander Korotkov, - Robert Haas, Tom Lane) - - - - Multi-column GiST indexes might suffer unexpected bloat due to this - error. - - - - - - Fix cascading privilege revoke to stop if privileges are still held - (Tom Lane) - - - - If we revoke a grant option from some role X, but - X still holds that option via a grant from someone - else, we should not recursively revoke the corresponding privilege - from role(s) Y that X had granted it - to. - - - - - - Fix handling of SIGFPE when PL/Perl is in use (Andres Freund) - - - - Perl resets the process's SIGFPE handler to - SIG_IGN, which could result in crashes later on. Restore - the normal Postgres signal handler after initializing PL/Perl. - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 8.4.13 - - - Release date: - 2012-08-17 - - - - This release contains a variety of fixes from 8.4.12. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.13 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Prevent access to external files/URLs via XML entity references - (Noah Misch, Tom Lane) - - - - xml_parse() would attempt to fetch external files or - URLs as needed to resolve DTD and entity references in an XML value, - thus allowing unprivileged database users to attempt to fetch data - with the privileges of the database server. While the external data - wouldn't get returned directly to the user, portions of it could be - exposed in error messages if the data didn't parse as valid XML; and - in any case the mere ability to check existence of a file might be - useful to an attacker. (CVE-2012-3489) - - - - - - Prevent access to external files/URLs via contrib/xml2's - xslt_process() (Peter Eisentraut) - - - - libxslt offers the ability to read and write both - files and URLs through stylesheet commands, thus allowing - unprivileged database users to both read and write data with the - privileges of the database server. Disable that through proper use - of libxslt's security options. (CVE-2012-3488) - - - - Also, remove xslt_process()'s ability to fetch documents - and stylesheets from external files/URLs. While this was a - documented feature, it was long regarded as a bad idea. - The fix for CVE-2012-3489 broke that capability, and rather than - expend effort on trying to fix it, we're just going to summarily - remove it. - - - - - - Prevent too-early recycling of btree index pages (Noah Misch) - - - - When we allowed read-only transactions to skip assigning XIDs, we - introduced the possibility that a deleted btree page could be - recycled while a read-only transaction was still in flight to it. - This would result in incorrect index search results. The probability - of such an error occurring in the field seems very low because of the - timing requirements, but nonetheless it should be fixed. - - - - - - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) - - - - If ALTER SEQUENCE was executed on a freshly created or - reset sequence, and then precisely one nextval() call - was made on it, and then the server crashed, WAL replay would restore - the sequence to a state in which it appeared that no - nextval() had been done, thus allowing the first - sequence value to be returned again by the next - nextval() call. In particular this could manifest for - serial columns, since creation of a serial column's sequence - includes an ALTER SEQUENCE OWNED BY step. - - - - - - Ensure the backup_label file is fsync'd after - pg_start_backup() (Dave Kerr) - - - - - - Back-patch 9.1 improvement to compress the fsync request queue - (Robert Haas) - - - - This improves performance during checkpoints. The 9.1 change - has now seen enough field testing to seem safe to back-patch. - - - - - - Only allow autovacuum to be auto-canceled by a directly blocked - process (Tom Lane) - - - - The original coding could allow inconsistent behavior in some cases; - in particular, an autovacuum could get canceled after less than - deadlock_timeout grace period. - - - - - - Improve logging of autovacuum cancels (Robert Haas) - - - - - - Fix log collector so that log_truncate_on_rotation works - during the very first log rotation after server start (Tom Lane) - - - - - - Fix WITH attached to a nested set operation - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Ensure that a whole-row reference to a subquery doesn't include any - extra GROUP BY or ORDER BY columns (Tom Lane) - - - - - - Disallow copying whole-row references in CHECK - constraints and index definitions during CREATE TABLE - (Tom Lane) - - - - This situation can arise in CREATE TABLE with - LIKE or INHERITS. The copied whole-row - variable was incorrectly labeled with the row type of the original - table not the new one. Rejecting the case seems reasonable for - LIKE, since the row types might well diverge later. For - INHERITS we should ideally allow it, with an implicit - coercion to the parent table's row type; but that will require more - work than seems safe to back-patch. - - - - - - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki - Linnakangas, Tom Lane) - - - - - - Fix extraction of common prefixes from regular expressions (Tom Lane) - - - - The code could get confused by quantified parenthesized - subexpressions, such as ^(foo)?bar. This would lead to - incorrect index optimization of searches for such patterns. - - - - - - Fix bugs with parsing signed - hh:mm and - hh:mm:ss - fields in interval constants (Amit Kapila, Tom Lane) - - - - - - Report errors properly in contrib/xml2's - xslt_process() (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012e - for DST law changes in Morocco and Tokelau - - - - - - - - - - Release 8.4.12 - - - Release date: - 2012-06-04 - - - - This release contains a variety of fixes from 8.4.11. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.12 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Fix incorrect password transformation in - contrib/pgcrypto's DES crypt() function - (Solar Designer) - - - - If a password string contained the byte value 0x80, the - remainder of the password was ignored, causing the password to be much - weaker than it appeared. With this fix, the rest of the string is - properly included in the DES hash. Any stored password values that are - affected by this bug will thus no longer match, so the stored values may - need to be updated. (CVE-2012-2143) - - - - - - Ignore SECURITY DEFINER and SET attributes for - a procedural language's call handler (Tom Lane) - - - - Applying such attributes to a call handler could crash the server. - (CVE-2012-2655) - - - - - - Allow numeric timezone offsets in timestamp input to be up to - 16 hours away from UTC (Tom Lane) - - - - Some historical time zones have offsets larger than 15 hours, the - previous limit. This could result in dumped data values being rejected - during reload. - - - - - - Fix timestamp conversion to cope when the given time is exactly the - last DST transition time for the current timezone (Tom Lane) - - - - This oversight has been there a long time, but was not noticed - previously because most DST-using zones are presumed to have an - indefinite sequence of future DST transitions. - - - - - - Fix text to name and char to name - casts to perform string truncation correctly in multibyte encodings - (Karl Schnaitter) - - - - - - Fix memory copying bug in to_tsquery() (Heikki Linnakangas) - - - - - - Fix planner's handling of outer PlaceHolderVars within subqueries (Tom - Lane) - - - - This bug concerns sub-SELECTs that reference variables coming from the - nullable side of an outer join of the surrounding query. - In 9.1, queries affected by this bug would fail with ERROR: - Upper-level PlaceHolderVar found where not expected. But in 9.0 and - 8.4, you'd silently get possibly-wrong answers, since the value - transmitted into the subquery wouldn't go to null when it should. - - - - - - Fix slow session startup when pg_attribute is very large - (Tom Lane) - - - - If pg_attribute exceeds one-fourth of - shared_buffers, cache rebuilding code that is sometimes - needed during session start would trigger the synchronized-scan logic, - causing it to take many times longer than normal. The problem was - particularly acute if many new sessions were starting at once. - - - - - - Ensure sequential scans check for query cancel reasonably often (Merlin - Moncure) - - - - A scan encountering many consecutive pages that contain no live tuples - would not respond to interrupts meanwhile. - - - - - - Ensure the Windows implementation of PGSemaphoreLock() - clears ImmediateInterruptOK before returning (Tom Lane) - - - - This oversight meant that a query-cancel interrupt received later - in the same query could be accepted at an unsafe time, with - unpredictable but not good consequences. - - - - - - Show whole-row variables safely when printing views or rules - (Abbas Butt, Tom Lane) - - - - Corner cases involving ambiguous names (that is, the name could be - either a table or column name of the query) were printed in an - ambiguous way, risking that the view or rule would be interpreted - differently after dump and reload. Avoid the ambiguous case by - attaching a no-op cast. - - - - - - Fix COPY FROM to properly handle null marker strings that - correspond to invalid encoding (Tom Lane) - - - - A null marker string such as E'\\0' should work, and did - work in the past, but the case got broken in 8.4. - - - - - - Ensure autovacuum worker processes perform stack depth checking - properly (Heikki Linnakangas) - - - - Previously, infinite recursion in a function invoked by - auto-ANALYZE could crash worker processes. - - - - - - Fix logging collector to not lose log coherency under high load (Andrew - Dunstan) - - - - The collector previously could fail to reassemble large messages if it - got too busy. - - - - - - Fix logging collector to ensure it will restart file rotation - after receiving SIGHUP (Tom Lane) - - - - - - Fix WAL replay logic for GIN indexes to not fail if the index was - subsequently dropped (Tom Lane) - - - - - - Fix memory leak in PL/pgSQL's RETURN NEXT command (Joe - Conway) - - - - - - Fix PL/pgSQL's GET DIAGNOSTICS command when the target - is the function's first variable (Tom Lane) - - - - - - Fix potential access off the end of memory in psql's - expanded display (\x) mode (Peter Eisentraut) - - - - - - Fix several performance problems in pg_dump when - the database contains many objects (Jeff Janes, Tom Lane) - - - - pg_dump could get very slow if the database contained - many schemas, or if many objects are in dependency loops, or if there - are many owned sequences. - - - - - - Fix contrib/dblink's dblink_exec() to not leak - temporary database connections upon error (Tom Lane) - - - - - - Fix contrib/dblink to report the correct connection name in - error messages (Kyotaro Horiguchi) - - - - - - Update time zone data files to tzdata release 2012c - for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland - Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; - also historical corrections for Canada. - - - - - - - - - - Release 8.4.11 - - - Release date: - 2012-02-27 - - - - This release contains a variety of fixes from 8.4.10. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.11 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.10, - see . - - - - - - Changes - - - - - - Require execute permission on the trigger function for - CREATE TRIGGER (Robert Haas) - - - - This missing check could allow another user to execute a trigger - function with forged input data, by installing it on a table he owns. - This is only of significance for trigger functions marked - SECURITY DEFINER, since otherwise trigger functions run - as the table owner anyway. (CVE-2012-0866) - - - - - - Remove arbitrary limitation on length of common name in SSL - certificates (Heikki Linnakangas) - - - - Both libpq and the server truncated the common name - extracted from an SSL certificate at 32 bytes. Normally this would - cause nothing worse than an unexpected verification failure, but there - are some rather-implausible scenarios in which it might allow one - certificate holder to impersonate another. The victim would have to - have a common name exactly 32 bytes long, and the attacker would have - to persuade a trusted CA to issue a certificate in which the common - name has that string as a prefix. Impersonating a server would also - require some additional exploit to redirect client connections. - (CVE-2012-0867) - - - - - - Convert newlines to spaces in names written in pg_dump - comments (Robert Haas) - - - - pg_dump was incautious about sanitizing object names - that are emitted within SQL comments in its output script. A name - containing a newline would at least render the script syntactically - incorrect. Maliciously crafted object names could present a SQL - injection risk when the script is reloaded. (CVE-2012-0868) - - - - - - Fix btree index corruption from insertions concurrent with vacuuming - (Tom Lane) - - - - An index page split caused by an insertion could sometimes cause a - concurrently-running VACUUM to miss removing index entries - that it should remove. After the corresponding table rows are removed, - the dangling index entries would cause errors (such as could not - read block N in file ...) or worse, silently wrong query results - after unrelated rows are re-inserted at the now-free table locations. - This bug has been present since release 8.2, but occurs so infrequently - that it was not diagnosed until now. If you have reason to suspect - that it has happened in your database, reindexing the affected index - will fix things. - - - - - - Update per-column permissions, not only per-table permissions, when - changing table owner (Tom Lane) - - - - Failure to do this meant that any previously granted column permissions - were still shown as having been granted by the old owner. This meant - that neither the new owner nor a superuser could revoke the - now-untraceable-to-table-owner permissions. - - - - - - Allow non-existent values for some settings in ALTER - USER/DATABASE SET (Heikki Linnakangas) - - - - Allow default_text_search_config, - default_tablespace, and temp_tablespaces to be - set to names that are not known. This is because they might be known - in another database where the setting is intended to be used, or for the - tablespace cases because the tablespace might not be created yet. The - same issue was previously recognized for search_path, and - these settings now act like that one. - - - - - - Avoid crashing when we have problems deleting table files post-commit - (Tom Lane) - - - - Dropping a table should lead to deleting the underlying disk files only - after the transaction commits. In event of failure then (for instance, - because of wrong file permissions) the code is supposed to just emit a - warning message and go on, since it's too late to abort the - transaction. This logic got broken as of release 8.4, causing such - situations to result in a PANIC and an unrestartable database. - - - - - - Track the OID counter correctly during WAL replay, even when it wraps - around (Tom Lane) - - - - Previously the OID counter would remain stuck at a high value until the - system exited replay mode. The practical consequences of that are - usually nil, but there are scenarios wherein a standby server that's - been promoted to master might take a long time to advance the OID - counter to a reasonable value once values are needed. - - - - - - Fix regular expression back-references with * attached - (Tom Lane) - - - - Rather than enforcing an exact string match, the code would effectively - accept any string that satisfies the pattern sub-expression referenced - by the back-reference symbol. - - - - A similar problem still afflicts back-references that are embedded in a - larger quantified expression, rather than being the immediate subject - of the quantifier. This will be addressed in a future - PostgreSQL release. - - - - - - Fix recently-introduced memory leak in processing of - inet/cidr values (Heikki Linnakangas) - - - - A patch in the December 2011 releases of PostgreSQL - caused memory leakage in these operations, which could be significant - in scenarios such as building a btree index on such a column. - - - - - - Fix dangling pointer after CREATE TABLE AS/SELECT - INTO in a SQL-language function (Tom Lane) - - - - In most cases this only led to an assertion failure in assert-enabled - builds, but worse consequences seem possible. - - - - - - Avoid double close of file handle in syslogger on Windows (MauMau) - - - - Ordinarily this error was invisible, but it would cause an exception - when running on a debug version of Windows. - - - - - - Fix I/O-conversion-related memory leaks in plpgsql - (Andres Freund, Jan Urbanski, Tom Lane) - - - - Certain operations would leak memory until the end of the current - function. - - - - - - Improve pg_dump's handling of inherited table columns - (Tom Lane) - - - - pg_dump mishandled situations where a child column has - a different default expression than its parent column. If the default - is textually identical to the parent's default, but not actually the - same (for instance, because of schema search path differences) it would - not be recognized as different, so that after dump and restore the - child would be allowed to inherit the parent's default. Child columns - that are NOT NULL where their parent is not could also be - restored subtly incorrectly. - - - - - - Fix pg_restore's direct-to-database mode for - INSERT-style table data (Tom Lane) - - - - Direct-to-database restores from archive files made with - - - - - - Allow AT option in ecpg - DEALLOCATE statements (Michael Meskes) - - - - The infrastructure to support this has been there for awhile, but - through an oversight there was still an error check rejecting the case. - - - - - - Fix error in contrib/intarray's int[] & - int[] operator (Guillaume Lelarge) - - - - If the smallest integer the two input arrays have in common is 1, - and there are smaller values in either array, then 1 would be - incorrectly omitted from the result. - - - - - - Fix error detection in contrib/pgcrypto's - encrypt_iv() and decrypt_iv() - (Marko Kreen) - - - - These functions failed to report certain types of invalid-input errors, - and would instead return random garbage values for incorrect input. - - - - - - Fix one-byte buffer overrun in contrib/test_parser - (Paul Guyot) - - - - The code would try to read one more byte than it should, which would - crash in corner cases. - Since contrib/test_parser is only example code, this is - not a security issue in itself, but bad example code is still bad. - - - - - - Use __sync_lock_test_and_set() for spinlocks on ARM, if - available (Martin Pitt) - - - - This function replaces our previous use of the SWPB - instruction, which is deprecated and not available on ARMv6 and later. - Reports suggest that the old code doesn't fail in an obvious way on - recent ARM boards, but simply doesn't interlock concurrent accesses, - leading to bizarre failures in multiprocess operation. - - - - - - Use - - - This prevents assorted scenarios wherein recent versions of gcc will - produce creative results. - - - - - - Allow use of threaded Python on FreeBSD (Chris Rees) - - - - Our configure script previously believed that this combination wouldn't - work; but FreeBSD fixed the problem, so remove that error check. - - - - - - - - - - Release 8.4.10 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 8.4.9. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.10 - - - A dump/restore is not required for those running 8.4.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you are upgrading from a version earlier than 8.4.8, - see . - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Fix incorrect replay of WAL records for GIN index updates - (Tom Lane) - - - - This could result in transiently failing to find index entries after - a crash, or on a hot-standby server. The problem would be repaired - by the next VACUUM of the index, however. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Track dependencies of functions on items used in parameter default - expressions (Tom Lane) - - - - Previously, a referenced object could be dropped without having dropped - or modified the function, leading to misbehavior when the function was - used. Note that merely installing this update will not fix the missing - dependency entries; to do that, you'd need to CREATE OR - REPLACE each such function afterwards. If you have functions whose - defaults depend on non-built-in objects, doing so is recommended. - - - - - - Allow inlining of set-returning SQL functions with multiple OUT - parameters (Tom Lane) - - - - - - Make DatumGetInetP() unpack inet datums that have a 1-byte - header, and add a new macro, DatumGetInetPP(), that does - not (Heikki Linnakangas) - - - - This change affects no core code, but might prevent crashes in add-on - code that expects DatumGetInetP() to produce an unpacked - datum as per usual convention. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Avoid floating-point underflow while tracking buffer allocation rate - (Greg Matthews) - - - - While harmless in itself, on certain platforms this would result in - annoying kernel log messages. - - - - - - Preserve configuration file name and line number values when starting - child processes under Windows (Tom Lane) - - - - Formerly, these would not be displayed correctly in the - pg_settings view. - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Fix pg_dump to dump user-defined casts between - auto-generated types, such as table rowtypes (Tom Lane) - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Fix incorrect coding in contrib/dict_int and - contrib/dict_xsyn (Tom Lane) - - - - Some functions incorrectly assumed that memory returned by - palloc() is guaranteed zeroed. - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 8.4.9 - - - Release date: - 2011-09-26 - - - - This release contains a variety of fixes from 8.4.8. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.9 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if you are upgrading from a version earlier than 8.4.8, - see . - - - - - - Changes - - - - - - Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane) - - - - These bugs could result in index corruption after reindexing a system - catalog. They are not believed to affect user indexes. - - - - - - Fix multiple bugs in GiST index page split processing (Heikki - Linnakangas) - - - - The probability of occurrence was low, but these could lead to index - corruption. - - - - - - Fix possible buffer overrun in tsvector_concat() - (Tom Lane) - - - - The function could underestimate the amount of memory needed for its - result, leading to server crashes. - - - - - - Fix crash in xml_recv when processing a - standalone parameter (Tom Lane) - - - - - - Make pg_options_to_table return NULL for an option with no - value (Tom Lane) - - - - Previously such cases would result in a server crash. - - - - - - Avoid possibly accessing off the end of memory in ANALYZE - and in SJIS-2004 encoding conversion (Noah Misch) - - - - This fixes some very-low-probability server crash scenarios. - - - - - - Prevent intermittent hang in interactions of startup process with - bgwriter process (Simon Riggs) - - - - This affected recovery in non-hot-standby cases. - - - - - - Fix race condition in relcache init file invalidation (Tom Lane) - - - - There was a window wherein a new backend process could read a stale init - file but miss the inval messages that would tell it the data is stale. - The result would be bizarre failures in catalog accesses, typically - could not read block 0 in file ... later during startup. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix incorrect memory accounting (leading to possible memory bloat) in - tuplestores supporting holdable cursors and plpgsql's RETURN - NEXT command (Tom Lane) - - - - - - Fix performance problem when constructing a large, lossy bitmap - (Tom Lane) - - - - - - Fix join selectivity estimation for unique columns (Tom Lane) - - - - This fixes an erroneous planner heuristic that could lead to poor - estimates of the result size of a join. - - - - - - Fix nested PlaceHolderVar expressions that appear only in sub-select - target lists (Tom Lane) - - - - This mistake could result in outputs of an outer join incorrectly - appearing as NULL. - - - - - - Allow nested EXISTS queries to be optimized properly (Tom - Lane) - - - - - - Fix array- and path-creating functions to ensure padding bytes are - zeroes (Tom Lane) - - - - This avoids some situations where the planner will think that - semantically-equal constants are not equal, resulting in poor - optimization. - - - - - - Fix EXPLAIN to handle gating Result nodes within - inner-indexscan subplans (Tom Lane) - - - - The usual symptom of this oversight was bogus varno errors. - - - - - - Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) - - - - This could lead to loss of committed transactions after a server crash. - - - - - - Fix dump bug for VALUES in a view (Tom Lane) - - - - - - Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) - - - - This operation doesn't work as expected and can lead to failures. - - - - - - Fix VACUUM so that it always updates - pg_class.reltuples/relpages (Tom - Lane) - - - - This fixes some scenarios where autovacuum could make increasingly poor - decisions about when to vacuum tables. - - - - - - Defend against integer overflow when computing size of a hash table (Tom - Lane) - - - - - - Fix cases where CLUSTER might attempt to access - already-removed TOAST data (Tom Lane) - - - - - - Fix portability bugs in use of credentials control messages for - peer authentication (Tom Lane) - - - - - - Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari, - Magnus Hagander) - - - - The typical symptom of this problem was The function requested is - not supported errors during SSPI login. - - - - - - Throw an error if pg_hba.conf contains hostssl - but SSL is disabled (Tom Lane) - - - - This was concluded to be more user-friendly than the previous behavior - of silently ignoring such lines. - - - - - - Fix typo in pg_srand48 seed initialization (Andres Freund) - - - - This led to failure to use all bits of the provided seed. This function - is not used on most platforms (only those without srandom), - and the potential security exposure from a less-random-than-expected - seed seems minimal in any case. - - - - - - Avoid integer overflow when the sum of LIMIT and - OFFSET values exceeds 2^63 (Heikki Linnakangas) - - - - - - Add overflow checks to int4 and int8 versions of - generate_series() (Robert Haas) - - - - - - Fix trailing-zero removal in to_char() (Marti Raudsepp) - - - - In a format with FM and no digit positions - after the decimal point, zeroes to the left of the decimal point could - be removed incorrectly. - - - - - - Fix pg_size_pretty() to avoid overflow for inputs close to - 2^63 (Tom Lane) - - - - - - Weaken plpgsql's check for typmod matching in record values (Tom Lane) - - - - An overly enthusiastic check could lead to discarding length modifiers - that should have been kept. - - - - - - Correctly handle quotes in locale names during initdb - (Heikki Linnakangas) - - - - The case can arise with some Windows locales, such as People's - Republic of China. - - - - - - Fix pg_upgrade to preserve toast tables' relfrozenxids - during an upgrade from 8.3 (Bruce Momjian) - - - - Failure to do this could lead to pg_clog files being - removed too soon after the upgrade. - - - - - - In pg_ctl, support silent mode for service registrations - on Windows (MauMau) - - - - - - Fix psql's counting of script file line numbers during - COPY from a different file (Tom Lane) - - - - - - Fix pg_restore's direct-to-database mode for - standard_conforming_strings (Tom Lane) - - - - pg_restore could emit incorrect commands when restoring - directly to a database server from an archive file that had been made - with standard_conforming_strings set to on. - - - - - - Be more user-friendly about unsupported cases for parallel - pg_restore (Tom Lane) - - - - This change ensures that such cases are detected and reported before - any restore actions have been taken. - - - - - - Fix write-past-buffer-end and memory leak in libpq's - LDAP service lookup code (Albe Laurenz) - - - - - - In libpq, avoid failures when using nonblocking I/O - and an SSL connection (Martin Pihlak, Tom Lane) - - - - - - Improve libpq's handling of failures during connection startup - (Tom Lane) - - - - In particular, the response to a server report of fork() - failure during SSL connection startup is now saner. - - - - - - Improve libpq's error reporting for SSL failures (Tom - Lane) - - - - - - Fix PQsetvalue() to avoid possible crash when adding a new - tuple to a PGresult originally obtained from a server - query (Andrew Chernow) - - - - - - Make ecpglib write double values with 15 digits - precision (Akira Kurosawa) - - - - - - In ecpglib, be sure LC_NUMERIC setting is - restored after an error (Michael Meskes) - - - - - - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) - (Tom Lane) - - - - contrib/pg_crypto's blowfish encryption code could give - wrong results on platforms where char is signed (which is most), - leading to encrypted passwords being weaker than they should be. - - - - - - Fix memory leak in contrib/seg (Heikki Linnakangas) - - - - - - Fix pgstatindex() to give consistent results for empty - indexes (Tom Lane) - - - - - - Allow building with perl 5.14 (Alex Hunsaker) - - - - - - Update configure script's method for probing existence of system - functions (Tom Lane) - - - - The version of autoconf we used in 8.3 and 8.2 could be fooled by - compilers that perform link-time optimization. - - - - - - Fix assorted issues with build and install file paths containing spaces - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2011i - for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. - - - - - - - - - - Release 8.4.8 - - - Release date: - 2011-04-18 - - - - This release contains a variety of fixes from 8.4.7. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.8 - - - A dump/restore is not required for those running 8.4.X. - - - - However, if your installation was upgraded from a previous major - release by running pg_upgrade, you should take - action to prevent possible data loss due to a now-fixed bug in - pg_upgrade. The recommended solution is to run - VACUUM FREEZE on all TOAST tables. - More information is available at - http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix. - - - - Also, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Fix pg_upgrade's handling of TOAST tables - (Bruce Momjian) - - - - The pg_class.relfrozenxid value for - TOAST tables was not correctly copied into the new installation - during pg_upgrade. This could later result in - pg_clog files being discarded while they were still - needed to validate tuples in the TOAST tables, leading to - could not access status of transaction failures. - - - - This error poses a significant risk of data loss for installations - that have been upgraded with pg_upgrade. This patch - corrects the problem for future uses of pg_upgrade, - but does not in itself cure the issue in installations that have been - processed with a buggy version of pg_upgrade. - - - - - - Suppress incorrect PD_ALL_VISIBLE flag was incorrectly set - warning (Heikki Linnakangas) - - - - VACUUM would sometimes issue this warning in cases that - are actually valid. - - - - - - Disallow including a composite type in itself (Tom Lane) - - - - This prevents scenarios wherein the server could recurse infinitely - while processing the composite type. While there are some possible - uses for such a structure, they don't seem compelling enough to - justify the effort required to make sure it always works safely. - - - - - - Avoid potential deadlock during catalog cache initialization - (Nikhil Sontakke) - - - - In some cases the cache loading code would acquire share lock on a - system index before locking the index's catalog. This could deadlock - against processes trying to acquire exclusive locks in the other, - more standard order. - - - - - - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger - handling when there was a concurrent update to the target tuple - (Tom Lane) - - - - This bug has been observed to result in intermittent cannot - extract system attribute from virtual tuple failures while trying to - do UPDATE RETURNING ctid. There is a very small probability - of more serious errors, such as generating incorrect index entries for - the updated tuple. - - - - - - Disallow DROP TABLE when there are pending deferred trigger - events for the table (Tom Lane) - - - - Formerly the DROP would go through, leading to - could not open relation with OID nnn errors when the - triggers were eventually fired. - - - - - - Prevent crash triggered by constant-false WHERE conditions during - GEQO optimization (Tom Lane) - - - - - - Improve planner's handling of semi-join and anti-join cases - (Tom Lane) - - - - - - Fix selectivity estimation for text search to account for NULLs - (Jesper Krogh) - - - - - - Improve PL/pgSQL's ability to handle row types with dropped columns - (Pavel Stehule) - - - - This is a back-patch of fixes previously made in 9.0. - - - - - - Fix PL/Python memory leak involving array slices (Daniel Popowich) - - - - - - Fix pg_restore to cope with long lines (over 1KB) in - TOC files (Tom Lane) - - - - - - Put in more safeguards against crashing due to division-by-zero - with overly enthusiastic compiler optimization (Aurelien Jarno) - - - - - - Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) - - - - There was a hard-wired assumption that this system function was not - available on MIPS hardware on these systems. Use a compile-time test - instead, since more recent versions have it. - - - - - - Fix compilation failures on HP-UX (Heikki Linnakangas) - - - - - - Fix version-incompatibility problem with libintl on - Windows (Hiroshi Inoue) - - - - - - Fix usage of xcopy in Windows build scripts to - work correctly under Windows 7 (Andrew Dunstan) - - - - This affects the build scripts only, not installation or usage. - - - - - - Fix path separator used by pg_regress on Cygwin - (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2011f - for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, - and Turkey; also historical corrections for South Australia, Alaska, - and Hawaii. - - - - - - - - - - Release 8.4.7 - - - Release date: - 2011-01-31 - - - - This release contains a variety of fixes from 8.4.6. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.7 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Avoid failures when EXPLAIN tries to display a simple-form - CASE expression (Tom Lane) - - - - If the CASE's test expression was a constant, the planner - could simplify the CASE into a form that confused the - expression-display code, resulting in unexpected CASE WHEN - clause errors. - - - - - - Fix assignment to an array slice that is before the existing range - of subscripts (Tom Lane) - - - - If there was a gap between the newly added subscripts and the first - pre-existing subscript, the code miscalculated how many entries needed - to be copied from the old array's null bitmap, potentially leading to - data corruption or crash. - - - - - - Avoid unexpected conversion overflow in planner for very distant date - values (Tom Lane) - - - - The date type supports a wider range of dates than can be - represented by the timestamp types, but the planner assumed it - could always convert a date to timestamp with impunity. - - - - - - Fix pg_restore's text output for large objects (BLOBs) - when standard_conforming_strings is on (Tom Lane) - - - - Although restoring directly to a database worked correctly, string - escaping was incorrect if pg_restore was asked for - SQL text output and standard_conforming_strings had been - enabled in the source database. - - - - - - Fix erroneous parsing of tsquery values containing - ... & !(subexpression) | ... (Tom Lane) - - - - Queries containing this combination of operators were not executed - correctly. The same error existed in contrib/intarray's - query_int type and contrib/ltree's - ltxtquery type. - - - - - - Fix buffer overrun in contrib/intarray's input function - for the query_int type (Apple) - - - - This bug is a security risk since the function's return address could - be overwritten. Thanks to Apple Inc's security team for reporting this - issue and supplying the fix. (CVE-2010-4015) - - - - - - Fix bug in contrib/seg's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a seg column. - If you have such an index, consider REINDEXing it after - installing this update. (This is identical to the bug that was fixed in - contrib/cube in the previous update.) - - - - - - - - - - Release 8.4.6 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 8.4.5. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.6 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) - - - - This could result in bad buffer id: 0 failures or - corruption of index contents during replication. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Fix persistent slowdown of autovacuum workers when multiple workers - remain active for a long time (Tom Lane) - - - - The effective vacuum_cost_limit for an autovacuum worker - could drop to nearly zero if it processed enough tables, causing it - to run extremely slowly. - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Fix error checking during early connection processing (Tom Lane) - - - - The check for too many child processes was skipped in some cases, - possibly leading to postmaster crash when attempting to add the new - child process to fixed-size arrays. - - - - - - Improve efficiency of window functions (Tom Lane) - - - - Certain cases where a large number of tuples needed to be read in - advance, but work_mem was large enough to allow them all - to be held in memory, were unexpectedly slow. - percent_rank(), cume_dist() and - ntile() in particular were subject to this problem. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Behave correctly if ORDER BY, LIMIT, - FOR UPDATE, or WITH is attached to the - VALUES part of INSERT ... VALUES (Tom Lane) - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Fix postmaster crash when connection acceptance - (accept() or one of the calls made immediately after it) - fails, and the postmaster was compiled with GSSAPI support (Alexander - Chernikov) - - - - - - Fix missed unlink of temporary files when log_temp_files - is active (Tom Lane) - - - - If an error occurred while attempting to emit the log message, the - unlink was not done, resulting in accumulation of temp files. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix incorrect calculation of transaction status in - ecpg (Itagaki Takahiro) - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix PL/Python's handling of set-returning functions - (Jan Urbanski) - - - - Attempts to call SPI functions within the iterator generating a set - result would fail. - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 8.4.5 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 8.4.4. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.5 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Prevent possible crashes in pg_get_expr() by disallowing - it from being called with an argument that is not one of the system - catalog columns it's intended to be used with - (Heikki Linnakangas, Tom Lane) - - - - - - Treat exit code 128 (ERROR_WAIT_NO_CHILDREN) as non-fatal on - Windows (Magnus Hagander) - - - - Under high load, Windows processes will sometimes fail at startup with - this error code. Formerly the postmaster treated this as a panic - condition and restarted the whole database, but that seems to be - an overreaction. - - - - - - Fix incorrect placement of placeholder evaluation (Tom Lane) - - - - This bug could result in query outputs being non-null when they - should be null, in cases where the inner side of an outer join - is a sub-select with non-strict expressions in its output list. - - - - - - Fix possible duplicate scans of UNION ALL member relations - (Tom Lane) - - - - - - Fix cannot handle unplanned sub-select error (Tom Lane) - - - - This occurred when a sub-select contains a join alias reference that - expands into an expression containing another sub-select. - - - - - - Fix mishandling of whole-row Vars that reference a view or sub-select - and appear within a nested sub-select (Tom Lane) - - - - - - Fix mishandling of cross-type IN comparisons (Tom Lane) - - - - This could result in failures if the planner tried to implement an - IN join with a sort-then-unique-then-plain-join plan. - - - - - - Fix computation of ANALYZE statistics for tsvector - columns (Jan Urbanski) - - - - The original coding could produce incorrect statistics, leading to - poor plan choices later. - - - - - - Improve planner's estimate of memory used by array_agg(), - string_agg(), and similar aggregate functions - (Hitoshi Harada) - - - - The previous drastic underestimate could lead to out-of-memory failures - due to inappropriate choice of a hash-aggregation plan. - - - - - - Fix failure to mark cached plans as transient (Tom Lane) - - - - If a plan is prepared while CREATE INDEX CONCURRENTLY is - in progress for one of the referenced tables, it is supposed to be - re-planned once the index is ready for use. This was not happening - reliably. - - - - - - Reduce PANIC to ERROR in some occasionally-reported btree failure cases, - and provide additional detail in the resulting error messages - (Tom Lane) - - - - This should improve the system's robustness with corrupted indexes. - - - - - - Fix incorrect search logic for partial-match queries with GIN indexes - (Tom Lane) - - - - Cases involving AND/OR combination of several GIN index conditions - didn't always give the right answer, and were sometimes much slower - than necessary. - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Defend against functions returning setof record where not all the - returned rows are actually of the same rowtype (Tom Lane) - - - - - - Fix possible corruption of pending trigger event lists during - subtransaction rollback (Tom Lane) - - - - This could lead to a crash or incorrect firing of triggers. - - - - - - Fix possible failure when hashing a pass-by-reference function result - (Tao Ma, Tom Lane) - - - - - - Improve merge join's handling of NULLs in the join columns (Tom Lane) - - - - A merge join can now stop entirely upon reaching the first NULL, - if the sort order is such that NULLs sort high. - - - - - - Take care to fsync the contents of lockfiles (both - postmaster.pid and the socket lockfile) while writing them - (Tom Lane) - - - - This omission could result in corrupted lockfile contents if the - machine crashes shortly after postmaster start. That could in turn - prevent subsequent attempts to start the postmaster from succeeding, - until the lockfile is manually removed. - - - - - - Avoid recursion while assigning XIDs to heavily-nested - subtransactions (Andres Freund, Robert Haas) - - - - The original coding could result in a crash if there was limited - stack space. - - - - - - Avoid holding open old WAL segments in the walwriter process - (Magnus Hagander, Heikki Linnakangas) - - - - The previous coding would prevent removal of no-longer-needed segments. - - - - - - Fix log_line_prefix's %i escape, - which could produce junk early in backend startup (Tom Lane) - - - - - - Prevent misinterpretation of partially-specified relation options - for TOAST tables (Itagaki Takahiro) - - - - In particular, fillfactor would be read as zero if any - other reloption had been set for the table, leading to serious bloat. - - - - - - Fix inheritance count tracking in ALTER TABLE ... ADD - CONSTRAINT (Robert Haas) - - - - - - Fix possible data corruption in ALTER TABLE ... SET - TABLESPACE when archiving is enabled (Jeff Davis) - - - - - - Allow CREATE DATABASE and ALTER DATABASE ... SET - TABLESPACE to be interrupted by query-cancel (Guillaume Lelarge) - - - - - - Improve CREATE INDEX's checking of whether proposed index - expressions are immutable (Tom Lane) - - - - - - Fix REASSIGN OWNED to handle operator classes and families - (Asko Tiidumaa) - - - - - - Fix possible core dump when comparing two empty tsquery values - (Tom Lane) - - - - - - Fix LIKE's handling of patterns containing % - followed by _ (Tom Lane) - - - - We've fixed this before, but there were still some incorrectly-handled - cases. - - - - - - Re-allow input of Julian dates prior to 0001-01-01 AD (Tom Lane) - - - - Input such as 'J100000'::date worked before 8.4, - but was unintentionally broken by added error-checking. - - - - - - Fix PL/pgSQL to throw an error, not crash, if a cursor is closed within - a FOR loop that is iterating over that cursor - (Heikki Linnakangas) - - - - - - In PL/Python, defend against null pointer results from - PyCObject_AsVoidPtr and PyCObject_FromVoidPtr - (Peter Eisentraut) - - - - - - In libpq, fix full SSL certificate verification for the - case where both host and hostaddr are specified - (Tom Lane) - - - - - - Make psql recognize DISCARD ALL as a command that should - not be encased in a transaction block in autocommit-off mode - (Itagaki Takahiro) - - - - - - Fix some issues in pg_dump's handling of SQL/MED objects - (Tom Lane) - - - - Notably, pg_dump would always fail if run by a - non-superuser, which was not intended. - - - - - - Improve pg_dump and pg_restore's - handling of non-seekable archive files (Tom Lane, Robert Haas) - - - - This is important for proper functioning of parallel restore. - - - - - - Improve parallel pg_restore's ability to cope with selective restore - (-L option) (Tom Lane) - - - - The original code tended to fail if the -L file commanded - a non-default restore ordering. - - - - - - Fix ecpg to process data from RETURNING - clauses correctly (Michael Meskes) - - - - - - Fix some memory leaks in ecpg (Zoltan Boszormenyi) - - - - - - Improve contrib/dblink's handling of tables containing - dropped columns (Tom Lane) - - - - - - Fix connection leak after duplicate connection name - errors in contrib/dblink (Itagaki Takahiro) - - - - - - Fix contrib/dblink to handle connection names longer than - 62 bytes correctly (Itagaki Takahiro) - - - - - - Add hstore(text, text) - function to contrib/hstore (Robert Haas) - - - - This function is the recommended substitute for the now-deprecated - => operator. It was back-patched so that future-proofed - code can be used with older server versions. Note that the patch will - be effective only after contrib/hstore is installed or - reinstalled in a particular database. Users might prefer to execute - the CREATE FUNCTION command by hand, instead. - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - Update time zone data files to tzdata release 2010l - for DST law changes in Egypt and Palestine; also historical corrections - for Finland. - - - - This change also adds new names for two Micronesian timezones: - Pacific/Chuuk is now preferred over Pacific/Truk (and the preferred - abbreviation is CHUT not TRUT) and Pacific/Pohnpei is preferred over - Pacific/Ponape. - - - - - - Make Windows' N. Central Asia Standard Time timezone map to - Asia/Novosibirsk, not Asia/Almaty (Magnus Hagander) - - - - Microsoft changed the DST behavior of this zone in the timezone update - from KB976098. Asia/Novosibirsk is a better match to its new behavior. - - - - - - - - - - Release 8.4.4 - - - Release date: - 2010-05-17 - - - - This release contains a variety of fixes from 8.4.3. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.4 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Enforce restrictions in plperl using an opmask applied to - the whole interpreter, instead of using Safe.pm - (Tim Bunce, Andrew Dunstan) - - - - Recent developments have convinced us that Safe.pm is too - insecure to rely on for making plperl trustable. This - change removes use of Safe.pm altogether, in favor of using - a separate interpreter with an opcode mask that is always applied. - Pleasant side effects of the change include that it is now possible to - use Perl's strict pragma in a natural way in - plperl, and that Perl's $a and $b - variables work as expected in sort routines, and that function - compilation is significantly faster. (CVE-2010-1169) - - - - - - Prevent PL/Tcl from executing untrustworthy code from - pltcl_modules (Tom) - - - - PL/Tcl's feature for autoloading Tcl code from a database table - could be exploited for trojan-horse attacks, because there was no - restriction on who could create or insert into that table. This change - disables the feature unless pltcl_modules is owned by a - superuser. (However, the permissions on the table are not checked, so - installations that really need a less-than-secure modules table can - still grant suitable privileges to trusted non-superusers.) Also, - prevent loading code into the unrestricted normal Tcl - interpreter unless we are really going to execute a pltclu - function. (CVE-2010-1170) - - - - - - Fix data corruption during WAL replay of - ALTER ... SET TABLESPACE (Tom) - - - - When archive_mode is on, ALTER ... SET TABLESPACE - generates a WAL record whose replay logic was incorrect. It could write - the data to the wrong place, leading to possibly-unrecoverable data - corruption. Data corruption would be observed on standby slaves, and - could occur on the master as well if a database crash and recovery - occurred after committing the ALTER and before the next - checkpoint. - - - - - - Fix possible crash if a cache reset message is received during - rebuild of a relcache entry (Heikki) - - - - This error was introduced in 8.4.3 while fixing a related failure. - - - - - - Apply per-function GUC settings while running the language validator - for the function (Itagaki Takahiro) - - - - This avoids failures if the function's code is invalid without the - setting; an example is that SQL functions may not parse if the - search_path is not correct. - - - - - - Do constraint exclusion for inherited UPDATE and - DELETE target tables when - constraint_exclusion = partition (Tom) - - - - Due to an oversight, this setting previously only caused constraint - exclusion to be checked in SELECT commands. - - - - - - Do not allow an unprivileged user to reset superuser-only parameter - settings (Alvaro) - - - - Previously, if an unprivileged user ran ALTER USER ... RESET - ALL for himself, or ALTER DATABASE ... RESET ALL for - a database he owns, this would remove all special parameter settings - for the user or database, even ones that are only supposed to be - changeable by a superuser. Now, the ALTER will only - remove the parameters that the user has permission to change. - - - - - - Avoid possible crash during backend shutdown if shutdown occurs - when a CONTEXT addition would be made to log entries (Tom) - - - - In some cases the context-printing function would fail because the - current transaction had already been rolled back when it came time - to print a log message. - - - - - - Fix erroneous handling of %r parameter in - recovery_end_command (Heikki) - - - - The value always came out zero. - - - - - - Ensure the archiver process responds to changes in - archive_command as soon as possible (Tom) - - - - - - Fix pl/pgsql's CASE statement to not fail when the - case expression is a query that returns no rows (Tom) - - - - - - Update pl/perl's ppport.h for modern Perl versions - (Andrew) - - - - - - Fix assorted memory leaks in pl/python (Andreas Freund, Tom) - - - - - - Handle empty-string connect parameters properly in ecpg (Michael) - - - - - - Prevent infinite recursion in psql when expanding - a variable that refers to itself (Tom) - - - - - - Fix psql's \copy to not add spaces around - a dot within \copy (select ...) (Tom) - - - - Addition of spaces around the decimal point in a numeric literal would - result in a syntax error. - - - - - - Avoid formatting failure in psql when running in a - locale context that doesn't match the client_encoding - (Tom) - - - - - - Fix unnecessary GIN indexes do not support whole-index scans - errors for unsatisfiable queries using contrib/intarray - operators (Tom) - - - - - - Ensure that contrib/pgstattuple functions respond to cancel - interrupts promptly (Tatsuhito Kasahara) - - - - - - Make server startup deal properly with the case that - shmget() returns EINVAL for an existing - shared memory segment (Tom) - - - - This behavior has been observed on BSD-derived kernels including OS X. - It resulted in an entirely-misleading startup failure complaining that - the shared memory request size was too large. - - - - - - Avoid possible crashes in syslogger process on Windows (Heikki) - - - - - - Deal more robustly with incomplete time zone information in the - Windows registry (Magnus) - - - - - - Update the set of known Windows time zone names (Magnus) - - - - - - Update time zone data files to tzdata release 2010j - for DST law changes in Argentina, Australian Antarctic, Bangladesh, - Mexico, Morocco, Pakistan, Palestine, Russia, Syria, Tunisia; - also historical corrections for Taiwan. - - - - Also, add PKST (Pakistan Summer Time) to the default set of - timezone abbreviations. - - - - - - - - - - Release 8.4.3 - - - Release date: - 2010-03-15 - - - - This release contains a variety of fixes from 8.4.2. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.3 - - - A dump/restore is not required for those running 8.4.X. - However, if you are upgrading from a version earlier than 8.4.2, - see . - - - - - - Changes - - - - - - Add new configuration parameter ssl_renegotiation_limit to - control how often we do session key renegotiation for an SSL connection - (Magnus) - - - - This can be set to zero to disable renegotiation completely, which may - be required if a broken SSL library is used. In particular, some - vendors are shipping stopgap patches for CVE-2009-3555 that cause - renegotiation attempts to fail. - - - - - - Fix possible deadlock during backend startup (Tom) - - - - - - Fix possible crashes due to not handling errors during relcache reload - cleanly (Tom) - - - - - - Fix possible crash due to use of dangling pointer to a cached plan - (Tatsuo) - - - - - - Fix possible crash due to overenthusiastic invalidation of cached - plan for ROLLBACK (Tom) - - - - - - Fix possible crashes when trying to recover from a failure in - subtransaction start (Tom) - - - - - - Fix server memory leak associated with use of savepoints and a client - encoding different from server's encoding (Tom) - - - - - - Fix incorrect WAL data emitted during end-of-recovery cleanup of a GIST - index page split (Yoichi Hirai) - - - - This would result in index corruption, or even more likely an error - during WAL replay, if we were unlucky enough to crash during - end-of-recovery cleanup after having completed an incomplete GIST - insertion. - - - - - - Fix bug in WAL redo cleanup method for GIN indexes (Heikki) - - - - - - Fix incorrect comparison of scan key in GIN index search (Teodor) - - - - - - Make substring() for bit types treat any negative - length as meaning all the rest of the string (Tom) - - - - The previous coding treated only -1 that way, and would produce an - invalid result value for other negative values, possibly leading to - a crash (CVE-2010-0442). - - - - - - Fix integer-to-bit-string conversions to handle the first fractional - byte correctly when the output bit width is wider than the given - integer by something other than a multiple of 8 bits (Tom) - - - - - - Fix some cases of pathologically slow regular expression matching (Tom) - - - - - - Fix bug occurring when trying to inline a SQL function that returns - a set of a composite type that contains dropped columns (Tom) - - - - - - Fix bug with trying to update a field of an element of a - composite-type array column (Tom) - - - - - - Avoid failure when EXPLAIN has to print a FieldStore or - assignment ArrayRef expression (Tom) - - - - These cases can arise now that EXPLAIN VERBOSE tries to - print plan node target lists. - - - - - - Avoid an unnecessary coercion failure in some cases where an undecorated - literal string appears in a subquery within - UNION/INTERSECT/EXCEPT (Tom) - - - - This fixes a regression for some cases that worked before 8.4. - - - - - - Avoid undesirable rowtype compatibility check failures in some cases - where a whole-row Var has a rowtype that contains dropped columns (Tom) - - - - - - Fix the STOP WAL LOCATION entry in backup history files to - report the next WAL segment's name when the end location is exactly at a - segment boundary (Itagaki Takahiro) - - - - - - Always pass the catalog ID to an option validator function specified in - CREATE FOREIGN DATA WRAPPER (Martin Pihlak) - - - - - - Fix some more cases of temporary-file leakage (Heikki) - - - - This corrects a problem introduced in the previous minor release. - One case that failed is when a plpgsql function returning set is - called within another function's exception handler. - - - - - - Add support for doing FULL JOIN ON FALSE (Tom) - - - - This prevents a regression from pre-8.4 releases for some queries that - can now be simplified to a constant-false join condition. - - - - - - Improve constraint exclusion processing of boolean-variable cases, - in particular make it possible to exclude a partition that has a - bool_column = false constraint (Tom) - - - - - - Prevent treating an INOUT cast as representing binary - compatibility (Heikki) - - - - - - Include column name in the message when warning about inability to - grant or revoke column-level privileges (Stephen Frost) - - - - This is more useful than before and helps to prevent confusion when - a REVOKE generates multiple messages, which formerly - appeared to be duplicates. - - - - - - When reading pg_hba.conf and related files, do not treat - @something as a file inclusion request if the @ - appears inside quote marks; also, never treat @ by itself - as a file inclusion request (Tom) - - - - This prevents erratic behavior if a role or database name starts with - @. If you need to include a file whose path name - contains spaces, you can still do so, but you must write - @"/path to/file" rather than putting the quotes around - the whole construct. - - - - - - Prevent infinite loop on some platforms if a directory is named as - an inclusion target in pg_hba.conf and related files - (Tom) - - - - - - Fix possible infinite loop if SSL_read or - SSL_write fails without setting errno (Tom) - - - - This is reportedly possible with some Windows versions of - openssl. - - - - - - Disallow GSSAPI authentication on local connections, - since it requires a hostname to function correctly (Magnus) - - - - - - Protect ecpg against applications freeing strings - unexpectedly (Michael) - - - - - - Make ecpg report the proper SQLSTATE if the connection - disappears (Michael) - - - - - - Fix translation of cell contents in psql \d - output (Heikki) - - - - - - Fix psql's numericlocale option to not - format strings it shouldn't in latex and troff output formats (Heikki) - - - - - - Fix a small per-query memory leak in psql (Tom) - - - - - - Make psql return the correct exit status (3) when - ON_ERROR_STOP and --single-transaction are - both specified and an error occurs during the implied COMMIT - (Bruce) - - - - - - Fix pg_dump's output of permissions for foreign servers - (Heikki) - - - - - - Fix possible crash in parallel pg_restore due to - out-of-range dependency IDs (Tom) - - - - - - Fix plpgsql failure in one case where a composite column is set to NULL - (Tom) - - - - - - Fix possible failure when calling PL/Perl functions from PL/PerlU - or vice versa (Tim Bunce) - - - - - - Add volatile markings in PL/Python to avoid possible - compiler-specific misbehavior (Zdenek Kotala) - - - - - - Ensure PL/Tcl initializes the Tcl interpreter fully (Tom) - - - - The only known symptom of this oversight is that the Tcl - clock command misbehaves if using Tcl 8.5 or later. - - - - - - Prevent ExecutorEnd from being run on portals created - within a failed transaction or subtransaction (Tom) - - - - This is known to cause issues when using - contrib/auto_explain. - - - - - - Prevent crash in contrib/dblink when too many key - columns are specified to a dblink_build_sql_* function - (Rushabh Lathia, Joe Conway) - - - - - - Allow zero-dimensional arrays in contrib/ltree operations - (Tom) - - - - This case was formerly rejected as an error, but it's more convenient to - treat it the same as a zero-element array. In particular this avoids - unnecessary failures when an ltree operation is applied to the - result of ARRAY(SELECT ...) and the sub-select returns no - rows. - - - - - - Fix assorted crashes in contrib/xml2 caused by sloppy - memory management (Tom) - - - - - - Make building of contrib/xml2 more robust on Windows - (Andrew) - - - - - - Fix race condition in Windows signal handling (Radu Ilie) - - - - One known symptom of this bug is that rows in pg_listener - could be dropped under heavy load. - - - - - - Make the configure script report failure if the C compiler does - not provide a working 64-bit integer datatype (Tom) - - - - This case has been broken for some time, and no longer seems worth - supporting, so just reject it at configure time instead. - - - - - - Update time zone data files to tzdata release 2010e - for DST law changes in Bangladesh, Chile, Fiji, Mexico, Paraguay, Samoa. - - - - - - - - - - Release 8.4.2 - - - Release date: - 2009-12-14 - - - - This release contains a variety of fixes from 8.4.1. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.2 - - - A dump/restore is not required for those running 8.4.X. - However, if you have any hash indexes, - you should REINDEX them after updating to 8.4.2, - to repair possible damage. - - - - - - Changes - - - - - - Protect against indirect security threats caused by index functions - changing session-local state (Gurjeet Singh, Tom) - - - - This change prevents allegedly-immutable index functions from possibly - subverting a superuser's session (CVE-2009-4136). - - - - - - Reject SSL certificates containing an embedded null byte in the common - name (CN) field (Magnus) - - - - This prevents unintended matching of a certificate to a server or client - name during SSL validation (CVE-2009-4034). - - - - - - Fix hash index corruption (Tom) - - - - The 8.4 change that made hash indexes keep entries sorted by hash value - failed to update the bucket splitting and compaction routines to - preserve the ordering. So application of either of those operations - could lead to permanent corruption of an index, in the sense that - searches might fail to find entries that are present. To deal with - this, it is recommended to REINDEX any hash indexes you may - have after installing this update. - - - - - - Fix possible crash during backend-startup-time cache initialization (Tom) - - - - - - Avoid crash on empty thesaurus dictionary (Tom) - - - - - - Prevent signals from interrupting VACUUM at unsafe times - (Alvaro) - - - - This fix prevents a PANIC if a VACUUM FULL is canceled - after it's already committed its tuple movements, as well as transient - errors if a plain VACUUM is interrupted after having - truncated the table. - - - - - - Fix possible crash due to integer overflow in hash table size - calculation (Tom) - - - - This could occur with extremely large planner estimates for the size of - a hashjoin's result. - - - - - - Fix crash if a DROP is attempted on an internally-dependent - object (Tom) - - - - - - Fix very rare crash in inet/cidr comparisons (Chris - Mikkelson) - - - - - - Ensure that shared tuple-level locks held by prepared transactions are - not ignored (Heikki) - - - - - - Fix premature drop of temporary files used for a cursor that is accessed - within a subtransaction (Heikki) - - - - - - Fix memory leak in syslogger process when rotating to a new CSV logfile - (Tom) - - - - - - Fix memory leak in postmaster when re-parsing pg_hba.conf - (Tom) - - - - - - Fix Windows permission-downgrade logic (Jesse Morris) - - - - This fixes some cases where the database failed to start on Windows, - often with misleading error messages such as could not locate - matching postgres executable. - - - - - - Make FOR UPDATE/SHARE in the primary query not propagate - into WITH queries (Tom) - - - - For example, in - -WITH w AS (SELECT * FROM foo) SELECT * FROM w, bar ... FOR UPDATE - - the FOR UPDATE will now affect bar but not - foo. This is more useful and consistent than the original - 8.4 behavior, which tried to propagate FOR UPDATE into the - WITH query but always failed due to assorted implementation - restrictions. It also follows the design rule that WITH - queries are executed as if independent of the main query. - - - - - - Fix bug with a WITH RECURSIVE query immediately inside - another one (Tom) - - - - - - Fix concurrency bug in hash indexes (Tom) - - - - Concurrent insertions could cause index scans to transiently report - wrong results. - - - - - - Fix incorrect logic for GiST index page splits, when the split depends - on a non-first column of the index (Paul Ramsey) - - - - - - Fix wrong search results for a multi-column GIN index with - fastupdate enabled (Teodor) - - - - - - Fix bugs in WAL entry creation for GIN indexes (Tom) - - - - These bugs were masked when full_page_writes was on, but - with it off a WAL replay failure was certain if a crash occurred before - the next checkpoint. - - - - - - Don't error out if recycling or removing an old WAL file fails at the - end of checkpoint (Heikki) - - - - It's better to treat the problem as non-fatal and allow the checkpoint - to complete. Future checkpoints will retry the removal. Such problems - are not expected in normal operation, but have been seen to be - caused by misdesigned Windows anti-virus and backup software. - - - - - - Ensure WAL files aren't repeatedly archived on Windows (Heikki) - - - - This is another symptom that could happen if some other process - interfered with deletion of a no-longer-needed file. - - - - - - Fix PAM password processing to be more robust (Tom) - - - - The previous code is known to fail with the combination of the Linux - pam_krb5 PAM module with Microsoft Active Directory as the - domain controller. It might have problems elsewhere too, since it was - making unjustified assumptions about what arguments the PAM stack would - pass to it. - - - - - - Raise the maximum authentication token (Kerberos ticket) size in GSSAPI - and SSPI authentication methods (Ian Turner) - - - - While the old 2000-byte limit was more than enough for Unix Kerberos - implementations, tickets issued by Windows Domain Controllers can be - much larger. - - - - - - Ensure that domain constraints are enforced in constructs like - ARRAY[...]::domain, where the domain is over an array type - (Heikki) - - - - - - Fix foreign-key logic for some cases involving composite-type columns - as foreign keys (Tom) - - - - - - Ensure that a cursor's snapshot is not modified after it is created - (Alvaro) - - - - This could lead to a cursor delivering wrong results if later operations - in the same transaction modify the data the cursor is supposed to return. - - - - - - Fix CREATE TABLE to properly merge default expressions - coming from different inheritance parent tables (Tom) - - - - This used to work but was broken in 8.4. - - - - - - Re-enable collection of access statistics for sequences (Akira Kurosawa) - - - - This used to work but was broken in 8.3. - - - - - - Fix processing of ownership dependencies during CREATE OR - REPLACE FUNCTION (Tom) - - - - - - Fix incorrect handling of WHERE - x=x conditions (Tom) - - - - In some cases these could get ignored as redundant, but they aren't - — they're equivalent to x IS NOT NULL. - - - - - - Fix incorrect plan construction when using hash aggregation to implement - DISTINCT for textually identical volatile expressions (Tom) - - - - - - Fix Assert failure for a volatile SELECT DISTINCT ON - expression (Tom) - - - - - - Fix ts_stat() to not fail on an empty tsvector - value (Tom) - - - - - - Make text search parser accept underscores in XML attributes (Peter) - - - - - - Fix encoding handling in xml binary input (Heikki) - - - - If the XML header doesn't specify an encoding, we now assume UTF-8 by - default; the previous handling was inconsistent. - - - - - - Fix bug with calling plperl from plperlu or vice - versa (Tom) - - - - An error exit from the inner function could result in crashes due to - failure to re-select the correct Perl interpreter for the outer function. - - - - - - Fix session-lifespan memory leak when a PL/Perl function is redefined - (Tom) - - - - - - Ensure that Perl arrays are properly converted to - PostgreSQL arrays when returned by a set-returning - PL/Perl function (Andrew Dunstan, Abhijit Menon-Sen) - - - - This worked correctly already for non-set-returning functions. - - - - - - Fix rare crash in exception processing in PL/Python (Peter) - - - - - - Fix ecpg problem with comments in DECLARE - CURSOR statements (Michael) - - - - - - Fix ecpg to not treat recently-added keywords as - reserved words (Tom) - - - - This affected the keywords CALLED, CATALOG, - DEFINER, ENUM, FOLLOWING, - INVOKER, OPTIONS, PARTITION, - PRECEDING, RANGE, SECURITY, - SERVER, UNBOUNDED, and WRAPPER. - - - - - - Re-allow regular expression special characters in psql's - \df function name parameter (Tom) - - - - - - In contrib/fuzzystrmatch, correct the calculation of - levenshtein distances with non-default costs (Marcin Mank) - - - - - - In contrib/pg_standby, disable triggering failover with a - signal on Windows (Fujii Masao) - - - - This never did anything useful, because Windows doesn't have Unix-style - signals, but recent changes made it actually crash. - - - - - - Put FREEZE and VERBOSE options in the right - order in the VACUUM command that - contrib/vacuumdb produces (Heikki) - - - - - - Fix possible leak of connections when contrib/dblink - encounters an error (Tatsuhito Kasahara) - - - - - - Ensure psql's flex module is compiled with the correct - system header definitions (Tom) - - - - This fixes build failures on platforms where - --enable-largefile causes incompatible changes in the - generated code. - - - - - - Make the postmaster ignore any application_name parameter in - connection request packets, to improve compatibility with future libpq - versions (Tom) - - - - - - Update the timezone abbreviation files to match current reality (Joachim - Wieland) - - - - This includes adding IDT to the default - timezone abbreviation set. - - - - - - Update time zone data files to tzdata release 2009s - for DST law changes in Antarctica, Argentina, Bangladesh, Fiji, - Novokuznetsk, Pakistan, Palestine, Samoa, Syria; also historical - corrections for Hong Kong. - - - - - - - - - - Release 8.4.1 - - - Release date: - 2009-09-09 - - - - This release contains a variety of fixes from 8.4. - For information about new features in the 8.4 major release, see - . - - - - Migration to Version 8.4.1 - - - A dump/restore is not required for those running 8.4.X. - - - - - - Changes - - - - - - Fix WAL page header initialization at the end of archive recovery - (Heikki) - - - - This could lead to failure to process the WAL in a subsequent - archive recovery. - - - - - - Fix cannot make new WAL entries during recovery error (Tom) - - - - - - Fix problem that could make expired rows visible after a crash (Tom) - - - - This bug involved a page status bit potentially not being set - correctly after a server crash. - - - - - - Disallow RESET ROLE and RESET SESSION - AUTHORIZATION inside security-definer functions (Tom, Heikki) - - - - This covers a case that was missed in the previous patch that - disallowed SET ROLE and SET SESSION - AUTHORIZATION inside security-definer functions. - (See CVE-2007-6600) - - - - - - Make LOAD of an already-loaded loadable module - into a no-op (Tom) - - - - Formerly, LOAD would attempt to unload and re-load the - module, but this is unsafe and not all that useful. - - - - - - Make window function PARTITION BY and ORDER BY - items always be interpreted as simple expressions (Tom) - - - - In 8.4.0 these lists were parsed following the rules used for - top-level GROUP BY and ORDER BY lists. - But this was not correct per the SQL standard, and it led to possible - circularity. - - - - - - Fix several errors in planning of semi-joins (Tom) - - - - These led to wrong query results in some cases where IN - or EXISTS was used together with another join. - - - - - - Fix handling of whole-row references to subqueries that are within - an outer join (Tom) - - - - An example is - SELECT COUNT(ss.*) FROM ... LEFT JOIN (SELECT ...) ss ON .... - Here, ss.* would be treated as ROW(NULL,NULL,...) - for null-extended join rows, which is not the same as a simple NULL. - Now it is treated as a simple NULL. - - - - - - Fix Windows shared-memory allocation code (Tsutomu Yamada, Magnus) - - - - This bug led to the often-reported could not reattach - to shared memory error message. - - - - - - Fix locale handling with plperl (Heikki) - - - - This bug could cause the server's locale setting to change when a - plperl function is called, leading to data corruption. - - - - - - Fix handling of reloptions to ensure setting one option doesn't - force default values for others (Itagaki Takahiro) - - - - - - Ensure that a fast shutdown request will forcibly terminate - open sessions, even if a smart shutdown was already in progress - (Fujii Masao) - - - - - - Avoid memory leak for array_agg() in GROUP BY - queries (Tom) - - - - - - Treat to_char(..., 'TH') as an uppercase ordinal - suffix with 'HH'/'HH12' (Heikki) - - - - It was previously handled as 'th' (lowercase). - - - - - - Include the fractional part in the result of - EXTRACT(second) and - EXTRACT(milliseconds) for - time and time with time zone inputs (Tom) - - - - This has always worked for floating-point datetime configurations, - but was broken in the integer datetime code. - - - - - - Fix overflow for INTERVAL 'x ms' - when x is more than 2 million and integer - datetimes are in use (Alex Hunsaker) - - - - - - Improve performance when processing toasted values in index scans (Tom) - - - - This is particularly useful for PostGIS. - - - - - - Fix a typo that disabled commit_delay (Jeff Janes) - - - - - - Output early-startup messages to postmaster.log if the - server is started in silent mode (Tom) - - - - Previously such error messages were discarded, leading to - difficulty in debugging. - - - - - - Remove translated FAQs (Peter) - - - - They are now on the wiki. The - main FAQ was moved to the wiki some time ago. - - - - - - Fix pg_ctl to not go into an infinite loop if - postgresql.conf is empty (Jeff Davis) - - - - - - Fix several errors in pg_dump's - --binary-upgrade mode (Bruce, Tom) - - - - pg_dump --binary-upgrade is used by pg_migrator. - - - - - - Fix contrib/xml2's xslt_process() to - properly handle the maximum number of parameters (twenty) (Tom) - - - - - - Improve robustness of libpq's code to recover - from errors during COPY FROM STDIN (Tom) - - - - - - Avoid including conflicting readline and editline header files - when both libraries are installed (Zdenek Kotala) - - - - - - Work around gcc bug that causes floating-point exception - instead of division by zero on some platforms (Tom) - - - - - - Update time zone data files to tzdata release 2009l - for DST law changes in Bangladesh, Egypt, Mauritius. - - - - - - - - - - Release 8.4 - - - Release date: - 2009-07-01 - - - - Overview - - - After many years of development, PostgreSQL has - become feature-complete in many areas. This release shows a - targeted approach to adding features (e.g., authentication, - monitoring, space reuse), and adds capabilities defined in the - later SQL standards. The major areas of enhancement are: - - - - - - - - - Windowing Functions - - - - - - Common Table Expressions and Recursive Queries - - - - - - Default and variadic parameters for functions - - - - - - Parallel Restore - - - - - - Column Permissions - - - - - - Per-database locale settings - - - - - - Improved hash indexes - - - - - - Improved join performance for EXISTS and NOT EXISTS queries - - - - - - Easier-to-use Warm Standby - - - - - - Automatic sizing of the Free Space Map - - - - - - Visibility Map (greatly reduces vacuum overhead for slowly-changing tables) - - - - - - Version-aware psql (backslash commands work against older servers) - - - - - - Support SSL certificates for user authentication - - - - - - Per-function runtime statistics - - - - - - Easy editing of functions in psql - - - - - - New contrib modules: pg_stat_statements, auto_explain, citext, btree_gin - - - - - - - The above items are explained in more detail in the sections below. - - - - - - Migration to Version 8.4 - - - A dump/restore using pg_dump is - required for those wishing to migrate data from any previous - release. - - - - Observe the following incompatibilities: - - - - General - - - - - Use 64-bit integer datetimes by default (Neil Conway) - - - - Previously this was selected by configure's - - - - - - Remove ipcclean utility command (Bruce) - - - - The utility only worked on a few platforms. Users should use - their operating system tools instead. - - - - - - - - - Server Settings - - - - - Change default setting for - log_min_messages to warning (previously - it was notice) to reduce log file volume (Tom) - - - - - - Change default setting for max_prepared_transactions to - zero (previously it was 5) (Tom) - - - - - - Make debug_print_parse, debug_print_rewritten, - and debug_print_plan - output appear at LOG message level, not - DEBUG1 as formerly (Tom) - - - - - - Make debug_pretty_print default to on (Tom) - - - - - - Remove explain_pretty_print parameter (no longer needed) (Tom) - - - - - - Make log_temp_files settable by superusers only, like other - logging options (Simon Riggs) - - - - - - Remove automatic appending of the epoch timestamp when no % - escapes are present in log_filename (Robert Haas) - - - - This change was made because some users wanted a fixed log filename, - for use with an external log rotation tool. - - - - - - Remove log_restartpoints from recovery.conf; - instead use log_checkpoints (Simon) - - - - - - Remove krb_realm and krb_server_hostname; - these are now set in pg_hba.conf instead (Magnus) - - - - - - There are also significant changes in pg_hba.conf, - as described below. - - - - - - - - - Queries - - - - - - Change TRUNCATE and LOCK to - apply to child tables of the specified table(s) (Peter) - - - - These commands now accept an ONLY option that prevents - processing child tables; this option must be used if the old - behavior is needed. - - - - - - SELECT DISTINCT and - UNION/INTERSECT/EXCEPT - no longer always produce sorted output (Tom) - - - - Previously, these types of queries always removed duplicate rows - by means of Sort/Unique processing (i.e., sort then remove adjacent - duplicates). Now they can be implemented by hashing, which will not - produce sorted output. If an application relied on the output being - in sorted order, the recommended fix is to add an ORDER BY - clause. As a short-term workaround, the previous behavior can be - restored by disabling enable_hashagg, but that is a very - performance-expensive fix. SELECT DISTINCT ON never uses - hashing, however, so its behavior is unchanged. - - - - - - Force child tables to inherit CHECK constraints from parents - (Alex Hunsaker, Nikhil Sontakke, Tom) - - - - Formerly it was possible to drop such a constraint from a child - table, allowing rows that violate the constraint to be visible - when scanning the parent table. This was deemed inconsistent, - as well as contrary to SQL standard. - - - - - - Disallow negative LIMIT or OFFSET - values, rather than treating them as zero (Simon) - - - - - - Disallow LOCK TABLE outside a transaction block - (Tom) - - - - Such an operation is useless because the lock would be released - immediately. - - - - - - Sequences now contain an additional start_value column - (Zoltan Boszormenyi) - - - - This supports ALTER SEQUENCE ... RESTART. - - - - - - - - - - Functions and Operators - - - - - - Make numeric zero raised to a fractional power return - 0, rather than throwing an error, and make - numeric zero raised to the zero power return 1, - rather than error (Bruce) - - - - This matches the longstanding float8 behavior. - - - - - - Allow unary minus of floating-point values to produce minus zero (Tom) - - - - The changed behavior is more IEEE-standard - compliant. - - - - - - Throw an error if an escape character is the last character in - a LIKE pattern (i.e., it has nothing to escape) (Tom) - - - - Previously, such an escape character was silently ignored, - thus possibly masking application logic errors. - - - - - - Remove ~=~ and ~<>~ operators - formerly used for LIKE index comparisons (Tom) - - - - Pattern indexes now use the regular equality operator. - - - - - - xpath() now passes its arguments to libxml - without any changes (Andrew) - - - - This means that the XML argument must be a well-formed XML document. - The previous coding attempted to allow XML fragments, but it did not - work well. - - - - - - Make xmlelement() format attribute values just like - content values (Peter) - - - - Previously, attribute values were formatted according to the - normal SQL output behavior, which is sometimes at odds with - XML rules. - - - - - - Rewrite memory management for libxml-using functions - (Tom) - - - - This change should avoid some compatibility problems with use of - libxml in PL/Perl and other add-on code. - - - - - - Adopt a faster algorithm for hash functions (Kenneth Marshall, - based on work of Bob Jenkins) - - - - Many of the built-in hash functions now deliver different results on - little-endian and big-endian platforms. - - - - - - - Temporal Functions and Operators - - - - - - DateStyle no longer controls interval output - formatting; instead there is a new variable IntervalStyle - (Ron Mayer) - - - - - - Improve consistency of handling of fractional seconds in - timestamp and interval output (Ron Mayer) - - - - This may result in displaying a different number of fractional - digits than before, or rounding instead of truncating. - - - - - - Make to_char()'s localized month/day names depend - on LC_TIME, not LC_MESSAGES (Euler - Taveira de Oliveira) - - - - - - Cause to_date() and to_timestamp() - to more consistently report errors for invalid input (Brendan - Jurd) - - - - Previous versions would often ignore or silently misread input - that did not match the format string. Such cases will now - result in an error. - - - - - - Fix to_timestamp() to not require upper/lower case - matching for meridian (AM/PM) and era - (BC/AD) format designations (Brendan - Jurd) - - - - For example, input value ad now matches the format - string AD. - - - - - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 8.4 and the previous major - release. - - - - Performance - - - - - Improve optimizer statistics calculations (Jan Urbanski, Tom) - - - - In particular, estimates for full-text-search operators are - greatly improved. - - - - - - Allow SELECT DISTINCT and - UNION/INTERSECT/EXCEPT to - use hashing (Tom) - - - - This means that these types of queries no longer automatically - produce sorted output. - - - - - - Create explicit concepts of semi-joins and anti-joins (Tom) - - - - This work formalizes our previous ad-hoc treatment of IN - (SELECT ...) clauses, and extends it to EXISTS and - NOT EXISTS clauses. It should result in significantly - better planning of EXISTS and NOT EXISTS - queries. In general, logically equivalent IN and - EXISTS clauses should now have similar performance, - whereas previously IN often won. - - - - - - Improve optimization of sub-selects beneath outer joins (Tom) - - - - Formerly, a sub-select or view could not be optimized very well if it - appeared within the nullable side of an outer join and contained - non-strict expressions (for instance, constants) in its result list. - - - - - - Improve the performance of text_position() and - related functions by using Boyer-Moore-Horspool searching (David - Rowley) - - - - This is particularly helpful for long search patterns. - - - - - - Reduce I/O load of writing the statistics collection file - by writing the file only when requested (Martin Pihlak) - - - - - - Improve performance for bulk inserts (Robert Haas, Simon) - - - - - - Increase the default value of default_statistics_target - from 10 to 100 (Greg Sabino Mullane, - Tom) - - - - The maximum value was also increased from 1000 to - 10000. - - - - - - Perform constraint_exclusion checking by default - in queries involving inheritance or UNION ALL (Tom) - - - - A new constraint_exclusion setting, - partition, was added to specify this behavior. - - - - - - Allow I/O read-ahead for bitmap index scans (Greg Stark) - - - - The amount of read-ahead is controlled by - effective_io_concurrency. This feature is available only - if the kernel has posix_fadvise() support. - - - - - - Inline simple set-returning SQL functions in - FROM clauses (Richard Rowell) - - - - - - Improve performance of multi-batch hash joins by providing a special - case for join key values that are especially common in the outer - relation (Bryce Cutt, Ramon Lawrence) - - - - - - Reduce volume of temporary data in multi-batch hash joins - by suppressing physical tlist optimization (Michael - Henderson, Ramon Lawrence) - - - - - - Avoid waiting for idle-in-transaction sessions during - CREATE INDEX CONCURRENTLY (Simon) - - - - - - Improve performance of shared cache invalidation (Tom) - - - - - - - - - Server - - - Settings - - - - - - Convert many postgresql.conf settings to enumerated - values so that pg_settings can display the valid - values (Magnus) - - - - - - Add cursor_tuple_fraction parameter to control the - fraction of a cursor's rows that the planner assumes will be - fetched (Robert Hell) - - - - - - Allow underscores in the names of custom variable - classes in postgresql.conf (Tom) - - - - - - - - - Authentication and security - - - - - Remove support for the (insecure) crypt authentication method - (Magnus) - - - - This effectively obsoletes pre-PostgreSQL 7.2 client - libraries, as there is no longer any non-plaintext password method that - they can use. - - - - - - Support regular expressions in pg_ident.conf - (Magnus) - - - - - - Allow Kerberos/GSSAPI parameters - to be changed without restarting the postmaster (Magnus) - - - - - - Support SSL certificate chains in server certificate - file (Andrew Gierth) - - - - Including the full certificate chain makes the client able - to verify the certificate without having all intermediate CA - certificates present in the local store, which is often the case for - commercial CAs. - - - - - - Report appropriate error message for combination of MD5 - authentication and db_user_namespace enabled (Bruce) - - - - - - - - <filename>pg_hba.conf</> - - - - - Change all authentication options to use name=value - syntax (Magnus) - - - - This makes incompatible changes to the ldap, - pam and ident authentication methods. All - pg_hba.conf entries with these methods need to be - rewritten using the new format. - - - - - - Remove the ident sameuser option, instead making that - behavior the default if no usermap is specified (Magnus) - - - - - - Allow a usermap parameter for all external authentication methods - (Magnus) - - - - Previously a usermap was only supported for ident - authentication. - - - - - - Add clientcert option to control requesting of a - client certificate (Magnus) - - - - Previously this was controlled by the presence of a root - certificate file in the server's data directory. - - - - - - Add cert authentication method to allow - user authentication via SSL certificates - (Magnus) - - - - Previously SSL certificates could only verify that - the client had access to a certificate, not authenticate a - user. - - - - - - Allow krb5, gssapi and sspi - realm and krb5 host settings to be specified in - pg_hba.conf (Magnus) - - - - These override the settings in postgresql.conf. - - - - - - Add include_realm parameter for krb5, - gssapi, and sspi methods (Magnus) - - - - This allows identical usernames from different realms to be - authenticated as different database users using usermaps. - - - - - - Parse pg_hba.conf fully when it is loaded, - so that errors are reported immediately (Magnus) - - - - Previously, most errors in the file wouldn't be detected until clients - tried to connect, so an erroneous file could render the system - unusable. With the new behavior, if an error is detected during - reload then the bad file is rejected and the postmaster continues - to use its old copy. - - - - - - Show all parsing errors in pg_hba.conf instead of - aborting after the first one (Selena Deckelmann) - - - - - - Support ident authentication over Unix-domain sockets - on Solaris (Garick Hamlin) - - - - - - - - - Continuous Archiving - - - - - Provide an option to pg_start_backup() to force its - implied checkpoint to finish as quickly as possible (Tom) - - - - The default behavior avoids excess I/O consumption, but that is - pointless if no concurrent query activity is going on. - - - - - - Make pg_stop_backup() wait for modified WAL - files to be archived (Simon) - - - - This guarantees that the backup is valid at the time - pg_stop_backup() completes. - - - - - - When archiving is enabled, rotate the last WAL segment at shutdown - so that all transactions can be archived immediately - (Guillaume Smet, Heikki) - - - - - - Delay smart shutdown while a continuous archiving base backup - is in progress (Laurenz Albe) - - - - - - Cancel a continuous archiving base backup if fast shutdown - is requested (Laurenz Albe) - - - - - - Allow recovery.conf boolean variables to take the - same range of string values as postgresql.conf - boolean variables - (Bruce) - - - - - - - - - Monitoring - - - - - Add pg_conf_load_time() to report when - the PostgreSQL configuration files were last loaded - (George Gensure) - - - - - - Add pg_terminate_backend() to safely terminate a - backend (the SIGTERM signal works also) (Tom, Bruce) - - - - While it's always been possible to SIGTERM a single - backend, this was previously considered unsupported; and testing - of the case found some bugs that are now fixed. - - - - - - Add ability to track user-defined functions' call counts and - runtimes (Martin Pihlak) - - - - Function statistics appear in a new system view, - pg_stat_user_functions. Tracking is controlled - by the new parameter track_functions. - - - - - - Allow specification of the maximum query string size in - pg_stat_activity via new - track_activity_query_size parameter (Thomas Lee) - - - - - - Increase the maximum line length sent to syslog, in - hopes of improving performance (Tom) - - - - - - Add read-only configuration variables segment_size, - wal_block_size, and wal_segment_size - (Bernd Helmle) - - - - - - When reporting a deadlock, report the text of all queries involved - in the deadlock to the server log (Itagaki Takahiro) - - - - - - Add pg_stat_get_activity(pid) function to return - information about a specific process id (Magnus) - - - - - - Allow the location of the server's statistics file to be specified - via stats_temp_directory (Magnus) - - - - This allows the statistics file to be placed in a - RAM-resident directory to reduce I/O requirements. - On startup/shutdown, the file is copied to its traditional location - ($PGDATA/global/) so it is preserved across restarts. - - - - - - - - - - - Queries - - - - - Add support for WINDOW functions (Hitoshi Harada) - - - - - - Add support for WITH clauses (CTEs), including WITH - RECURSIVE (Yoshiyuki Asaba, Tatsuo Ishii, Tom) - - - - - - Add TABLE command (Peter) - - - - TABLE tablename is a SQL standard short-hand for - SELECT * FROM tablename. - - - - - - Allow AS to be optional when specifying a - SELECT (or RETURNING) column output - label (Hiroshi Saito) - - - - This works so long as the column label is not any - PostgreSQL keyword; otherwise AS is still - needed. - - - - - - Support set-returning functions in SELECT result lists - even for functions that return their result via a tuplestore (Tom) - - - - In particular, this means that functions written in PL/pgSQL - and other PL languages can now be called this way. - - - - - - Support set-returning functions in the output of aggregation - and grouping queries (Tom) - - - - - - Allow SELECT FOR UPDATE/SHARE to work - on inheritance trees (Tom) - - - - - - Add infrastructure for SQL/MED (Martin Pihlak, - Peter) - - - - There are no remote or external SQL/MED capabilities - yet, but this change provides a standardized and future-proof - system for managing connection information for modules like - dblink and plproxy. - - - - - - Invalidate cached plans when referenced schemas, functions, operators, - or operator classes are modified (Martin Pihlak, Tom) - - - - This improves the system's ability to respond to on-the-fly - DDL changes. - - - - - Allow comparison of composite types and allow arrays of - anonymous composite types (Tom) - - - - This allows constructs such as - row(1, 1.1) = any (array[row(7, 7.7), row(1, 1.0)]). - This is particularly useful in recursive queries. - - - - - - Add support for Unicode string literal and identifier specifications - using code points, e.g. U&'d\0061t\+000061' - (Peter) - - - - - - Reject \000 in string literals and COPY data - (Tom) - - - - Previously, this was accepted but had the effect of terminating - the string contents. - - - - - - Improve the parser's ability to report error locations (Tom) - - - - An error location is now reported for many semantic errors, - such as mismatched datatypes, that previously could not be localized. - - - - - - - <command>TRUNCATE</> - - - - - Support statement-level ON TRUNCATE triggers (Simon) - - - - - - Add RESTART/CONTINUE IDENTITY options - for TRUNCATE TABLE - (Zoltan Boszormenyi) - - - - The start value of a sequence can be changed by ALTER - SEQUENCE START WITH. - - - - - - Allow TRUNCATE tab1, tab1 to succeed (Bruce) - - - - - - Add a separate TRUNCATE permission (Robert Haas) - - - - - - - - - <command>EXPLAIN</> - - - - - Make EXPLAIN VERBOSE show the output columns of each - plan node (Tom) - - - - Previously EXPLAIN VERBOSE output an internal - representation of the query plan. (That behavior is now - available via debug_print_plan.) - - - - - - Make EXPLAIN identify subplans and initplans with - individual labels (Tom) - - - - - - Make EXPLAIN honor debug_print_plan (Tom) - - - - - - Allow EXPLAIN on CREATE TABLE AS (Peter) - - - - - - - - - <literal>LIMIT</>/<literal>OFFSET</> - - - - - Allow sub-selects in LIMIT and OFFSET (Tom) - - - - - - Add SQL-standard syntax for - LIMIT/OFFSET capabilities (Peter) - - - - To wit, - OFFSET num {ROW|ROWS} FETCH {FIRST|NEXT} [num] {ROW|ROWS} - ONLY. - - - - - - - - - - - Object Manipulation - - - - - Add support for column-level privileges (Stephen Frost, KaiGai - Kohei) - - - - - - Refactor multi-object DROP operations to reduce the - need for CASCADE (Alex Hunsaker) - - - - For example, if table B has a dependency on table - A, the command DROP TABLE A, B no longer - requires the CASCADE option. - - - - - - Fix various problems with concurrent DROP commands - by ensuring that locks are taken before we begin to drop dependencies - of an object (Tom) - - - - - - Improve reporting of dependencies during DROP - commands (Tom) - - - - - - Add WITH [NO] DATA clause to CREATE TABLE - AS, per the SQL standard (Peter, Tom) - - - - - - Add support for user-defined I/O conversion casts (Heikki) - - - - - - Allow CREATE AGGREGATE to use an internal - transition datatype (Tom) - - - - - - Add LIKE clause to CREATE TYPE (Tom) - - - - This simplifies creation of data types that use the same internal - representation as an existing type. - - - - - - Allow specification of the type category and preferred - status for user-defined base types (Tom) - - - - This allows more control over the coercion behavior of user-defined - types. - - - - - - Allow CREATE OR REPLACE VIEW to add columns to the - end of a view (Robert Haas) - - - - - - - <command>ALTER</> - - - - - Add ALTER TYPE RENAME (Petr Jelinek) - - - - - - Add ALTER SEQUENCE ... RESTART (with no parameter) to - reset a sequence to its initial value (Zoltan Boszormenyi) - - - - - - Modify the ALTER TABLE syntax to allow all reasonable - combinations for tables, indexes, sequences, and views (Tom) - - - - This change allows the following new syntaxes: - - - - - ALTER SEQUENCE OWNER TO - - - - - ALTER VIEW ALTER COLUMN SET/DROP DEFAULT - - - - - ALTER VIEW OWNER TO - - - - - ALTER VIEW SET SCHEMA - - - - - There is no actual new functionality here, but formerly - you had to say ALTER TABLE to do these things, - which was confusing. - - - - - - Add support for the syntax ALTER TABLE ... ALTER COLUMN - ... SET DATA TYPE (Peter) - - - - This is SQL-standard syntax for functionality that - was already supported. - - - - - - Make ALTER TABLE SET WITHOUT OIDS rewrite the table - to physically remove OID values (Tom) - - - - Also, add ALTER TABLE SET WITH OIDS to rewrite the - table to add OIDs. - - - - - - - - - Database Manipulation - - - - - Improve reporting of - CREATE/DROP/RENAME DATABASE - failure when uncommitted prepared transactions are the cause - (Tom) - - - - - - Make LC_COLLATE and LC_CTYPE into - per-database settings (Radek Strnad, Heikki) - - - - This makes collation similar to encoding, which was always - configurable per database. - - - - - - Improve checks that the database encoding, collation - (LC_COLLATE), and character classes - (LC_CTYPE) match (Heikki, Tom) - - - - Note in particular that a new database's encoding and locale - settings can be changed only when copying from template0. - This prevents possibly copying data that doesn't match the settings. - - - - - - Add ALTER DATABASE SET TABLESPACE to move a database - to a new tablespace (Guillaume Lelarge, Bernd Helmle) - - - - - - - - - - - Utility Operations - - - - - - Add a VERBOSE option to the CLUSTER command and - clusterdb (Jim Cox) - - - - - - Decrease memory requirements for recording pending trigger - events (Tom) - - - - - - - Indexes - - - - - Dramatically improve the speed of building and accessing hash - indexes (Tom Raney, Shreya Bhargava) - - - - This allows hash indexes to be sometimes faster than btree - indexes. However, hash indexes are still not crash-safe. - - - - - - Make hash indexes store only the hash code, not the full value of - the indexed column (Xiao Meng) - - - - This greatly reduces the size of hash indexes for long indexed - values, improving performance. - - - - - - Implement fast update option for GIN indexes (Teodor, Oleg) - - - - This option greatly improves update speed at a small penalty in search - speed. - - - - - - xxx_pattern_ops indexes can now be used for simple - equality comparisons, not only for LIKE (Tom) - - - - - - - - - Full Text Indexes - - - - - Remove the requirement to use @@@ when doing - GIN weighted lookups on full text indexes (Tom, Teodor) - - - - The normal @@ text search operator can be used - instead. - - - - - - Add an optimizer selectivity function for @@ text - search operations (Jan Urbanski) - - - - - - Allow prefix matching in full text searches (Teodor Sigaev, - Oleg Bartunov) - - - - - - Support multi-column GIN indexes (Teodor Sigaev) - - - - - - Improve support for Nepali language and Devanagari alphabet (Teodor) - - - - - - - - - <command>VACUUM</> - - - - - Track free space in separate per-relation fork files (Heikki) - - - - Free space discovered by VACUUM is now recorded in - *_fsm files, rather than in a fixed-sized shared memory - area. The max_fsm_pages and max_fsm_relations - settings have been removed, greatly simplifying administration of - free space management. - - - - - - Add a visibility map to track pages that do not require - vacuuming (Heikki) - - - - This allows VACUUM to avoid scanning all of - a table when only a portion of the table needs vacuuming. - The visibility map is stored in per-relation fork files. - - - - - - Add vacuum_freeze_table_age parameter to control - when VACUUM should ignore the visibility map and - do a full table scan to freeze tuples (Heikki) - - - - - - Track transaction snapshots more carefully (Alvaro) - - - - This improves VACUUM's ability to reclaim space - in the presence of long-running transactions. - - - - - - Add ability to specify per-relation autovacuum and TOAST - parameters in CREATE TABLE (Alvaro, Euler Taveira de - Oliveira) - - - - Autovacuum options used to be stored in a system table. - - - - - - Add --freeze option to vacuumdb - (Bruce) - - - - - - - - - - - Data Types - - - - - Add a CaseSensitive option for text search synonym - dictionaries (Simon) - - - - - - Improve the precision of NUMERIC division (Tom) - - - - - - Add basic arithmetic operators for int2 with int8 - (Tom) - - - - This eliminates the need for explicit casting in some situations. - - - - - - Allow UUID input to accept an optional hyphen after - every fourth digit (Robert Haas) - - - - - - Allow on/off as input for the boolean data type - (Itagaki Takahiro) - - - - - - Allow spaces around NaN in the input string for - type numeric (Sam Mason) - - - - - - - Temporal Data Types - - - - - Reject year 0 BC and years 000 and - 0000 (Tom) - - - - Previously these were interpreted as 1 BC. - (Note: years 0 and 00 are still assumed to be - the year 2000.) - - - - - - Include SGT (Singapore time) in the default list of - known time zone abbreviations (Tom) - - - - - - Support infinity and -infinity as - values of type date (Tom) - - - - - - Make parsing of interval literals more standard-compliant - (Tom, Ron Mayer) - - - - For example, INTERVAL '1' YEAR now does what it's - supposed to. - - - - - - Allow interval fractional-seconds precision to be specified - after the second keyword, for SQL standard - compliance (Tom) - - - - Formerly the precision had to be specified after the keyword - interval. (For backwards compatibility, this syntax is still - supported, though deprecated.) Data type definitions will now be - output using the standard format. - - - - - - Support the IS0 8601 interval syntax (Ron - Mayer, Kevin Grittner) - - - - For example, INTERVAL 'P1Y2M3DT4H5M6.7S' is now - supported. - - - - - - Add IntervalStyle parameter - which controls how interval values are output (Ron Mayer) - - - - Valid values are: postgres, postgres_verbose, - sql_standard, iso_8601. This setting also - controls the handling of negative interval input when only - some fields have positive/negative designations. - - - - - - Improve consistency of handling of fractional seconds in - timestamp and interval output (Ron Mayer) - - - - - - - - - Arrays - - - - - Improve the handling of casts applied to ARRAY[] - constructs, such as ARRAY[...]::integer[] - (Brendan Jurd) - - - - Formerly PostgreSQL attempted to determine a data type - for the ARRAY[] construct without reference to the ensuing - cast. This could fail unnecessarily in many cases, in particular when - the ARRAY[] construct was empty or contained only - ambiguous entries such as NULL. Now the cast is consulted - to determine the type that the array elements must be. - - - - - - Make SQL-syntax ARRAY dimensions optional - to match the SQL standard (Peter) - - - - - - Add array_ndims() to return the number - of dimensions of an array (Robert Haas) - - - - - - Add array_length() to return the length - of an array for a specified dimension (Jim Nasby, Robert - Haas, Peter Eisentraut) - - - - - - Add aggregate function array_agg(), which - returns all aggregated values as a single array (Robert Haas, - Jeff Davis, Peter) - - - - - - Add unnest(), which converts an array to - individual row values (Tom) - - - - This is the opposite of array_agg(). - - - - - - Add array_fill() to create arrays initialized with - a value (Pavel Stehule) - - - - - - Add generate_subscripts() to simplify generating - the range of an array's subscripts (Pavel Stehule) - - - - - - - - - Wide-Value Storage (<acronym>TOAST</>) - - - - - Consider TOAST compression on values as short as - 32 bytes (previously 256 bytes) (Greg Stark) - - - - - - Require 25% minimum space savings before using TOAST - compression (previously 20% for small values and any-savings-at-all - for large values) (Greg) - - - - - - Improve TOAST heuristics for rows that have a mix of large - and small toastable fields, so that we prefer to push large values out - of line and don't compress small values unnecessarily (Greg, Tom) - - - - - - - - - - - Functions - - - - - Document that setseed() allows values from - -1 to 1 (not just 0 to - 1), and enforce the valid range (Kris Jurka) - - - - - - Add server-side function lo_import(filename, oid) - (Tatsuo) - - - - - - Add quote_nullable(), which behaves like - quote_literal() but returns the string NULL for - a null argument (Brendan Jurd) - - - - - - Improve full text search headline() function to - allow extracting several fragments of text (Sushant Sinha) - - - - - - Add suppress_redundant_updates_trigger() trigger - function to avoid overhead for non-data-changing updates (Andrew) - - - - - - Add div(numeric, numeric) to perform numeric - division without rounding (Tom) - - - - - - Add timestamp and timestamptz versions of - generate_series() (Hitoshi Harada) - - - - - - - Object Information Functions - - - - - Implement current_query() for use by functions - that need to know the currently running query (Tomas Doran) - - - - - - Add pg_get_keywords() to return a list of the - parser keywords (Dave Page) - - - - - - Add pg_get_functiondef() to see a function's - definition (Abhijit Menon-Sen) - - - - - - Allow the second argument of pg_get_expr() to be zero - when deparsing an expression that does not contain variables (Tom) - - - - - - Modify pg_relation_size() to use regclass - (Heikki) - - - - pg_relation_size(data_type_name) no longer works. - - - - - - Add boot_val and reset_val columns to - pg_settings output (Greg Smith) - - - - - - Add source file name and line number columns to - pg_settings output for variables set in a configuration - file (Magnus, Alvaro) - - - - For security reasons, these columns are only visible to superusers. - - - - - - Add support for CURRENT_CATALOG, - CURRENT_SCHEMA, SET CATALOG, SET - SCHEMA (Peter) - - - - These provide SQL-standard syntax for existing features. - - - - - - Add pg_typeof() which returns the data type - of any value (Brendan Jurd) - - - - - - Make version() return information about whether - the server is a 32- or 64-bit binary (Bruce) - - - - - - Fix the behavior of information schema columns - is_insertable_into and is_updatable to - be consistent (Peter) - - - - - - Improve the behavior of information schema - datetime_precision columns (Peter) - - - - These columns now show zero for date columns, and 6 - (the default precision) for time, timestamp, and - interval without a declared precision, rather than showing - null as formerly. - - - - - - Convert remaining builtin set-returning functions to use - OUT parameters (Jaime Casanova) - - - - This makes it possible to call these functions without specifying - a column list: pg_show_all_settings(), - pg_lock_status(), pg_prepared_xact(), - pg_prepared_statement(), pg_cursor() - - - - - - Make pg_*_is_visible() and - has_*_privilege() functions return NULL - for invalid OIDs, rather than reporting an error (Tom) - - - - - - Extend has_*_privilege() functions to allow inquiring - about the OR of multiple privileges in one call (Stephen - Frost, Tom) - - - - - - Add has_column_privilege() and - has_any_column_privilege() functions (Stephen - Frost, Tom) - - - - - - - - - Function Creation - - - - - Support variadic functions (functions with a variable number - of arguments) (Pavel Stehule) - - - - Only trailing arguments can be optional, and they all must be - of the same data type. - - - - - - Support default values for function arguments (Pavel Stehule) - - - - - - Add CREATE FUNCTION ... RETURNS TABLE clause (Pavel - Stehule) - - - - - - Allow SQL-language functions to return the output - of an INSERT/UPDATE/DELETE - RETURNING clause (Tom) - - - - - - - - - PL/pgSQL Server-Side Language - - - - - Support EXECUTE USING for easier insertion of data - values into a dynamic query string (Pavel Stehule) - - - - - - Allow looping over the results of a cursor using a FOR - loop (Pavel Stehule) - - - - - - Support RETURN QUERY EXECUTE (Pavel - Stehule) - - - - - - Improve the RAISE command (Pavel Stehule) - - - - - Support DETAIL and HINT fields - - - - - Support specification of the SQLSTATE error code - - - - - Support an exception name parameter - - - - - Allow RAISE without parameters in an exception - block to re-throw the current error - - - - - - - - - Allow specification of SQLSTATE codes - in EXCEPTION lists (Pavel Stehule) - - - - This is useful for handling custom SQLSTATE codes. - - - - - - Support the CASE statement (Pavel Stehule) - - - - - - Make RETURN QUERY set the special FOUND and - GET DIAGNOSTICS ROW_COUNT variables - (Pavel Stehule) - - - - - - Make FETCH and MOVE set the - GET DIAGNOSTICS ROW_COUNT variable - (Andrew Gierth) - - - - - - Make EXIT without a label always exit the innermost - loop (Tom) - - - - Formerly, if there were a BEGIN block more closely nested - than any loop, it would exit that block instead. The new behavior - matches Oracle(TM) and is also what was previously stated by our own - documentation. - - - - - - Make processing of string literals and nested block comments - match the main SQL parser's processing (Tom) - - - - In particular, the format string in RAISE now works - the same as any other string literal, including being subject - to standard_conforming_strings. This change also - fixes other cases in which valid commands would fail when - standard_conforming_strings is on. - - - - - - Avoid memory leakage when the same function is called at varying - exception-block nesting depths (Tom) - - - - - - - - - - - Client Applications - - - - - - Fix pg_ctl restart to preserve command-line arguments - (Bruce) - - - - - - Add -w/--no-password option that - prevents password prompting in all utilities that have a - -W/--password option (Peter) - - - - - - Remove - - - These options have had no effect since PostgreSQL - 8.3. - - - - - - - <application>psql</> - - - - - Remove verbose startup banner; now just suggest help - (Joshua Drake) - - - - - - Make help show common backslash commands (Greg - Sabino Mullane) - - - - - - Add \pset format wrapped mode to wrap output to the - screen width, or file/pipe output too if \pset columns - is set (Bryce Nesbitt) - - - - - - Allow all supported spellings of boolean values in \pset, - rather than just on and off (Bruce) - - - - Formerly, any string other than off was silently taken - to mean true. psql will now complain - about unrecognized spellings (but still take them as true). - - - - - - Use the pager for wide output (Bruce) - - - - - - Require a space between a one-letter backslash command and its first - argument (Bernd Helmle) - - - - This removes a historical source of ambiguity. - - - - - - Improve tab completion support for schema-qualified and - quoted identifiers (Greg Sabino Mullane) - - - - - - Add optional on/off argument for - \timing (David Fetter) - - - - - - Display access control rights on multiple lines (Brendan - Jurd, Andreas Scherbaum) - - - - - - Make \l show database access privileges (Andrew Gilligan) - - - - - - Make \l+ show database sizes, if permissions - allow (Andrew Gilligan) - - - - - - Add the \ef command to edit function definitions - (Abhijit Menon-Sen) - - - - - - - - - <application>psql</> \d* commands - - - - - - Make \d* commands that do not have a pattern argument - show system objects only if the S modifier is specified - (Greg Sabino Mullane, Bruce) - - - - The former behavior was inconsistent across different variants - of \d, and in most cases it provided no easy way to see - just user objects. - - - - - - Improve \d* commands to work with older - PostgreSQL server versions (back to 7.4), - not only the current server version - (Guillaume Lelarge) - - - - - - Make \d show foreign-key constraints that reference - the selected table (Kenneth D'Souza) - - - - - - Make \d on a sequence show its column values - (Euler Taveira de Oliveira) - - - - - - Add column storage type and other relation options to the - \d+ display (Gregory Stark, Euler Taveira de - Oliveira) - - - - - - Show relation size in \dt+ output (Dickson S. - Guedes) - - - - - - Show the possible values of enum types in \dT+ - (David Fetter) - - - - - - Allow \dC to accept a wildcard pattern, which matches - either datatype involved in the cast (Tom) - - - - - - Add a function type column to \df's output, and add - options to list only selected types of functions (David Fetter) - - - - - - Make \df not hide functions that take or return - type cstring (Tom) - - - - Previously, such functions were hidden because most of them are - datatype I/O functions, which were deemed uninteresting. The new - policy about hiding system functions by default makes this wart - unnecessary. - - - - - - - - - <application>pg_dump</> - - - - - Add a --no-tablespaces option to - pg_dump/pg_dumpall/pg_restore - so that dumps can be restored to clusters that have non-matching - tablespace layouts (Gavin Roy) - - - - - - Remove - - - These options were too frequently confused with the option to - select a database name in other PostgreSQL - client applications. The functionality is still available, - but you must now spell out the long option name - - - - - - Remove - - - Use of this option does not throw an error, but it has no - effect. This option was removed because the version checks - are necessary for safety. - - - - - - Disable statement_timeout during dump and restore - (Joshua Drake) - - - - - - Add pg_dump/pg_dumpall option - - - - This allows dumps to fail if unable to acquire a shared lock - within the specified amount of time. - - - - - - Reorder pg_dump --data-only output - to dump tables referenced by foreign keys before - the referencing tables (Tom) - - - - This allows data loads when foreign keys are already present. - If circular references make a safe ordering impossible, a - NOTICE is issued. - - - - - - Allow pg_dump, pg_dumpall, and - pg_restore to use a specified role (Benedek - László) - - - - - - Allow pg_restore to use multiple concurrent - connections to do the restore (Andrew) - - - - The number of concurrent connections is controlled by the option - --jobs. This is supported only for custom-format archives. - - - - - - - - - - - Programming Tools - - - <application>libpq</> - - - - - Allow the OID to be specified when importing a large - object, via new function lo_import_with_oid() (Tatsuo) - - - - - - Add events support (Andrew Chernow, Merlin Moncure) - - - - This adds the ability to register callbacks to manage private - data associated with PGconn and PGresult - objects. - - - - - - Improve error handling to allow the return of multiple - error messages as multi-line error reports (Magnus) - - - - - - Make PQexecParams() and related functions return - PGRES_EMPTY_QUERY for an empty query (Tom) - - - - They previously returned PGRES_COMMAND_OK. - - - - - - Document how to avoid the overhead of WSACleanup() - on Windows (Andrew Chernow) - - - - - - Do not rely on Kerberos tickets to determine the default database - username (Magnus) - - - - Previously, a Kerberos-capable build of libpq would use the - principal name from any available Kerberos ticket as default - database username, even if the connection wasn't using Kerberos - authentication. This was deemed inconsistent and confusing. - The default username is now determined the same way with or - without Kerberos. Note however that the database username must still - match the ticket when Kerberos authentication is used. - - - - - - - - <application>libpq</> <acronym>SSL</> (Secure Sockets Layer) - support - - - - - Fix certificate validation for SSL connections - (Magnus) - - - - libpq now supports verifying both the certificate - and the name of the server when making SSL - connections. If a root certificate is not available to use for - verification, SSL connections will fail. The - sslmode parameter is used to enable certificate - verification and set the level of checking. - The default is still not to do any verification, allowing connections - to SSL-enabled servers without requiring a root certificate on the - client. - - - - - - Support wildcard server certificates (Magnus) - - - - If a certificate CN starts with *, it will - be treated as a wildcard when matching the hostname, allowing the - use of the same certificate for multiple servers. - - - - - - Allow the file locations for client certificates to be specified - (Mark Woodward, Alvaro, Magnus) - - - - - - Add a PQinitOpenSSL function to allow greater control - over OpenSSL/libcrypto initialization (Andrew Chernow) - - - - - - Make libpq unregister its OpenSSL - callbacks when no database connections remain open - (Bruce, Magnus, Russell Smith) - - - - This is required for applications that unload the libpq library, - otherwise invalid OpenSSL callbacks will remain. - - - - - - - - - <application>ecpg</> - - - - - Add localization support for messages (Euler Taveira de - Oliveira) - - - - - - ecpg parser is now automatically generated from the server - parser (Michael) - - - - Previously the ecpg parser was hand-maintained. - - - - - - - - - Server Programming Interface (<acronym>SPI</>) - - - - - Add support for single-use plans with out-of-line - parameters (Tom) - - - - - - Add new SPI_OK_REWRITTEN return code for - SPI_execute() (Heikki) - - - - This is used when a command is rewritten to another type of - command. - - - - - - Remove unnecessary inclusions from executor/spi.h (Tom) - - - - SPI-using modules might need to add some #include - lines if they were depending on spi.h to include - things for them. - - - - - - - - - - - Build Options - - - - - Update build system to use Autoconf 2.61 (Peter) - - - - - - Require GNU bison for source code builds (Peter) - - - - This has effectively been required for several years, but now there - is no infrastructure claiming to support other parser tools. - - - - - - Add pg_config --htmldir option - (Peter) - - - - - - Pass float4 by value inside the server (Zoltan - Boszormenyi) - - - - Add configure option - --disable-float4-byval to use the old behavior. - External C functions that use old-style (version 0) call convention - and pass or return float4 values will be broken by this - change, so you may need the configure option if you - have such functions and don't want to update them. - - - - - - Pass float8, int8, and related datatypes - by value inside the server on 64-bit platforms (Zoltan Boszormenyi) - - - - Add configure option - --disable-float8-byval to use the old behavior. - As above, this change might break old-style external C functions. - - - - - - Add configure options --with-segsize, - --with-blocksize, --with-wal-blocksize, - --with-wal-segsize (Zdenek Kotala, Tom) - - - - This simplifies build-time control over several constants that - previously could only be changed by editing - pg_config_manual.h. - - - - - - Allow threaded builds on Solaris 2.5 (Bruce) - - - - - - Use the system's getopt_long() on Solaris - (Zdenek Kotala, Tom) - - - - This makes option processing more consistent with what Solaris users - expect. - - - - - - Add support for the Sun Studio compiler on - Linux (Julius Stroffek) - - - - - - Append the major version number to the backend gettext - domain, and the soname major version number to - libraries' gettext domain (Peter) - - - - This simplifies parallel installations of multiple versions. - - - - - - Add support for code coverage testing with gcov - (Michelle Caisse) - - - - - - Allow out-of-tree builds on Mingw and - Cygwin (Richard Evans) - - - - - - Fix the use of Mingw as a cross-compiling source - platform (Peter) - - - - - - - - - Source Code - - - - - Support 64-bit time zone data files (Heikki) - - - - This adds support for daylight saving time (DST) - calculations beyond the year 2038. - - - - - - Deprecate use of platform's time_t data type (Tom) - - - - Some platforms have migrated to 64-bit time_t, some have - not, and Windows can't make up its mind what it's doing. Define - pg_time_t to have the same meaning as time_t, - but always be 64 bits (unless the platform has no 64-bit integer type), - and use that type in all module APIs and on-disk data formats. - - - - - - Fix bug in handling of the time zone database when cross-compiling - (Richard Evans) - - - - - - Link backend object files in one step, rather than in stages - (Peter) - - - - - - Improve gettext support to allow better translation - of plurals (Peter) - - - - - - Add message translation support to the PL languages (Alvaro, Peter) - - - - - - Add more DTrace probes (Robert Lor) - - - - - - Enable DTrace support on Mac OS X - Leopard and other non-Solaris platforms (Robert Lor) - - - - - - Simplify and standardize conversions between C strings and - text datums, by providing common functions for the purpose - (Brendan Jurd, Tom) - - - - - - Clean up the include/catalog/ header files so that - frontend programs can include them without including - postgres.h - (Zdenek Kotala) - - - - - - Make name char-aligned, and suppress zero-padding of - name entries in indexes (Tom) - - - - - - Recover better if dynamically-loaded code executes exit() - (Tom) - - - - - - Add a hook to let plug-ins monitor the executor (Itagaki - Takahiro) - - - - - - Add a hook to allow the planner's statistics lookup behavior to - be overridden (Simon Riggs) - - - - - - Add shmem_startup_hook() for custom shared memory - requirements (Tom) - - - - - - Replace the index access method amgetmulti entry point - with amgetbitmap, and extend the API for - amgettuple to support run-time determination of - operator lossiness (Heikki, Tom, Teodor) - - - - The API for GIN and GiST opclass consistent functions - has been extended as well. - - - - - - Add support for partial-match searches in GIN indexes - (Teodor Sigaev, Oleg Bartunov) - - - - - - Replace pg_class column reltriggers - with boolean relhastriggers (Simon) - - - - Also remove unused pg_class columns - relukeys, relfkeys, and - relrefs. - - - - - - Add a relistemp column to pg_class - to ease identification of temporary tables (Tom) - - - - - - Move platform FAQs into the main documentation - (Peter) - - - - - - Prevent parser input files from being built with any conflicts - (Peter) - - - - - - Add support for the KOI8U (Ukrainian) encoding - (Peter) - - - - - - Add Japanese message translations (Japan PostgreSQL Users Group) - - - - This used to be maintained as a separate project. - - - - - - Fix problem when setting LC_MESSAGES on - MSVC-built systems (Hiroshi Inoue, Hiroshi - Saito, Magnus) - - - - - - - - - Contrib - - - - - - Add contrib/auto_explain to automatically run - EXPLAIN on queries exceeding a specified duration - (Itagaki Takahiro, Tom) - - - - - - Add contrib/btree_gin to allow GIN indexes to - handle more datatypes (Oleg, Teodor) - - - - - - Add contrib/citext to provide a case-insensitive, - multibyte-aware text data type (David Wheeler) - - - - - - Add contrib/pg_stat_statements for server-wide - tracking of statement execution statistics (Itagaki Takahiro) - - - - - - Add duration and query mode options to contrib/pgbench - (Itagaki Takahiro) - - - - - - Make contrib/pgbench use table names - pgbench_accounts, pgbench_branches, - pgbench_history, and pgbench_tellers, - rather than just accounts, branches, - history, and tellers (Tom) - - - - This is to reduce the risk of accidentally destroying real data - by running pgbench. - - - - - - Fix contrib/pgstattuple to handle tables and - indexes with over 2 billion pages (Tatsuhito Kasahara) - - - - - - In contrib/fuzzystrmatch, add a version of the - Levenshtein string-distance function that allows the user to - specify the costs of insertion, deletion, and substitution - (Volkan Yazici) - - - - - - Make contrib/ltree support multibyte encodings - (laser) - - - - - - Enable contrib/dblink to use connection information - stored in the SQL/MED catalogs (Joe Conway) - - - - - - Improve contrib/dblink's reporting of errors from - the remote server (Joe Conway) - - - - - - Make contrib/dblink set client_encoding - to match the local database's encoding (Joe Conway) - - - - This prevents encoding problems when communicating with a remote - database that uses a different encoding. - - - - - - Make sure contrib/dblink uses a password supplied - by the user, and not accidentally taken from the server's - .pgpass file (Joe Conway) - - - - This is a minor security enhancement. - - - - - - Add fsm_page_contents() - to contrib/pageinspect (Heikki) - - - - - - Modify get_raw_page() to support free space map - (*_fsm) files. Also update - contrib/pg_freespacemap. - - - - - - Add support for multibyte encodings to contrib/pg_trgm - (Teodor) - - - - - - Rewrite contrib/intagg to use new - functions array_agg() and unnest() - (Tom) - - - - - - Make contrib/pg_standby recover all available WAL before - failover (Fujii Masao, Simon, Heikki) - - - - To make this work safely, you now need to set the new - recovery_end_command option in recovery.conf - to clean up the trigger file after failover. pg_standby - will no longer remove the trigger file itself. - - - - - - contrib/pg_standby's - - - - - - - diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml deleted file mode 100644 index c50203a5c8..0000000000 --- a/doc/src/sgml/release-9.0.sgml +++ /dev/null @@ -1,11091 +0,0 @@ - - - - - Release 9.0.23 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.0.22. - For information about new features in the 9.0 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 9.0.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 9.0.23 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - Use fuzzy path cost tiebreaking rule in all supported branches (Tom Lane) - - - - This change is meant to avoid platform-specific behavior when - alternative plan choices have effectively-identical estimated costs. - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.0.22 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.0.21. - For information about new features in the 9.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.0.X release series in September 2015. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.0.22 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - - - - - Release 9.0.21 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.0.20. - For information about new features in the 9.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.0.X release series in September 2015. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.0.21 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - Allow libpq to use TLS protocol versions beyond v1 - (Noah Misch) - - - - For a long time, libpq was coded so that the only SSL - protocol it would allow was TLS v1. Now that newer TLS versions are - becoming popular, allow it to negotiate the highest commonly-supported - TLS version with the server. (PostgreSQL servers were - already capable of such negotiation, so no change is needed on the - server side.) This is a back-patch of a change already released in - 9.4.0. - - - - - - - - - - Release 9.0.20 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.0.19. - For information about new features in the 9.0 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.0.X release series in September 2015. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.0.20 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - Avoid cannot GetMultiXactIdMembers() during recovery error - (Álvaro Herrera) - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.0.19 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.0.18. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.19 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.18, - see . - - - - - - Changes - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - Avoid possible data corruption if ALTER DATABASE SET - TABLESPACE is used to move a database to a new tablespace and then - shortly later move it back to its original tablespace (Tom Lane) - - - - - - Avoid corrupting tables when ANALYZE inside a transaction - is rolled back (Andres Freund, Tom Lane, Michael Paquier) - - - - If the failing transaction had earlier removed the last index, rule, or - trigger from the table, the table would be left in a corrupted state - with the relevant pg_class flags not set though they - should be. - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - Fix planning of SELECT FOR UPDATE when using a partial - index on a child table (Kyotaro Horiguchi) - - - - In READ COMMITTED mode, SELECT FOR UPDATE must - also recheck the partial index's WHERE condition when - rechecking a recently-updated row to see if it still satisfies the - query's WHERE condition. This requirement was missed if the - index belonged to an inheritance child table, so that it was possible - to incorrectly return rows that no longer satisfy the query condition. - - - - - - Fix corner case wherein SELECT FOR UPDATE could return a row - twice, and possibly miss returning other rows (Tom Lane) - - - - In READ COMMITTED mode, a SELECT FOR UPDATE - that is scanning an inheritance tree could incorrectly return a row - from a prior child table instead of the one it should return from a - later child table. - - - - - - Reject duplicate column names in the referenced-columns list of - a FOREIGN KEY declaration (David Rowley) - - - - This restriction is per SQL standard. Previously we did not reject - the case explicitly, but later on the code would fail with - bizarre-looking errors. - - - - - - Fix bugs in raising a numeric value to a large integral power - (Tom Lane) - - - - The previous code could get a wrong answer, or consume excessive - amounts of time and memory before realizing that the answer must - overflow. - - - - - - In numeric_recv(), truncate away any fractional digits - that would be hidden according to the value's dscale field - (Tom Lane) - - - - A numeric value's display scale (dscale) should - never be less than the number of nonzero fractional digits; but - apparently there's at least one broken client application that - transmits binary numeric values in which that's true. - This leads to strange behavior since the extra digits are taken into - account by arithmetic operations even though they aren't printed. - The least risky fix seems to be to truncate away such hidden - digits on receipt, so that the value is indeed what it prints as. - - - - - - Reject out-of-range numeric timezone specifications (Tom Lane) - - - - Simple numeric timezone specifications exceeding +/- 168 hours (one - week) would be accepted, but could then cause null-pointer dereference - crashes in certain operations. There's no use-case for such large UTC - offsets, so reject them. - - - - - - Fix bugs in tsquery @> tsquery - operator (Heikki Linnakangas) - - - - Two different terms would be considered to match if they had the same - CRC. Also, if the second operand had more terms than the first, it - would be assumed not to be contained in the first; which is wrong - since it might contain duplicate terms. - - - - - - Improve ispell dictionary's defenses against bad affix files (Tom Lane) - - - - - - Allow more than 64K phrases in a thesaurus dictionary (David Boutin) - - - - The previous coding could crash on an oversize dictionary, so this was - deemed a back-patchable bug fix rather than a feature addition. - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - Fix planner problems with nested append relations, such as inherited - tables within UNION ALL subqueries (Tom Lane) - - - - - - Fail cleanly when a GiST index tuple doesn't fit on a page, rather - than going into infinite recursion (Andrew Gierth) - - - - - - Exempt tables that have per-table cost_limit - and/or cost_delay settings from autovacuum's global cost - balancing rules (Álvaro Herrera) - - - - The previous behavior resulted in basically ignoring these per-table - settings, which was unintended. Now, a table having such settings - will be vacuumed using those settings, independently of what is going - on in other autovacuum workers. This may result in heavier total I/O - load than before, so such settings should be re-examined for sanity. - - - - - - Avoid wholesale autovacuuming when autovacuum is nominally off - (Tom Lane) - - - - Even when autovacuum is nominally off, we will still launch autovacuum - worker processes to vacuum tables that are at risk of XID wraparound. - However, such a worker process then proceeded to vacuum all tables in - the target database, if they met the usual thresholds for - autovacuuming. This is at best pretty unexpected; at worst it delays - response to the wraparound threat. Fix it so that if autovacuum is - turned off, workers only do anti-wraparound vacuums and - not any other work. - - - - - - Fix race condition between hot standby queries and replaying a - full-page image (Heikki Linnakangas) - - - - This mistake could result in transient errors in queries being - executed in hot standby. - - - - - - Fix several cases where recovery logic improperly ignored WAL records - for COMMIT/ABORT PREPARED (Heikki Linnakangas) - - - - The most notable oversight was - that recovery_target_xid could not be used to stop at - a two-phase commit. - - - - - - Avoid creating unnecessary .ready marker files for - timeline history files (Fujii Masao) - - - - - - Fix possible null pointer dereference when an empty prepared statement - is used and the log_statement setting is mod - or ddl (Fujii Masao) - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - Fix SPARC spinlock implementation to ensure correctness if the CPU is - being run in a non-TSO coherency mode, as some non-Solaris kernels do - (Andres Freund) - - - - - - Warn if OS X's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - Fix processing of repeated dbname parameters - in PQconnectdbParams() (Alex Shulgin) - - - - Unexpected behavior ensued if the first occurrence - of dbname contained a connection string or URI to be - expanded. - - - - - - Ensure that libpq reports a suitable error message on - unexpected socket EOF (Marko Tiikkaja, Tom Lane) - - - - Depending on kernel behavior, libpq might return an - empty error string rather than something useful when the server - unexpectedly closed the socket. - - - - - - Clear any old error message during PQreset() - (Heikki Linnakangas) - - - - If PQreset() is called repeatedly, and the connection - cannot be re-established, error messages from the failed connection - attempts kept accumulating in the PGconn's error - string. - - - - - - Properly handle out-of-memory conditions while parsing connection - options in libpq (Alex Shulgin, Heikki Linnakangas) - - - - - - Fix array overrun in ecpg's version - of ParseDateTime() (Michael Paquier) - - - - - - In initdb, give a clearer error message if a password - file is specified but is empty (Mats Erik Andersson) - - - - - - Fix psql's \s command to work nicely with - libedit, and add pager support (Stepan Rutz, Tom Lane) - - - - When using libedit rather than readline, \s printed the - command history in a fairly unreadable encoded format, and on recent - libedit versions might fail altogether. Fix that by printing the - history ourselves rather than having the library do it. A pleasant - side-effect is that the pager is used if appropriate. - - - - This patch also fixes a bug that caused newline encoding to be applied - inconsistently when saving the command history with libedit. - Multiline history entries written by older psql - versions will be read cleanly with this patch, but perhaps not - vice versa, depending on the exact libedit versions involved. - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - Fix psql's expanded-mode display to work - consistently when using border = 3 - and linestyle = ascii or unicode - (Stephen Frost) - - - - - - Fix possible deadlock during parallel restore of a schema-only dump - (Robert Haas, Tom Lane) - - - - - - Fix core dump in pg_dump --binary-upgrade on zero-column - composite type (Rushabh Lathia) - - - - - - Fix block number checking - in contrib/pageinspect's get_raw_page() - (Tom Lane) - - - - The incorrect checking logic could prevent access to some pages in - non-main relation forks. - - - - - - Fix contrib/pgcrypto's pgp_sym_decrypt() - to not fail on messages whose length is 6 less than a power of 2 - (Marko Tiikkaja) - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - Avoid a possible crash in contrib/xml2's - xslt_process() (Mark Simonetti) - - - - libxslt seems to have an undocumented dependency on - the order in which resources are freed; reorder our calls to avoid a - crash. - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - Detect incompatible OpenLDAP versions during build (Noah Misch) - - - - With OpenLDAP versions 2.4.24 through 2.4.31, - inclusive, PostgreSQL backends can crash at exit. - Raise a warning during configure based on the - compile-time OpenLDAP version number, and test the crashing scenario - in the contrib/dblink regression test. - - - - - - In non-MSVC Windows builds, ensure libpq.dll is installed - with execute permissions (Noah Misch) - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - Update time zone abbreviations lists (Tom Lane) - - - - Add CST (China Standard Time) to our lists. - Remove references to ADT as Arabia Daylight Time, an - abbreviation that's been out of use since 2007; therefore, claiming - there is a conflict with Atlantic Daylight Time doesn't seem - especially helpful. - Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST - (Fiji); we didn't even have them on the proper side of the date line. - - - - - - Update time zone data files to tzdata release 2015a. - - - - The IANA timezone database has adopted abbreviations of the form - AxST/AxDT - for all Australian time zones, reflecting what they believe to be - current majority practice Down Under. These names do not conflict - with usage elsewhere (other than ACST for Acre Summer Time, which has - been in disuse since 1994). Accordingly, adopt these names into - our Default timezone abbreviation set. - The Australia abbreviation set now contains only CST, EAST, - EST, SAST, SAT, and WST, all of which are thought to be mostly - historical usage. Note that SAST has also been changed to be South - Africa Standard Time in the Default abbreviation set. - - - - Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT - (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were - DST law changes in Chile, Mexico, the Turks & Caicos Islands - (America/Grand_Turk), and Fiji. There is a new zone - Pacific/Bougainville for portions of Papua New Guinea. Also, numerous - corrections for historical (pre-1970) time zone data. - - - - - - - - - - Release 9.0.18 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 9.0.17. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.18 - - - A dump/restore is not required for those running 9.0.X. - - - - However, this release corrects an index corruption problem in some GiST - indexes. See the first changelog entry below to find out whether your - installation has been affected and what steps you should take if so. - - - - Also, if you are upgrading from a version earlier than 9.0.15, - see . - - - - - - Changes - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - Don't clear the right-link of a GiST index page while replaying - updates from WAL (Heikki Linnakangas) - - - - This error could lead to transiently wrong answers from GiST index - scans performed in Hot Standby. - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - Fix tablespace creation WAL replay to work on Windows (MauMau) - - - - - - Fix detection of socket creation failures on Windows (Bruce Momjian) - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - Fix linking of libpython on OS X (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - Fix ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more - than one row, as well as some other array-handling fixes - (Ashutosh Bapat) - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 9.0.17 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 9.0.16. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.17 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.15, - see . - - - - - - Changes - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - Avoid race condition in checking transaction commit status during - receipt of a NOTIFY message (Marko Tiikkaja) - - - - This prevents a scenario wherein a sufficiently fast client might - respond to a notification before database updates made by the - notifier have become visible to the recipient. - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - Improve performance of index endpoint probes during planning (Tom Lane) - - - - This change fixes a significant performance problem that occurred - when there were many not-yet-committed rows at the end of the index, - which is a common situation for indexes on sequentially-assigned - values such as timestamps or sequence-generated identifiers. - - - - - - Fix test to see if hot standby connections can be allowed immediately - after a crash (Heikki Linnakangas) - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - Prevent intermittent could not reserve shared memory region - failures on recent Windows versions (MauMau) - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 9.0.16 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 9.0.15. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.16 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.15, - see . - - - - - - Changes - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - Fix bug in determining when recovery has reached consistency - (Tomonari Katsumata, Heikki Linnakangas) - - - - In some cases WAL replay would mistakenly conclude that the database - was already consistent at the start of replay, thus possibly allowing - hot-standby queries before the database was really consistent. Other - symptoms such as PANIC: WAL contains references to invalid - pages were also possible. - - - - - - Fix improper locking of btree index pages while replaying - a VACUUM operation in hot-standby mode (Andres Freund, - Heikki Linnakangas, Tom Lane) - - - - This error could result in PANIC: WAL contains references to - invalid pages failures. - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - Allow keywords that are type names to be used in lists of roles - (Stephen Frost) - - - - A previous patch allowed such keywords to be used without quoting - in places such as role identifiers; but it missed cases where a - list of role identifiers was permitted, such as DROP ROLE. - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - Avoid using the deprecated dllwrap tool in Cygwin builds - (Marco Atzeri) - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 9.0.15 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 9.0.14. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.15 - - - A dump/restore is not required for those running 9.0.X. - - - - However, this release corrects a number of potential data corruption - issues. See the first two changelog entries below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 9.0.13, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. Users - upgrading from releases 9.0.4 or 8.4.8 or earlier are not affected, but - all later versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix initialization of pg_clog and pg_subtrans - during hot standby startup (Andres Freund, Heikki Linnakangas) - - - - This bug can cause data loss on standby servers at the moment they - start to accept hot-standby queries, by marking committed transactions - as uncommitted. The likelihood of such corruption is small unless, at - the time of standby startup, the primary server has executed many - updating transactions since its last checkpoint. Symptoms include - missing rows, rows that should have been deleted being still visible, - and obsolete versions of updated rows being still visible alongside - their newer versions. - - - - This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. - Standby servers that have only been running earlier releases are not - at risk. It's recommended that standby servers that have ever run any - of the buggy releases be re-cloned from the primary (e.g., with a new - base backup) after upgrading. - - - - - - Truncate pg_multixact contents during WAL replay - (Andres Freund) - - - - This avoids ever-increasing disk space consumption in standby servers. - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 9.0.14 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 9.0.13. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.14 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.13, - see . - - - - - - Changes - - - - - - Prevent corruption of multi-byte characters when attempting to - case-fold identifiers (Andrew Dunstan) - - - - PostgreSQL case-folds non-ASCII characters only - when using a single-byte server encoding. - - - - - - Fix checkpoint memory leak in background writer when wal_level = - hot_standby (Naoya Anzai) - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Fix memory overcommit bug when work_mem is using more - than 24GB of memory (Stephen Frost) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Fix possible SSL state corruption in threaded libpq applications - (Nick Phillips, Stephen Frost) - - - - - - Properly compute row estimates for boolean columns containing many NULL - values (Andrew Gierth) - - - - Previously tests like col IS NOT TRUE and col IS - NOT FALSE did not properly factor in NULL values when estimating - plan costs. - - - - - - Prevent pushing down WHERE clauses into unsafe - UNION/INTERSECT subqueries (Tom Lane) - - - - Subqueries of a UNION or INTERSECT that - contain set-returning functions or volatile functions in their - SELECT lists could be improperly optimized, leading to - run-time errors or incorrect query results. - - - - - - Fix rare case of failed to locate grouping columns - planner failure (Tom Lane) - - - - - - Improve view dumping code's handling of dropped columns in referenced - tables (Tom Lane) - - - - - - Properly record index comments created using UNIQUE - and PRIMARY KEY syntax (Andres Freund) - - - - This fixes a parallel pg_restore failure. - - - - - - Fix REINDEX TABLE and REINDEX DATABASE - to properly revalidate constraints and mark invalidated indexes as - valid (Noah Misch) - - - - REINDEX INDEX has always worked properly. - - - - - - Fix possible deadlock during concurrent CREATE INDEX - CONCURRENTLY operations (Tom Lane) - - - - - - Fix regexp_matches() handling of zero-length matches - (Jeevan Chalke) - - - - Previously, zero-length matches like '^' could return too many matches. - - - - - - Fix crash for overly-complex regular expressions (Heikki Linnakangas) - - - - - - Fix regular expression match failures for back references combined with - non-greedy quantifiers (Jeevan Chalke) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Allow ALTER DEFAULT PRIVILEGES to operate on schemas - without requiring CREATE permission (Tom Lane) - - - - - - Loosen restriction on keywords used in queries (Tom Lane) - - - - Specifically, lessen keyword restrictions for role names, language - names, EXPLAIN and COPY options, and - SET values. This allows COPY ... (FORMAT - BINARY) to work as expected; previously BINARY needed - to be quoted. - - - - - - Fix pgp_pub_decrypt() so it works for secret keys with - passwords (Marko Kreen) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - Ensure that VACUUM ANALYZE still runs the ANALYZE phase - if its attempt to truncate the file is cancelled due to lock conflicts - (Kevin Grittner) - - - - - - Avoid possible failure when performing transaction control commands (e.g - ROLLBACK) in prepared queries (Tom Lane) - - - - - - Ensure that floating-point data input accepts standard spellings - of infinity on all platforms (Tom Lane) - - - - The C99 standard says that allowable spellings are inf, - +inf, -inf, infinity, - +infinity, and -infinity. Make sure we - recognize these even if the platform's strtod function - doesn't. - - - - - - Expand ability to compare rows to records and arrays (Rafal Rzepecki, - Tom Lane) - - - - - - Update time zone data files to tzdata release 2013d - for DST law changes in Israel, Morocco, Palestine, and Paraguay. - Also, historical zone data corrections for Macquarie Island. - - - - - - - - - - Release 9.0.13 - - - Release date: - 2013-04-04 - - - - This release contains a variety of fixes from 9.0.12. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.13 - - - A dump/restore is not required for those running 9.0.X. - - - - However, this release corrects several errors in management of GiST - indexes. After installing this update, it is advisable to - REINDEX any GiST indexes that meet one or more of the - conditions described below. - - - - Also, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Fix insecure parsing of server command-line switches (Mitsumasa - Kondo, Kyotaro Horiguchi) - - - - A connection request containing a database name that begins with - - could be crafted to damage or destroy - files within the server's data directory, even if the request is - eventually rejected. (CVE-2013-1899) - - - - - - Reset OpenSSL randomness state in each postmaster child process - (Marko Kreen) - - - - This avoids a scenario wherein random numbers generated by - contrib/pgcrypto functions might be relatively easy for - another database user to guess. The risk is only significant when - the postmaster is configured with ssl = on - but most connections don't use SSL encryption. (CVE-2013-1900) - - - - - - Fix GiST indexes to not use fuzzy geometric comparisons when - it's not appropriate to do so (Alexander Korotkov) - - - - The core geometric types perform comparisons using fuzzy - equality, but gist_box_same must do exact comparisons, - else GiST indexes using it might become inconsistent. After installing - this update, users should REINDEX any GiST indexes on - box, polygon, circle, or point - columns, since all of these use gist_box_same. - - - - - - Fix erroneous range-union and penalty logic in GiST indexes that use - contrib/btree_gist for variable-width data types, that is - text, bytea, bit, and numeric - columns (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in useless - index bloat. Users are advised to REINDEX such indexes - after installing this update. - - - - - - Fix bugs in GiST page splitting code for multi-column indexes - (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in indexes - that are unnecessarily inefficient to search. Users are advised to - REINDEX multi-column GiST indexes after installing this - update. - - - - - - Fix gist_point_consistent - to handle fuzziness consistently (Alexander Korotkov) - - - - Index scans on GiST indexes on point columns would sometimes - yield results different from a sequential scan, because - gist_point_consistent disagreed with the underlying - operator code about whether to do comparisons exactly or fuzzily. - - - - - - Fix buffer leak in WAL replay (Heikki Linnakangas) - - - - This bug could result in incorrect local pin count errors - during replay, making recovery impossible. - - - - - - Fix race condition in DELETE RETURNING (Tom Lane) - - - - Under the right circumstances, DELETE RETURNING could - attempt to fetch data from a shared buffer that the current process - no longer has any pin on. If some other process changed the buffer - meanwhile, this would lead to garbage RETURNING output, or - even a crash. - - - - - - Fix infinite-loop risk in regular expression compilation (Tom Lane, - Don Porter) - - - - - - Fix potential null-pointer dereference in regular expression compilation - (Tom Lane) - - - - - - Fix to_char() to use ASCII-only case-folding rules where - appropriate (Tom Lane) - - - - This fixes misbehavior of some template patterns that should be - locale-independent, but mishandled I and - i in Turkish locales. - - - - - - Fix unwanted rejection of timestamp 1999-12-31 24:00:00 - (Tom Lane) - - - - - - Fix logic error when a single transaction does UNLISTEN - then LISTEN (Tom Lane) - - - - The session wound up not listening for notify events at all, though it - surely should listen in this case. - - - - - - Remove useless picksplit doesn't support secondary split log - messages (Josh Hansen, Tom Lane) - - - - This message seems to have been added in expectation of code that was - never written, and probably never will be, since GiST's default - handling of secondary splits is actually pretty good. So stop nagging - end users about it. - - - - - - Fix possible failure to send a session's last few transaction - commit/abort counts to the statistics collector (Tom Lane) - - - - - - Eliminate memory leaks in PL/Perl's spi_prepare() function - (Alex Hunsaker, Tom Lane) - - - - - - Fix pg_dumpall to handle database names containing - = correctly (Heikki Linnakangas) - - - - - - Avoid crash in pg_dump when an incorrect connection - string is given (Heikki Linnakangas) - - - - - - Ignore invalid indexes in pg_dump and - pg_upgrade (Michael Paquier, Bruce Momjian) - - - - Dumping invalid indexes can cause problems at restore time, for example - if the reason the index creation failed was because it tried to enforce - a uniqueness condition not satisfied by the table's data. Also, if the - index creation is in fact still in progress, it seems reasonable to - consider it to be an uncommitted DDL change, which - pg_dump wouldn't be expected to dump anyway. - pg_upgrade now also skips invalid indexes rather than - failing. - - - - - - Fix contrib/pg_trgm's similarity() function - to return zero for trigram-less strings (Tom Lane) - - - - Previously it returned NaN due to internal division by zero. - - - - - - Update time zone data files to tzdata release 2013b - for DST law changes in Chile, Haiti, Morocco, Paraguay, and some - Russian areas. Also, historical zone data corrections for numerous - places. - - - - Also, update the time zone abbreviation files for recent changes in - Russia and elsewhere: CHOT, GET, - IRKT, KGT, KRAT, MAGT, - MAWT, MSK, NOVT, OMST, - TKT, VLAT, WST, YAKT, - YEKT now follow their current meanings, and - VOLT (Europe/Volgograd) and MIST - (Antarctica/Macquarie) are added to the default abbreviations list. - - - - - - - - - - Release 9.0.12 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 9.0.11. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.12 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Fix multiple problems in detection of when a consistent database - state has been reached during WAL replay (Fujii Masao, Heikki - Linnakangas, Simon Riggs, Andres Freund) - - - - - - Update minimum recovery point when truncating a relation file (Heikki - Linnakangas) - - - - Once data has been discarded, it's no longer safe to stop recovery at - an earlier point in the timeline. - - - - - - Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs) - - - - The need to cancel conflicting hot-standby queries would sometimes be - missed, allowing those queries to see inconsistent data. - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Fix performance problems with autovacuum truncation in busy workloads - (Jan Wieck) - - - - Truncation of empty pages at the end of a table requires exclusive - lock, but autovacuum was coded to fail (and release the table lock) - when there are conflicting lock requests. Under load, it is easily - possible that truncation would never occur, resulting in table bloat. - Fix by performing a partial truncation, releasing the lock, then - attempting to re-acquire the lock and continue. This fix also greatly - reduces the average time before autovacuum releases the lock after a - conflicting request arrives. - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Fix error in vacuum_freeze_table_age - implementation (Andres Freund) - - - - In installations that have existed for more than vacuum_freeze_min_age - transactions, this mistake prevented autovacuum from using partial-table - scans, so that a full-table scan would always happen instead. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Reject out-of-range dates in to_date() (Hitoshi Harada) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix pg_upgrade to deal with invalid indexes safely - (Bruce Momjian) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Make ecpglib use translated messages properly - (Chen Huajun) - - - - - - Properly install ecpg_compat and - pgtypes libraries on MSVC (Jiang Guiqing) - - - - - - Include our version of isinf() in - libecpg if it's not provided by the system - (Jiang Guiqing) - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 9.0.11 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 9.0.10. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.11 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE INDEX - CONCURRENTLY (Andres Freund, Tom Lane) - - - - Fix CREATE INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - - - Fix buffer locking during WAL replay (Tom Lane) - - - - The WAL replay code was insufficiently careful about locking buffers - when replaying WAL records that affect more than one page. This could - result in hot standby queries transiently seeing inconsistent states, - resulting in wrong answers or unexpected failures. - - - - - - Fix an error in WAL generation logic for GIN indexes (Tom Lane) - - - - This could result in index corruption, if a torn-page failure occurred. - - - - - - Properly remove startup process's virtual XID lock when promoting a - hot standby server to normal running (Simon Riggs) - - - - This oversight could prevent subsequent execution of certain - operations such as CREATE INDEX CONCURRENTLY. - - - - - - Avoid bogus out-of-sequence timeline ID errors in standby - mode (Heikki Linnakangas) - - - - - - Prevent the postmaster from launching new child processes after it's - received a shutdown signal (Tom Lane) - - - - This mistake could result in shutdown taking longer than it should, or - even never completing at all without additional user action. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to the precheck logic for a foreign-key enforcement - trigger. That could result in a crash, or in an incorrect decision - about whether to fire the trigger. - - - - - - Fix ALTER COLUMN TYPE to handle inherited check - constraints properly (Pavan Deolasee) - - - - This worked correctly in pre-8.4 releases, and now works correctly - in 8.4 and later. - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Fix failure to advance XID epoch if XID wraparound happens during a - checkpoint and wal_level is hot_standby - (Tom Lane, Andres Freund) - - - - While this mistake had no particular impact on - PostgreSQL itself, it was bad for - applications that rely on txid_current() and related - functions: the TXID value would appear to go backwards. - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - Fix race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Fix ecpg's ecpg_get_data function to - handle arrays properly (Michael Meskes) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 9.0.10 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 9.0.9. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.10 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Fix planner's assignment of executor parameters, and fix executor's - rescan logic for CTE plan nodes (Tom Lane) - - - - These errors could result in wrong answers from queries that scan the - same WITH subquery multiple times. - - - - - - Improve page-splitting decisions in GiST indexes (Alexander Korotkov, - Robert Haas, Tom Lane) - - - - Multi-column GiST indexes might suffer unexpected bloat due to this - error. - - - - - - Fix cascading privilege revoke to stop if privileges are still held - (Tom Lane) - - - - If we revoke a grant option from some role X, but - X still holds that option via a grant from someone - else, we should not recursively revoke the corresponding privilege - from role(s) Y that X had granted it - to. - - - - - - Improve error messages for Hot Standby misconfiguration errors - (Gurjeet Singh) - - - - - - Fix handling of SIGFPE when PL/Perl is in use (Andres Freund) - - - - Perl resets the process's SIGFPE handler to - SIG_IGN, which could result in crashes later on. Restore - the normal Postgres signal handler after initializing PL/Perl. - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Fix pg_upgrade's handling of line endings on Windows - (Andrew Dunstan) - - - - Previously, pg_upgrade might add or remove carriage - returns in places such as function bodies. - - - - - - On Windows, make pg_upgrade use backslash path - separators in the scripts it emits (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 9.0.9 - - - Release date: - 2012-08-17 - - - - This release contains a variety of fixes from 9.0.8. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.9 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Prevent access to external files/URLs via XML entity references - (Noah Misch, Tom Lane) - - - - xml_parse() would attempt to fetch external files or - URLs as needed to resolve DTD and entity references in an XML value, - thus allowing unprivileged database users to attempt to fetch data - with the privileges of the database server. While the external data - wouldn't get returned directly to the user, portions of it could be - exposed in error messages if the data didn't parse as valid XML; and - in any case the mere ability to check existence of a file might be - useful to an attacker. (CVE-2012-3489) - - - - - - Prevent access to external files/URLs via contrib/xml2's - xslt_process() (Peter Eisentraut) - - - - libxslt offers the ability to read and write both - files and URLs through stylesheet commands, thus allowing - unprivileged database users to both read and write data with the - privileges of the database server. Disable that through proper use - of libxslt's security options. (CVE-2012-3488) - - - - Also, remove xslt_process()'s ability to fetch documents - and stylesheets from external files/URLs. While this was a - documented feature, it was long regarded as a bad idea. - The fix for CVE-2012-3489 broke that capability, and rather than - expend effort on trying to fix it, we're just going to summarily - remove it. - - - - - - Prevent too-early recycling of btree index pages (Noah Misch) - - - - When we allowed read-only transactions to skip assigning XIDs, we - introduced the possibility that a deleted btree page could be - recycled while a read-only transaction was still in flight to it. - This would result in incorrect index search results. The probability - of such an error occurring in the field seems very low because of the - timing requirements, but nonetheless it should be fixed. - - - - - - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) - - - - If ALTER SEQUENCE was executed on a freshly created or - reset sequence, and then precisely one nextval() call - was made on it, and then the server crashed, WAL replay would restore - the sequence to a state in which it appeared that no - nextval() had been done, thus allowing the first - sequence value to be returned again by the next - nextval() call. In particular this could manifest for - serial columns, since creation of a serial column's sequence - includes an ALTER SEQUENCE OWNED BY step. - - - - - - Fix txid_current() to report the correct epoch when not - in hot standby (Heikki Linnakangas) - - - - This fixes a regression introduced in the previous minor release. - - - - - - Fix bug in startup of Hot Standby when a master transaction has many - subtransactions (Andres Freund) - - - - This mistake led to failures reported as out-of-order XID - insertion in KnownAssignedXids. - - - - - - Ensure the backup_label file is fsync'd after - pg_start_backup() (Dave Kerr) - - - - - - Fix timeout handling in walsender processes (Tom Lane) - - - - WAL sender background processes neglected to establish a - SIGALRM handler, meaning they would wait forever in - some corner cases where a timeout ought to happen. - - - - - - Back-patch 9.1 improvement to compress the fsync request queue - (Robert Haas) - - - - This improves performance during checkpoints. The 9.1 change - has now seen enough field testing to seem safe to back-patch. - - - - - - Fix LISTEN/NOTIFY to cope better with I/O - problems, such as out of disk space (Tom Lane) - - - - After a write failure, all subsequent attempts to send more - NOTIFY messages would fail with messages like - Could not read from file "pg_notify/nnnn" at - offset nnnnn: Success. - - - - - - Only allow autovacuum to be auto-canceled by a directly blocked - process (Tom Lane) - - - - The original coding could allow inconsistent behavior in some cases; - in particular, an autovacuum could get canceled after less than - deadlock_timeout grace period. - - - - - - Improve logging of autovacuum cancels (Robert Haas) - - - - - - Fix log collector so that log_truncate_on_rotation works - during the very first log rotation after server start (Tom Lane) - - - - - - Fix WITH attached to a nested set operation - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Ensure that a whole-row reference to a subquery doesn't include any - extra GROUP BY or ORDER BY columns (Tom Lane) - - - - - - Disallow copying whole-row references in CHECK - constraints and index definitions during CREATE TABLE - (Tom Lane) - - - - This situation can arise in CREATE TABLE with - LIKE or INHERITS. The copied whole-row - variable was incorrectly labeled with the row type of the original - table not the new one. Rejecting the case seems reasonable for - LIKE, since the row types might well diverge later. For - INHERITS we should ideally allow it, with an implicit - coercion to the parent table's row type; but that will require more - work than seems safe to back-patch. - - - - - - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki - Linnakangas, Tom Lane) - - - - - - Fix extraction of common prefixes from regular expressions (Tom Lane) - - - - The code could get confused by quantified parenthesized - subexpressions, such as ^(foo)?bar. This would lead to - incorrect index optimization of searches for such patterns. - - - - - - Fix bugs with parsing signed - hh:mm and - hh:mm:ss - fields in interval constants (Amit Kapila, Tom Lane) - - - - - - Use Postgres' encoding conversion functions, not Python's, when - converting a Python Unicode string to the server encoding in - PL/Python (Jan Urbanski) - - - - This avoids some corner-case problems, notably that Python doesn't - support all the encodings Postgres does. A notable functional change - is that if the server encoding is SQL_ASCII, you will get the UTF-8 - representation of the string; formerly, any non-ASCII characters in - the string would result in an error. - - - - - - Fix mapping of PostgreSQL encodings to Python encodings in PL/Python - (Jan Urbanski) - - - - - - Report errors properly in contrib/xml2's - xslt_process() (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012e - for DST law changes in Morocco and Tokelau - - - - - - - - - - Release 9.0.8 - - - Release date: - 2012-06-04 - - - - This release contains a variety of fixes from 9.0.7. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.8 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Fix incorrect password transformation in - contrib/pgcrypto's DES crypt() function - (Solar Designer) - - - - If a password string contained the byte value 0x80, the - remainder of the password was ignored, causing the password to be much - weaker than it appeared. With this fix, the rest of the string is - properly included in the DES hash. Any stored password values that are - affected by this bug will thus no longer match, so the stored values may - need to be updated. (CVE-2012-2143) - - - - - - Ignore SECURITY DEFINER and SET attributes for - a procedural language's call handler (Tom Lane) - - - - Applying such attributes to a call handler could crash the server. - (CVE-2012-2655) - - - - - - Allow numeric timezone offsets in timestamp input to be up to - 16 hours away from UTC (Tom Lane) - - - - Some historical time zones have offsets larger than 15 hours, the - previous limit. This could result in dumped data values being rejected - during reload. - - - - - - Fix timestamp conversion to cope when the given time is exactly the - last DST transition time for the current timezone (Tom Lane) - - - - This oversight has been there a long time, but was not noticed - previously because most DST-using zones are presumed to have an - indefinite sequence of future DST transitions. - - - - - - Fix text to name and char to name - casts to perform string truncation correctly in multibyte encodings - (Karl Schnaitter) - - - - - - Fix memory copying bug in to_tsquery() (Heikki Linnakangas) - - - - - - Ensure txid_current() reports the correct epoch when - executed in hot standby (Simon Riggs) - - - - - - Fix planner's handling of outer PlaceHolderVars within subqueries (Tom - Lane) - - - - This bug concerns sub-SELECTs that reference variables coming from the - nullable side of an outer join of the surrounding query. - In 9.1, queries affected by this bug would fail with ERROR: - Upper-level PlaceHolderVar found where not expected. But in 9.0 and - 8.4, you'd silently get possibly-wrong answers, since the value - transmitted into the subquery wouldn't go to null when it should. - - - - - - Fix slow session startup when pg_attribute is very large - (Tom Lane) - - - - If pg_attribute exceeds one-fourth of - shared_buffers, cache rebuilding code that is sometimes - needed during session start would trigger the synchronized-scan logic, - causing it to take many times longer than normal. The problem was - particularly acute if many new sessions were starting at once. - - - - - - Ensure sequential scans check for query cancel reasonably often (Merlin - Moncure) - - - - A scan encountering many consecutive pages that contain no live tuples - would not respond to interrupts meanwhile. - - - - - - Ensure the Windows implementation of PGSemaphoreLock() - clears ImmediateInterruptOK before returning (Tom Lane) - - - - This oversight meant that a query-cancel interrupt received later - in the same query could be accepted at an unsafe time, with - unpredictable but not good consequences. - - - - - - Show whole-row variables safely when printing views or rules - (Abbas Butt, Tom Lane) - - - - Corner cases involving ambiguous names (that is, the name could be - either a table or column name of the query) were printed in an - ambiguous way, risking that the view or rule would be interpreted - differently after dump and reload. Avoid the ambiguous case by - attaching a no-op cast. - - - - - - Fix COPY FROM to properly handle null marker strings that - correspond to invalid encoding (Tom Lane) - - - - A null marker string such as E'\\0' should work, and did - work in the past, but the case got broken in 8.4. - - - - - - Ensure autovacuum worker processes perform stack depth checking - properly (Heikki Linnakangas) - - - - Previously, infinite recursion in a function invoked by - auto-ANALYZE could crash worker processes. - - - - - - Fix logging collector to not lose log coherency under high load (Andrew - Dunstan) - - - - The collector previously could fail to reassemble large messages if it - got too busy. - - - - - - Fix logging collector to ensure it will restart file rotation - after receiving SIGHUP (Tom Lane) - - - - - - Fix WAL replay logic for GIN indexes to not fail if the index was - subsequently dropped (Tom Lane) - - - - - - Fix memory leak in PL/pgSQL's RETURN NEXT command (Joe - Conway) - - - - - - Fix PL/pgSQL's GET DIAGNOSTICS command when the target - is the function's first variable (Tom Lane) - - - - - - Fix potential access off the end of memory in psql's - expanded display (\x) mode (Peter Eisentraut) - - - - - - Fix several performance problems in pg_dump when - the database contains many objects (Jeff Janes, Tom Lane) - - - - pg_dump could get very slow if the database contained - many schemas, or if many objects are in dependency loops, or if there - are many owned sequences. - - - - - - Fix pg_upgrade for the case that a database stored in a - non-default tablespace contains a table in the cluster's default - tablespace (Bruce Momjian) - - - - - - In ecpg, fix rare memory leaks and possible overwrite - of one byte after the sqlca_t structure (Peter Eisentraut) - - - - - - Fix contrib/dblink's dblink_exec() to not leak - temporary database connections upon error (Tom Lane) - - - - - - Fix contrib/dblink to report the correct connection name in - error messages (Kyotaro Horiguchi) - - - - - - Fix contrib/vacuumlo to use multiple transactions when - dropping many large objects (Tim Lewis, Robert Haas, Tom Lane) - - - - This change avoids exceeding max_locks_per_transaction when - many objects need to be dropped. The behavior can be adjusted with the - new -l (limit) option. - - - - - - Update time zone data files to tzdata release 2012c - for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland - Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; - also historical corrections for Canada. - - - - - - - - - - Release 9.0.7 - - - Release date: - 2012-02-27 - - - - This release contains a variety of fixes from 9.0.6. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.7 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.6, - see . - - - - - - Changes - - - - - - Require execute permission on the trigger function for - CREATE TRIGGER (Robert Haas) - - - - This missing check could allow another user to execute a trigger - function with forged input data, by installing it on a table he owns. - This is only of significance for trigger functions marked - SECURITY DEFINER, since otherwise trigger functions run - as the table owner anyway. (CVE-2012-0866) - - - - - - Remove arbitrary limitation on length of common name in SSL - certificates (Heikki Linnakangas) - - - - Both libpq and the server truncated the common name - extracted from an SSL certificate at 32 bytes. Normally this would - cause nothing worse than an unexpected verification failure, but there - are some rather-implausible scenarios in which it might allow one - certificate holder to impersonate another. The victim would have to - have a common name exactly 32 bytes long, and the attacker would have - to persuade a trusted CA to issue a certificate in which the common - name has that string as a prefix. Impersonating a server would also - require some additional exploit to redirect client connections. - (CVE-2012-0867) - - - - - - Convert newlines to spaces in names written in pg_dump - comments (Robert Haas) - - - - pg_dump was incautious about sanitizing object names - that are emitted within SQL comments in its output script. A name - containing a newline would at least render the script syntactically - incorrect. Maliciously crafted object names could present a SQL - injection risk when the script is reloaded. (CVE-2012-0868) - - - - - - Fix btree index corruption from insertions concurrent with vacuuming - (Tom Lane) - - - - An index page split caused by an insertion could sometimes cause a - concurrently-running VACUUM to miss removing index entries - that it should remove. After the corresponding table rows are removed, - the dangling index entries would cause errors (such as could not - read block N in file ...) or worse, silently wrong query results - after unrelated rows are re-inserted at the now-free table locations. - This bug has been present since release 8.2, but occurs so infrequently - that it was not diagnosed until now. If you have reason to suspect - that it has happened in your database, reindexing the affected index - will fix things. - - - - - - Fix transient zeroing of shared buffers during WAL replay (Tom Lane) - - - - The replay logic would sometimes zero and refill a shared buffer, so - that the contents were transiently invalid. In hot standby mode this - can result in a query that's executing in parallel seeing garbage data. - Various symptoms could result from that, but the most common one seems - to be invalid memory alloc request size. - - - - - - Fix postmaster to attempt restart after a hot-standby crash (Tom Lane) - - - - A logic error caused the postmaster to terminate, rather than attempt - to restart the cluster, if any backend process crashed while operating - in hot standby mode. - - - - - - Fix CLUSTER/VACUUM FULL handling of toast - values owned by recently-updated rows (Tom Lane) - - - - This oversight could lead to duplicate key value violates unique - constraint errors being reported against the toast table's index - during one of these commands. - - - - - - Update per-column permissions, not only per-table permissions, when - changing table owner (Tom Lane) - - - - Failure to do this meant that any previously granted column permissions - were still shown as having been granted by the old owner. This meant - that neither the new owner nor a superuser could revoke the - now-untraceable-to-table-owner permissions. - - - - - - Support foreign data wrappers and foreign servers in - REASSIGN OWNED (Alvaro Herrera) - - - - This command failed with unexpected classid errors if - it needed to change the ownership of any such objects. - - - - - - Allow non-existent values for some settings in ALTER - USER/DATABASE SET (Heikki Linnakangas) - - - - Allow default_text_search_config, - default_tablespace, and temp_tablespaces to be - set to names that are not known. This is because they might be known - in another database where the setting is intended to be used, or for the - tablespace cases because the tablespace might not be created yet. The - same issue was previously recognized for search_path, and - these settings now act like that one. - - - - - - Avoid crashing when we have problems deleting table files post-commit - (Tom Lane) - - - - Dropping a table should lead to deleting the underlying disk files only - after the transaction commits. In event of failure then (for instance, - because of wrong file permissions) the code is supposed to just emit a - warning message and go on, since it's too late to abort the - transaction. This logic got broken as of release 8.4, causing such - situations to result in a PANIC and an unrestartable database. - - - - - - Recover from errors occurring during WAL replay of DROP - TABLESPACE (Tom Lane) - - - - Replay will attempt to remove the tablespace's directories, but there - are various reasons why this might fail (for example, incorrect - ownership or permissions on those directories). Formerly the replay - code would panic, rendering the database unrestartable without manual - intervention. It seems better to log the problem and continue, since - the only consequence of failure to remove the directories is some - wasted disk space. - - - - - - Fix race condition in logging AccessExclusiveLocks for hot standby - (Simon Riggs) - - - - Sometimes a lock would be logged as being held by transaction - zero. This is at least known to produce assertion failures on - slave servers, and might be the cause of more serious problems. - - - - - - Track the OID counter correctly during WAL replay, even when it wraps - around (Tom Lane) - - - - Previously the OID counter would remain stuck at a high value until the - system exited replay mode. The practical consequences of that are - usually nil, but there are scenarios wherein a standby server that's - been promoted to master might take a long time to advance the OID - counter to a reasonable value once values are needed. - - - - - - Prevent emitting misleading consistent recovery state reached - log message at the beginning of crash recovery (Heikki Linnakangas) - - - - - - Fix initial value of - pg_stat_replication.replay_location - (Fujii Masao) - - - - Previously, the value shown would be wrong until at least one WAL - record had been replayed. - - - - - - Fix regular expression back-references with * attached - (Tom Lane) - - - - Rather than enforcing an exact string match, the code would effectively - accept any string that satisfies the pattern sub-expression referenced - by the back-reference symbol. - - - - A similar problem still afflicts back-references that are embedded in a - larger quantified expression, rather than being the immediate subject - of the quantifier. This will be addressed in a future - PostgreSQL release. - - - - - - Fix recently-introduced memory leak in processing of - inet/cidr values (Heikki Linnakangas) - - - - A patch in the December 2011 releases of PostgreSQL - caused memory leakage in these operations, which could be significant - in scenarios such as building a btree index on such a column. - - - - - - Fix dangling pointer after CREATE TABLE AS/SELECT - INTO in a SQL-language function (Tom Lane) - - - - In most cases this only led to an assertion failure in assert-enabled - builds, but worse consequences seem possible. - - - - - - Avoid double close of file handle in syslogger on Windows (MauMau) - - - - Ordinarily this error was invisible, but it would cause an exception - when running on a debug version of Windows. - - - - - - Fix I/O-conversion-related memory leaks in plpgsql - (Andres Freund, Jan Urbanski, Tom Lane) - - - - Certain operations would leak memory until the end of the current - function. - - - - - - Improve pg_dump's handling of inherited table columns - (Tom Lane) - - - - pg_dump mishandled situations where a child column has - a different default expression than its parent column. If the default - is textually identical to the parent's default, but not actually the - same (for instance, because of schema search path differences) it would - not be recognized as different, so that after dump and restore the - child would be allowed to inherit the parent's default. Child columns - that are NOT NULL where their parent is not could also be - restored subtly incorrectly. - - - - - - Fix pg_restore's direct-to-database mode for - INSERT-style table data (Tom Lane) - - - - Direct-to-database restores from archive files made with - - - - - - Allow pg_upgrade to process tables containing - regclass columns (Bruce Momjian) - - - - Since pg_upgrade now takes care to preserve - pg_class OIDs, there was no longer any reason for this - restriction. - - - - - - Make libpq ignore ENOTDIR errors - when looking for an SSL client certificate file - (Magnus Hagander) - - - - This allows SSL connections to be established, though without a - certificate, even when the user's home directory is set to something - like /dev/null. - - - - - - Fix some more field alignment issues in ecpg's SQLDA area - (Zoltan Boszormenyi) - - - - - - Allow AT option in ecpg - DEALLOCATE statements (Michael Meskes) - - - - The infrastructure to support this has been there for awhile, but - through an oversight there was still an error check rejecting the case. - - - - - - Do not use the variable name when defining a varchar structure in ecpg - (Michael Meskes) - - - - - - Fix contrib/auto_explain's JSON output mode to produce - valid JSON (Andrew Dunstan) - - - - The output used brackets at the top level, when it should have used - braces. - - - - - - Fix error in contrib/intarray's int[] & - int[] operator (Guillaume Lelarge) - - - - If the smallest integer the two input arrays have in common is 1, - and there are smaller values in either array, then 1 would be - incorrectly omitted from the result. - - - - - - Fix error detection in contrib/pgcrypto's - encrypt_iv() and decrypt_iv() - (Marko Kreen) - - - - These functions failed to report certain types of invalid-input errors, - and would instead return random garbage values for incorrect input. - - - - - - Fix one-byte buffer overrun in contrib/test_parser - (Paul Guyot) - - - - The code would try to read one more byte than it should, which would - crash in corner cases. - Since contrib/test_parser is only example code, this is - not a security issue in itself, but bad example code is still bad. - - - - - - Use __sync_lock_test_and_set() for spinlocks on ARM, if - available (Martin Pitt) - - - - This function replaces our previous use of the SWPB - instruction, which is deprecated and not available on ARMv6 and later. - Reports suggest that the old code doesn't fail in an obvious way on - recent ARM boards, but simply doesn't interlock concurrent accesses, - leading to bizarre failures in multiprocess operation. - - - - - - Use - - - This prevents assorted scenarios wherein recent versions of gcc will - produce creative results. - - - - - - Allow use of threaded Python on FreeBSD (Chris Rees) - - - - Our configure script previously believed that this combination wouldn't - work; but FreeBSD fixed the problem, so remove that error check. - - - - - - - - - - Release 9.0.6 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 9.0.5. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.6 - - - A dump/restore is not required for those running 9.0.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you are upgrading from a version earlier than 9.0.4, - see . - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Fix possible crash during UPDATE or DELETE that - joins to the output of a scalar-returning function (Tom Lane) - - - - A crash could only occur if the target row had been concurrently - updated, so this problem surfaced only intermittently. - - - - - - Fix incorrect replay of WAL records for GIN index updates - (Tom Lane) - - - - This could result in transiently failing to find index entries after - a crash, or on a hot-standby server. The problem would be repaired - by the next VACUUM of the index, however. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix possible failures during hot standby startup (Simon Riggs) - - - - - - Start hot standby faster when initial snapshot is incomplete - (Simon Riggs) - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Track dependencies of functions on items used in parameter default - expressions (Tom Lane) - - - - Previously, a referenced object could be dropped without having dropped - or modified the function, leading to misbehavior when the function was - used. Note that merely installing this update will not fix the missing - dependency entries; to do that, you'd need to CREATE OR - REPLACE each such function afterwards. If you have functions whose - defaults depend on non-built-in objects, doing so is recommended. - - - - - - Allow inlining of set-returning SQL functions with multiple OUT - parameters (Tom Lane) - - - - - - Don't trust deferred-unique indexes for join removal (Tom Lane and Marti - Raudsepp) - - - - A deferred uniqueness constraint might not hold intra-transaction, - so assuming that it does could give incorrect query results. - - - - - - Make DatumGetInetP() unpack inet datums that have a 1-byte - header, and add a new macro, DatumGetInetPP(), that does - not (Heikki Linnakangas) - - - - This change affects no core code, but might prevent crashes in add-on - code that expects DatumGetInetP() to produce an unpacked - datum as per usual convention. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Avoid floating-point underflow while tracking buffer allocation rate - (Greg Matthews) - - - - While harmless in itself, on certain platforms this would result in - annoying kernel log messages. - - - - - - Preserve configuration file name and line number values when starting - child processes under Windows (Tom Lane) - - - - Formerly, these would not be displayed correctly in the - pg_settings view. - - - - - - Fix incorrect field alignment in ecpg's SQLDA area - (Zoltan Boszormenyi) - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Fix pg_dump to dump user-defined casts between - auto-generated types, such as table rowtypes (Tom Lane) - - - - - - Assorted fixes for pg_upgrade (Bruce Momjian) - - - - Handle exclusion constraints correctly, avoid failures on Windows, - don't complain about mismatched toast table names in 8.4 databases. - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Fix incorrect coding in contrib/dict_int and - contrib/dict_xsyn (Tom Lane) - - - - Some functions incorrectly assumed that memory returned by - palloc() is guaranteed zeroed. - - - - - - Fix assorted errors in contrib/unaccent's configuration - file parsing (Tom Lane) - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Fix incorrect quoting of log file name in Mac OS X start script - (Sidar Lopez) - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 9.0.5 - - - Release date: - 2011-09-26 - - - - This release contains a variety of fixes from 9.0.4. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.5 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if you are upgrading from a version earlier than 9.0.4, - see . - - - - - - Changes - - - - - - Fix catalog cache invalidation after a VACUUM FULL or - CLUSTER on a system catalog (Tom Lane) - - - - In some cases the relocation of a system catalog row to another place - would not be recognized by concurrent server processes, allowing catalog - corruption to occur if they then tried to update that row. The - worst-case outcome could be as bad as complete loss of a table. - - - - - - Fix incorrect order of operations during sinval reset processing, - and ensure that TOAST OIDs are preserved in system catalogs (Tom - Lane) - - - - These mistakes could lead to transient failures after a VACUUM - FULL or CLUSTER on a system catalog. - - - - - - Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane) - - - - These bugs could result in index corruption after reindexing a system - catalog. They are not believed to affect user indexes. - - - - - - Fix multiple bugs in GiST index page split processing (Heikki - Linnakangas) - - - - The probability of occurrence was low, but these could lead to index - corruption. - - - - - - Fix possible buffer overrun in tsvector_concat() - (Tom Lane) - - - - The function could underestimate the amount of memory needed for its - result, leading to server crashes. - - - - - - Fix crash in xml_recv when processing a - standalone parameter (Tom Lane) - - - - - - Make pg_options_to_table return NULL for an option with no - value (Tom Lane) - - - - Previously such cases would result in a server crash. - - - - - - Avoid possibly accessing off the end of memory in ANALYZE - and in SJIS-2004 encoding conversion (Noah Misch) - - - - This fixes some very-low-probability server crash scenarios. - - - - - - Protect pg_stat_reset_shared() against NULL input (Magnus - Hagander) - - - - - - Fix possible failure when a recovery conflict deadlock is detected - within a sub-transaction (Tom Lane) - - - - - - Avoid spurious conflicts while recycling btree index pages during hot - standby (Noah Misch, Simon Riggs) - - - - - - Shut down WAL receiver if it's still running at end of recovery (Heikki - Linnakangas) - - - - The postmaster formerly panicked in this situation, but it's actually a - legitimate case. - - - - - - Fix race condition in relcache init file invalidation (Tom Lane) - - - - There was a window wherein a new backend process could read a stale init - file but miss the inval messages that would tell it the data is stale. - The result would be bizarre failures in catalog accesses, typically - could not read block 0 in file ... later during startup. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix memory leak when encoding conversion has to be done on incoming - command strings and LISTEN is active (Tom Lane) - - - - - - Fix incorrect memory accounting (leading to possible memory bloat) in - tuplestores supporting holdable cursors and plpgsql's RETURN - NEXT command (Tom Lane) - - - - - - Fix trigger WHEN conditions when both BEFORE and - AFTER triggers exist (Tom Lane) - - - - Evaluation of WHEN conditions for AFTER ROW - UPDATE triggers could crash if there had been a BEFORE - ROW trigger fired for the same update. - - - - - - Fix performance problem when constructing a large, lossy bitmap - (Tom Lane) - - - - - - Fix join selectivity estimation for unique columns (Tom Lane) - - - - This fixes an erroneous planner heuristic that could lead to poor - estimates of the result size of a join. - - - - - - Fix nested PlaceHolderVar expressions that appear only in sub-select - target lists (Tom Lane) - - - - This mistake could result in outputs of an outer join incorrectly - appearing as NULL. - - - - - - Allow the planner to assume that empty parent tables really are empty - (Tom Lane) - - - - Normally an empty table is assumed to have a certain minimum size for - planning purposes; but this heuristic seems to do more harm than good - for the parent table of an inheritance hierarchy, which often is - permanently empty. - - - - - - Allow nested EXISTS queries to be optimized properly (Tom - Lane) - - - - - - Fix array- and path-creating functions to ensure padding bytes are - zeroes (Tom Lane) - - - - This avoids some situations where the planner will think that - semantically-equal constants are not equal, resulting in poor - optimization. - - - - - - Fix EXPLAIN to handle gating Result nodes within - inner-indexscan subplans (Tom Lane) - - - - The usual symptom of this oversight was bogus varno errors. - - - - - - Fix btree preprocessing of indexedcol IS - NULL conditions (Dean Rasheed) - - - - Such a condition is unsatisfiable if combined with any other type of - btree-indexable condition on the same index column. The case was - handled incorrectly in 9.0.0 and later, leading to query output where - there should be none. - - - - - - Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane) - - - - This could lead to loss of committed transactions after a server crash. - - - - - - Fix dump bug for VALUES in a view (Tom Lane) - - - - - - Disallow SELECT FOR UPDATE/SHARE on sequences (Tom Lane) - - - - This operation doesn't work as expected and can lead to failures. - - - - - - Fix VACUUM so that it always updates - pg_class.reltuples/relpages (Tom - Lane) - - - - This fixes some scenarios where autovacuum could make increasingly poor - decisions about when to vacuum tables. - - - - - - Defend against integer overflow when computing size of a hash table (Tom - Lane) - - - - - - Fix cases where CLUSTER might attempt to access - already-removed TOAST data (Tom Lane) - - - - - - Fix premature timeout failures during initial authentication transaction - (Tom Lane) - - - - - - Fix portability bugs in use of credentials control messages for - peer authentication (Tom Lane) - - - - - - Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari, - Magnus Hagander) - - - - The typical symptom of this problem was The function requested is - not supported errors during SSPI login. - - - - - - Fix failure when adding a new variable of a custom variable class to - postgresql.conf (Tom Lane) - - - - - - Throw an error if pg_hba.conf contains hostssl - but SSL is disabled (Tom Lane) - - - - This was concluded to be more user-friendly than the previous behavior - of silently ignoring such lines. - - - - - - Fix failure when DROP OWNED BY attempts to remove default - privileges on sequences (Shigeru Hanada) - - - - - - Fix typo in pg_srand48 seed initialization (Andres Freund) - - - - This led to failure to use all bits of the provided seed. This function - is not used on most platforms (only those without srandom), - and the potential security exposure from a less-random-than-expected - seed seems minimal in any case. - - - - - - Avoid integer overflow when the sum of LIMIT and - OFFSET values exceeds 2^63 (Heikki Linnakangas) - - - - - - Add overflow checks to int4 and int8 versions of - generate_series() (Robert Haas) - - - - - - Fix trailing-zero removal in to_char() (Marti Raudsepp) - - - - In a format with FM and no digit positions - after the decimal point, zeroes to the left of the decimal point could - be removed incorrectly. - - - - - - Fix pg_size_pretty() to avoid overflow for inputs close to - 2^63 (Tom Lane) - - - - - - Weaken plpgsql's check for typmod matching in record values (Tom Lane) - - - - An overly enthusiastic check could lead to discarding length modifiers - that should have been kept. - - - - - - Correctly handle quotes in locale names during initdb - (Heikki Linnakangas) - - - - The case can arise with some Windows locales, such as People's - Republic of China. - - - - - - In pg_upgrade, avoid dumping orphaned temporary tables - (Bruce Momjian) - - - - This prevents situations wherein table OID assignments could get out of - sync between old and new installations. - - - - - - Fix pg_upgrade to preserve toast tables' relfrozenxids - during an upgrade from 8.3 (Bruce Momjian) - - - - Failure to do this could lead to pg_clog files being - removed too soon after the upgrade. - - - - - - In pg_upgrade, fix the -l (log) option to - work on Windows (Bruce Momjian) - - - - - - In pg_ctl, support silent mode for service registrations - on Windows (MauMau) - - - - - - Fix psql's counting of script file line numbers during - COPY from a different file (Tom Lane) - - - - - - Fix pg_restore's direct-to-database mode for - standard_conforming_strings (Tom Lane) - - - - pg_restore could emit incorrect commands when restoring - directly to a database server from an archive file that had been made - with standard_conforming_strings set to on. - - - - - - Be more user-friendly about unsupported cases for parallel - pg_restore (Tom Lane) - - - - This change ensures that such cases are detected and reported before - any restore actions have been taken. - - - - - - Fix write-past-buffer-end and memory leak in libpq's - LDAP service lookup code (Albe Laurenz) - - - - - - In libpq, avoid failures when using nonblocking I/O - and an SSL connection (Martin Pihlak, Tom Lane) - - - - - - Improve libpq's handling of failures during connection startup - (Tom Lane) - - - - In particular, the response to a server report of fork() - failure during SSL connection startup is now saner. - - - - - - Improve libpq's error reporting for SSL failures (Tom - Lane) - - - - - - Fix PQsetvalue() to avoid possible crash when adding a new - tuple to a PGresult originally obtained from a server - query (Andrew Chernow) - - - - - - Make ecpglib write double values with 15 digits - precision (Akira Kurosawa) - - - - - - In ecpglib, be sure LC_NUMERIC setting is - restored after an error (Michael Meskes) - - - - - - Apply upstream fix for blowfish signed-character bug (CVE-2011-2483) - (Tom Lane) - - - - contrib/pg_crypto's blowfish encryption code could give - wrong results on platforms where char is signed (which is most), - leading to encrypted passwords being weaker than they should be. - - - - - - Fix memory leak in contrib/seg (Heikki Linnakangas) - - - - - - Fix pgstatindex() to give consistent results for empty - indexes (Tom Lane) - - - - - - Allow building with perl 5.14 (Alex Hunsaker) - - - - - - Fix assorted issues with build and install file paths containing spaces - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2011i - for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan. - - - - - - - - - - Release 9.0.4 - - - Release date: - 2011-04-18 - - - - This release contains a variety of fixes from 9.0.3. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.4 - - - A dump/restore is not required for those running 9.0.X. - - - - However, if your installation was upgraded from a previous major - release by running pg_upgrade, you should take - action to prevent possible data loss due to a now-fixed bug in - pg_upgrade. The recommended solution is to run - VACUUM FREEZE on all TOAST tables. - More information is available at - http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix. - - - - - - Changes - - - - - - Fix pg_upgrade's handling of TOAST tables - (Bruce Momjian) - - - - The pg_class.relfrozenxid value for - TOAST tables was not correctly copied into the new installation - during pg_upgrade. This could later result in - pg_clog files being discarded while they were still - needed to validate tuples in the TOAST tables, leading to - could not access status of transaction failures. - - - - This error poses a significant risk of data loss for installations - that have been upgraded with pg_upgrade. This patch - corrects the problem for future uses of pg_upgrade, - but does not in itself cure the issue in installations that have been - processed with a buggy version of pg_upgrade. - - - - - - Suppress incorrect PD_ALL_VISIBLE flag was incorrectly set - warning (Heikki Linnakangas) - - - - VACUUM would sometimes issue this warning in cases that - are actually valid. - - - - - - Use better SQLSTATE error codes for hot standby conflict cases - (Tatsuo Ishii and Simon Riggs) - - - - All retryable conflict errors now have an error code that indicates - that a retry is possible. Also, session closure due to the database - being dropped on the master is now reported as - ERRCODE_DATABASE_DROPPED, rather than - ERRCODE_ADMIN_SHUTDOWN, so that connection poolers can - handle the situation correctly. - - - - - - Prevent intermittent hang in interactions of startup process with - bgwriter process (Simon Riggs) - - - - This affected recovery in non-hot-standby cases. - - - - - - Disallow including a composite type in itself (Tom Lane) - - - - This prevents scenarios wherein the server could recurse infinitely - while processing the composite type. While there are some possible - uses for such a structure, they don't seem compelling enough to - justify the effort required to make sure it always works safely. - - - - - - Avoid potential deadlock during catalog cache initialization - (Nikhil Sontakke) - - - - In some cases the cache loading code would acquire share lock on a - system index before locking the index's catalog. This could deadlock - against processes trying to acquire exclusive locks in the other, - more standard order. - - - - - - Fix dangling-pointer problem in BEFORE ROW UPDATE trigger - handling when there was a concurrent update to the target tuple - (Tom Lane) - - - - This bug has been observed to result in intermittent cannot - extract system attribute from virtual tuple failures while trying to - do UPDATE RETURNING ctid. There is a very small probability - of more serious errors, such as generating incorrect index entries for - the updated tuple. - - - - - - Disallow DROP TABLE when there are pending deferred trigger - events for the table (Tom Lane) - - - - Formerly the DROP would go through, leading to - could not open relation with OID nnn errors when the - triggers were eventually fired. - - - - - - Allow replication as a user name in - pg_hba.conf (Andrew Dunstan) - - - - replication is special in the database name column, but it - was mistakenly also treated as special in the user name column. - - - - - - Prevent crash triggered by constant-false WHERE conditions during - GEQO optimization (Tom Lane) - - - - - - Improve planner's handling of semi-join and anti-join cases - (Tom Lane) - - - - - - Fix handling of SELECT FOR UPDATE in a sub-SELECT - (Tom Lane) - - - - This bug typically led to cannot extract system attribute from - virtual tuple errors. - - - - - - Fix selectivity estimation for text search to account for NULLs - (Jesper Krogh) - - - - - - Fix get_actual_variable_range() to support hypothetical indexes - injected by an index adviser plugin (Gurjeet Singh) - - - - - - Fix PL/Python memory leak involving array slices (Daniel Popowich) - - - - - - Allow libpq's SSL initialization to succeed when - user's home directory is unavailable (Tom Lane) - - - - If the SSL mode is such that a root certificate file is not required, - there is no need to fail. This change restores the behavior to what - it was in pre-9.0 releases. - - - - - - Fix libpq to return a useful error message for errors - detected in conninfo_array_parse (Joseph Adams) - - - - A typo caused the library to return NULL, rather than the - PGconn structure containing the error message, to the - application. - - - - - - Fix ecpg preprocessor's handling of float constants - (Heikki Linnakangas) - - - - - - Fix parallel pg_restore to handle comments on - POST_DATA items correctly (Arnd Hannemann) - - - - - - Fix pg_restore to cope with long lines (over 1KB) in - TOC files (Tom Lane) - - - - - - Put in more safeguards against crashing due to division-by-zero - with overly enthusiastic compiler optimization (Aurelien Jarno) - - - - - - Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane) - - - - There was a hard-wired assumption that this system function was not - available on MIPS hardware on these systems. Use a compile-time test - instead, since more recent versions have it. - - - - - - Fix compilation failures on HP-UX (Heikki Linnakangas) - - - - - - Avoid crash when trying to write to the Windows console very early - in process startup (Rushabh Lathia) - - - - - - Support building with MinGW 64 bit compiler for Windows - (Andrew Dunstan) - - - - - - Fix version-incompatibility problem with libintl on - Windows (Hiroshi Inoue) - - - - - - Fix usage of xcopy in Windows build scripts to - work correctly under Windows 7 (Andrew Dunstan) - - - - This affects the build scripts only, not installation or usage. - - - - - - Fix path separator used by pg_regress on Cygwin - (Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2011f - for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa, - and Turkey; also historical corrections for South Australia, Alaska, - and Hawaii. - - - - - - - - - - Release 9.0.3 - - - Release date: - 2011-01-31 - - - - This release contains a variety of fixes from 9.0.2. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.3 - - - A dump/restore is not required for those running 9.0.X. - - - - - - Changes - - - - - - Before exiting walreceiver, ensure all the received WAL - is fsync'd to disk (Heikki Linnakangas) - - - - Otherwise the standby server could replay some un-synced WAL, conceivably - leading to data corruption if the system crashes just at that point. - - - - - - Avoid excess fsync activity in walreceiver - (Heikki Linnakangas) - - - - - - Make ALTER TABLE revalidate uniqueness and exclusion - constraints when needed (Noah Misch) - - - - This was broken in 9.0 by a change that was intended to suppress - revalidation during VACUUM FULL and CLUSTER, - but unintentionally affected ALTER TABLE as well. - - - - - - Fix EvalPlanQual for UPDATE of an inheritance tree in which - the tables are not all alike (Tom Lane) - - - - Any variation in the table row types (including dropped columns present - in only some child tables) would confuse the EvalPlanQual code, leading - to misbehavior or even crashes. Since EvalPlanQual is only executed - during concurrent updates to the same row, the problem was only seen - intermittently. - - - - - - Avoid failures when EXPLAIN tries to display a simple-form - CASE expression (Tom Lane) - - - - If the CASE's test expression was a constant, the planner - could simplify the CASE into a form that confused the - expression-display code, resulting in unexpected CASE WHEN - clause errors. - - - - - - Fix assignment to an array slice that is before the existing range - of subscripts (Tom Lane) - - - - If there was a gap between the newly added subscripts and the first - pre-existing subscript, the code miscalculated how many entries needed - to be copied from the old array's null bitmap, potentially leading to - data corruption or crash. - - - - - - Avoid unexpected conversion overflow in planner for very distant date - values (Tom Lane) - - - - The date type supports a wider range of dates than can be - represented by the timestamp types, but the planner assumed it - could always convert a date to timestamp with impunity. - - - - - - Fix PL/Python crash when an array contains null entries (Alex Hunsaker) - - - - - - Remove ecpg's fixed length limit for constants defining - an array dimension (Michael Meskes) - - - - - - Fix erroneous parsing of tsquery values containing - ... & !(subexpression) | ... (Tom Lane) - - - - Queries containing this combination of operators were not executed - correctly. The same error existed in contrib/intarray's - query_int type and contrib/ltree's - ltxtquery type. - - - - - - Fix buffer overrun in contrib/intarray's input function - for the query_int type (Apple) - - - - This bug is a security risk since the function's return address could - be overwritten. Thanks to Apple Inc's security team for reporting this - issue and supplying the fix. (CVE-2010-4015) - - - - - - Fix bug in contrib/seg's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a seg column. - If you have such an index, consider REINDEXing it after - installing this update. (This is identical to the bug that was fixed in - contrib/cube in the previous update.) - - - - - - - - - - Release 9.0.2 - - - Release date: - 2010-12-16 - - - - This release contains a variety of fixes from 9.0.1. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.2 - - - A dump/restore is not required for those running 9.0.X. - - - - - - Changes - - - - - - Force the default - wal_sync_method - to be fdatasync on Linux (Tom Lane, Marti Raudsepp) - - - - The default on Linux has actually been fdatasync for many - years, but recent kernel changes caused PostgreSQL to - choose open_datasync instead. This choice did not result - in any performance improvement, and caused outright failures on - certain filesystems, notably ext4 with the - data=journal mount option. - - - - - - Fix too many KnownAssignedXids error during Hot Standby - replay (Heikki Linnakangas) - - - - - - Fix race condition in lock acquisition during Hot Standby (Simon Riggs) - - - - - - Avoid unnecessary conflicts during Hot Standby (Simon Riggs) - - - - This fixes some cases where replay was considered to conflict with - standby queries (causing delay of replay or possibly cancellation of - the queries), but there was no real conflict. - - - - - - Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane) - - - - This could result in bad buffer id: 0 failures or - corruption of index contents during replication. - - - - - - Fix recovery from base backup when the starting checkpoint WAL record - is not in the same WAL segment as its redo point (Jeff Davis) - - - - - - Fix corner-case bug when streaming replication is enabled immediately - after creating the master database cluster (Heikki Linnakangas) - - - - - - Fix persistent slowdown of autovacuum workers when multiple workers - remain active for a long time (Tom Lane) - - - - The effective vacuum_cost_limit for an autovacuum worker - could drop to nearly zero if it processed enough tables, causing it - to run extremely slowly. - - - - - - Fix long-term memory leak in autovacuum launcher (Alvaro Herrera) - - - - - - Avoid failure when trying to report an impending transaction - wraparound condition from outside a transaction (Tom Lane) - - - - This oversight prevented recovery after transaction wraparound got - too close, because database startup processing would fail. - - - - - - Add support for detecting register-stack overrun on IA64 - (Tom Lane) - - - - The IA64 architecture has two hardware stacks. Full - prevention of stack-overrun failures requires checking both. - - - - - - Add a check for stack overflow in copyObject() (Tom Lane) - - - - Certain code paths could crash due to stack overflow given a - sufficiently complex query. - - - - - - Fix detection of page splits in temporary GiST indexes (Heikki - Linnakangas) - - - - It is possible to have a concurrent page split in a - temporary index, if for example there is an open cursor scanning the - index when an insertion is done. GiST failed to detect this case and - hence could deliver wrong results when execution of the cursor - continued. - - - - - - Fix error checking during early connection processing (Tom Lane) - - - - The check for too many child processes was skipped in some cases, - possibly leading to postmaster crash when attempting to add the new - child process to fixed-size arrays. - - - - - - Improve efficiency of window functions (Tom Lane) - - - - Certain cases where a large number of tuples needed to be read in - advance, but work_mem was large enough to allow them all - to be held in memory, were unexpectedly slow. - percent_rank(), cume_dist() and - ntile() in particular were subject to this problem. - - - - - - Avoid memory leakage while ANALYZE'ing complex index - expressions (Tom Lane) - - - - - - Ensure an index that uses a whole-row Var still depends on its table - (Tom Lane) - - - - An index declared like create index i on t (foo(t.*)) - would not automatically get dropped when its table was dropped. - - - - - - Add missing support in DROP OWNED BY for removing foreign - data wrapper/server privileges belonging to a user (Heikki Linnakangas) - - - - - - Do not inline a SQL function with multiple OUT - parameters (Tom Lane) - - - - This avoids a possible crash due to loss of information about the - expected result rowtype. - - - - - - Fix crash when inline-ing a set-returning function whose argument list - contains a reference to an inline-able user function (Tom Lane) - - - - - - Behave correctly if ORDER BY, LIMIT, - FOR UPDATE, or WITH is attached to the - VALUES part of INSERT ... VALUES (Tom Lane) - - - - - - Make the OFF keyword unreserved (Heikki Linnakangas) - - - - This prevents problems with using off as a variable name in - PL/pgSQL. That worked before 9.0, but was now broken - because PL/pgSQL now treats all core reserved words - as reserved. - - - - - - Fix constant-folding of COALESCE() expressions (Tom Lane) - - - - The planner would sometimes attempt to evaluate sub-expressions that - in fact could never be reached, possibly leading to unexpected errors. - - - - - - Fix could not find pathkey item to sort planner failure - with comparison of whole-row Vars (Tom Lane) - - - - - - Fix postmaster crash when connection acceptance - (accept() or one of the calls made immediately after it) - fails, and the postmaster was compiled with GSSAPI support (Alexander - Chernikov) - - - - - - Retry after receiving an invalid response packet from a RADIUS - authentication server (Magnus Hagander) - - - - This fixes a low-risk potential denial of service condition. - - - - - - Fix missed unlink of temporary files when log_temp_files - is active (Tom Lane) - - - - If an error occurred while attempting to emit the log message, the - unlink was not done, resulting in accumulation of temp files. - - - - - - Add print functionality for InhRelation nodes (Tom Lane) - - - - This avoids a failure when debug_print_parse is enabled - and certain types of query are executed. - - - - - - Fix incorrect calculation of distance from a point to a horizontal - line segment (Tom Lane) - - - - This bug affected several different geometric distance-measurement - operators. - - - - - - Fix incorrect calculation of transaction status in - ecpg (Itagaki Takahiro) - - - - - - Fix errors in psql's Unicode-escape support (Tom Lane) - - - - - - Speed up parallel pg_restore when the archive - contains many large objects (blobs) (Tom Lane) - - - - - - Fix PL/pgSQL's handling of simple - expressions to not fail in recursion or error-recovery cases (Tom Lane) - - - - - - Fix PL/pgSQL's error reporting for no-such-column - cases (Tom Lane) - - - - As of 9.0, it would sometimes report missing FROM-clause entry - for table foo when record foo has no field bar would be - more appropriate. - - - - - - Fix PL/Python to honor typmod (i.e., length or - precision restrictions) when assigning to tuple fields (Tom Lane) - - - - This fixes a regression from 8.4. - - - - - - Fix PL/Python's handling of set-returning functions - (Jan Urbanski) - - - - Attempts to call SPI functions within the iterator generating a set - result would fail. - - - - - - Fix bug in contrib/cube's GiST picksplit algorithm - (Alexander Korotkov) - - - - This could result in considerable inefficiency, though not actually - incorrect answers, in a GiST index on a cube column. - If you have such an index, consider REINDEXing it after - installing this update. - - - - - - Don't emit identifier will be truncated notices in - contrib/dblink except when creating new connections - (Itagaki Takahiro) - - - - - - Fix potential coredump on missing public key in - contrib/pgcrypto (Marti Raudsepp) - - - - - - Fix buffer overrun in contrib/pg_upgrade (Hernan Gonzalez) - - - - - - Fix memory leak in contrib/xml2's XPath query functions - (Tom Lane) - - - - - - Update time zone data files to tzdata release 2010o - for DST law changes in Fiji and Samoa; - also historical corrections for Hong Kong. - - - - - - - - - - Release 9.0.1 - - - Release date: - 2010-10-04 - - - - This release contains a variety of fixes from 9.0.0. - For information about new features in the 9.0 major release, see - . - - - - Migration to Version 9.0.1 - - - A dump/restore is not required for those running 9.0.X. - - - - - - Changes - - - - - - Use a separate interpreter for each calling SQL userid in PL/Perl and - PL/Tcl (Tom Lane) - - - - This change prevents security problems that can be caused by subverting - Perl or Tcl code that will be executed later in the same session under - another SQL user identity (for example, within a SECURITY - DEFINER function). Most scripting languages offer numerous ways that - that might be done, such as redefining standard functions or operators - called by the target function. Without this change, any SQL user with - Perl or Tcl language usage rights can do essentially anything with the - SQL privileges of the target function's owner. - - - - The cost of this change is that intentional communication among Perl - and Tcl functions becomes more difficult. To provide an escape hatch, - PL/PerlU and PL/TclU functions continue to use only one interpreter - per session. This is not considered a security issue since all such - functions execute at the trust level of a database superuser already. - - - - It is likely that third-party procedural languages that claim to offer - trusted execution have similar security issues. We advise contacting - the authors of any PL you are depending on for security-critical - purposes. - - - - Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433). - - - - - - Improve pg_get_expr() security fix so that the function - can still be used on the output of a sub-select (Tom Lane) - - - - - - Fix incorrect placement of placeholder evaluation (Tom Lane) - - - - This bug could result in query outputs being non-null when they - should be null, in cases where the inner side of an outer join - is a sub-select with non-strict expressions in its output list. - - - - - - Fix join removal's handling of placeholder expressions (Tom Lane) - - - - - - Fix possible duplicate scans of UNION ALL member relations - (Tom Lane) - - - - - - Prevent infinite loop in ProcessIncomingNotify() after unlistening - (Jeff Davis) - - - - - - Prevent show_session_authorization() from crashing within autovacuum - processes (Tom Lane) - - - - - - Re-allow input of Julian dates prior to 0001-01-01 AD (Tom Lane) - - - - Input such as 'J100000'::date worked before 8.4, - but was unintentionally broken by added error-checking. - - - - - - Make psql recognize DISCARD ALL as a command that should - not be encased in a transaction block in autocommit-off mode - (Itagaki Takahiro) - - - - - - Update build infrastructure and documentation to reflect the source code - repository's move from CVS to Git (Magnus Hagander and others) - - - - - - - - - - Release 9.0 - - - Release date: - 2010-09-20 - - - - Overview - - - This release of - PostgreSQL adds features that have been requested - for years, such as easy-to-use replication, a mass permission-changing - facility, and anonymous code blocks. While past major releases have - been conservative in their scope, this release shows a - bold new desire to provide facilities that new and existing - users of PostgreSQL will embrace. This has all - been done with few incompatibilities. Major enhancements include: - - - - - - - - - - Built-in replication based on log shipping. This advance consists of - two features: Streaming Replication, allowing continuous archive - (WAL) files to be streamed over a network connection to a - standby server, and Hot Standby, allowing continuous archive standby - servers to execute read-only queries. The net effect is to support a - single master with multiple read-only slave servers. - - - - - - Easier database object permissions management. GRANT/REVOKE IN - SCHEMA supports mass permissions changes on existing objects, - while ALTER DEFAULT - PRIVILEGES allows control of privileges for objects created in - the future. Large objects (BLOBs) now support permissions management as - well. - - - - - - Broadly enhanced stored procedure support. - The DO statement supports - ad-hoc or anonymous code blocks. - Functions can now be called using named parameters. - PL/pgSQL is now installed by default, and - PL/Perl and PL/Python have been enhanced in several ways, - including support for Python3. - - - - - - Full support for 64-bit - Windows. - - - - - - More advanced reporting queries, including additional windowing options - (PRECEDING and FOLLOWING) and the ability to - control the order in which values are fed to aggregate functions. - - - - - - New trigger features, including - SQL-standard-compliant per-column triggers and - conditional trigger execution. - - - - - - Deferrable - unique constraints. Mass updates to unique keys are now possible - without trickery. - - - - - - Exclusion constraints. - These provide a generalized version of unique constraints, allowing - enforcement of complex conditions. - - - - - - New and enhanced security features, including RADIUS authentication, - LDAP authentication improvements, and a new contrib module - passwordcheck - for testing password strength. - - - - - - New high-performance implementation of the - LISTEN/NOTIFY feature. - Pending events are now stored in a memory-based queue rather than - a table. Also, a payload string can be sent with each - event, rather than transmitting just an event name as before. - - - - - - New implementation of - VACUUM FULL. - This command now rewrites the entire table and indexes, rather than - moving individual rows to compact space. It is substantially faster - in most cases, and no longer results in index bloat. - - - - - - New contrib module - pg_upgrade - to support in-place upgrades from 8.3 or 8.4 to 9.0. - - - - - - Multiple performance enhancements for specific types of queries, - including elimination of unnecessary joins. This helps optimize some - automatically-generated queries, such as those produced by - object-relational mappers (ORMs). - - - - - - EXPLAIN enhancements. - The output is now available in JSON, XML, or YAML format, and includes - buffer utilization and other data not previously available. - - - - - - hstore improvements, - including new functions and greater data capacity. - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.0 - - - A dump/restore using pg_dump, - or use of pg_upgrade, is required - for those wishing to migrate data from any previous - release. - - - - Version 9.0 contains a number of changes that selectively break backwards - compatibility in order to support new features and code quality - improvements. In particular, users who make extensive use of PL/pgSQL, - Point-In-Time Recovery (PITR), or Warm Standby should test their - applications because of slight user-visible changes in those areas. - Observe the following incompatibilities: - - - - Server Settings - - - - - - Remove server parameter add_missing_from, which was - defaulted to off for many years (Tom Lane) - - - - - - Remove server parameter regex_flavor, which - was defaulted to advanced - for many years (Tom Lane) - - - - - - archive_mode - now only affects archive_command; - a new setting, wal_level, affects - the contents of the write-ahead log (Heikki Linnakangas) - - - - - - log_temp_files - now uses default file size units of kilobytes (Robert Haas) - - - - - - - - - Queries - - - - - - When querying a parent table, - do not do any separate permission checks on child tables - scanned as part of the query (Peter Eisentraut) - - - - The SQL standard specifies this behavior, and it is also much more - convenient in practice than the former behavior of checking permissions - on each child as well as the parent. - - - - - - - - - Data Types - - - - - - bytea output now - appears in hex format by default (Peter Eisentraut) - - - - The server parameter bytea_output can be - used to select the traditional output format if needed for - compatibility. - - - - - - Array input now considers only plain ASCII whitespace characters - to be potentially ignorable; it will never ignore non-ASCII characters, - even if they are whitespace according to some locales (Tom Lane) - - - - This avoids some corner cases where array values could be interpreted - differently depending on the server's locale settings. - - - - - - Improve standards compliance of SIMILAR TO - patterns and SQL-style substring() patterns (Tom Lane) - - - - This includes treating ? and {...} as - pattern metacharacters, while they were simple literal characters - before; that corresponds to new features added in SQL:2008. - Also, ^ and $ are now treated as simple - literal characters; formerly they were treated as metacharacters, - as if the pattern were following POSIX rather than SQL rules. - Also, in SQL-standard substring(), use of parentheses - for nesting no longer interferes with capturing of a substring. - Also, processing of bracket expressions (character classes) is - now more standards-compliant. - - - - - - Reject negative length values in 3-parameter substring() - for bit strings, per the SQL standard (Tom Lane) - - - - - - Make date_trunc truncate rather than round when reducing - precision of fractional seconds (Tom Lane) - - - - The code always acted this way for integer-based dates/times. - Now float-based dates/times behave similarly. - - - - - - - - - Object Renaming - - - - - - Tighten enforcement of column name consistency during RENAME - when a child table inherits the same column from multiple unrelated - parents (KaiGai Kohei) - - - - - - No longer automatically rename indexes and index columns when the - underlying table columns are renamed (Tom Lane) - - - - Administrators can still rename such indexes and columns manually. - This change will require an update of the JDBC driver, and possibly other - drivers, so that unique indexes are correctly recognized after a rename. - - - - - - CREATE OR REPLACE FUNCTION can no longer change - the declared names of function parameters (Pavel Stehule) - - - - In order to avoid creating ambiguity in named-parameter calls, it is - no longer allowed to change the aliases for input parameters - in the declaration of an existing function (although names can still - be assigned to previously unnamed parameters). You now have to - DROP and recreate the function to do that. - - - - - - - - - PL/pgSQL - - - - - - PL/pgSQL now throws an error if a variable name conflicts with a - column name used in a query (Tom Lane) - - - - The former behavior was to bind ambiguous names to PL/pgSQL variables - in preference to query columns, which often resulted in surprising - misbehavior. Throwing an error allows easy detection of ambiguous - situations. Although it's recommended that functions encountering this - type of error be modified to remove the conflict, the old behavior can - be restored if necessary via the configuration parameter plpgsql.variable_conflict, - or via the per-function option #variable_conflict. - - - - - - PL/pgSQL no longer allows variable names that match certain SQL - reserved words (Tom Lane) - - - - This is a consequence of aligning the PL/pgSQL parser to match the - core SQL parser more closely. If necessary, - variable names can be double-quoted to avoid this restriction. - - - - - - PL/pgSQL now requires columns of composite results to match the - expected type modifier as well as base type (Pavel Stehule, Tom Lane) - - - - For example, if a column of the result type is declared as - NUMERIC(30,2), it is no longer acceptable to return a - NUMERIC of some other precision in that column. Previous - versions neglected to check the type modifier and would thus allow - result rows that didn't actually conform to the declared restrictions. - - - - - - PL/pgSQL now treats selection into composite fields more consistently - (Tom Lane) - - - - Formerly, a statement like - SELECT ... INTO rec.fld FROM ... - was treated as a scalar assignment even if the record field - fld was of composite type. Now it is treated as a - record assignment, the same as when the INTO target is a - regular variable of composite type. So the values to be assigned to the - field's subfields should be written as separate columns of the - SELECT list, not as a ROW(...) construct as in - previous versions. - - - - If you need to do this in a way that will work in both 9.0 and previous - releases, you can write something like - rec.fld := ROW(...) FROM .... - - - - - - Remove PL/pgSQL's RENAME declaration (Tom Lane) - - - - Instead of RENAME, use ALIAS, - which can now create an alias for any variable, not only dollar sign - parameter names (such as $1) as before. - - - - - - - - Other Incompatibilities - - - - - - Deprecate use of => as an operator name (Robert Haas) - - - - Future versions of PostgreSQL will probably reject - this operator name entirely, in order to support the SQL-standard - notation for named function parameters. For the moment, it is - still allowed, but a warning is emitted when such an operator is - defined. - - - - - - Remove support for platforms that don't have a working 64-bit - integer data type (Tom Lane) - - - - It is believed all still-supported platforms have working 64-bit - integer data types. - - - - - - - - - Changes - - Version 9.0 has an unprecedented number of new major features, - and over 200 enhancements, improvements, new commands, - new functions, and other changes. - - - - Server - - - Continuous Archiving and Streaming Replication - - - PostgreSQL's existing standby-server capability has been expanded both to - support read-only queries on standby servers and to greatly reduce - the lag between master and standby servers. For many users, this - will be a useful and low-administration form of replication, either - for high availability or for horizontal scalability. - - - - - - Allow a standby server to accept read-only queries - (Simon Riggs, Heikki Linnakangas) - - - - This feature is called Hot Standby. There are new - postgresql.conf and recovery.conf - settings to control this feature, as well as extensive - documentation. - - - - - - Allow write-ahead log (WAL) data to be streamed to a - standby server (Fujii Masao, Heikki Linnakangas) - - - - This feature is called Streaming Replication. - Previously WAL data could be sent to standby servers only - in units of entire WAL files (normally 16 megabytes each). - Streaming Replication eliminates this inefficiency and allows updates - on the master to be propagated to standby servers with very little - delay. There are new postgresql.conf and - recovery.conf settings to control this feature, as well as - extensive documentation. - - - - - - Add pg_last_xlog_receive_location() - and pg_last_xlog_replay_location(), which - can be used to monitor standby server WAL - activity (Simon Riggs, Fujii Masao, Heikki Linnakangas) - - - - - - - - - Performance - - - - - - Allow per-tablespace values to be set for sequential and random page - cost estimates (seq_page_cost/random_page_cost) - via ALTER TABLESPACE - ... SET/RESET (Robert Haas) - - - - - - Improve performance and reliability of EvalPlanQual rechecks in join - queries (Tom Lane) - - - - UPDATE, DELETE, and SELECT FOR - UPDATE/SHARE queries that involve joins will now behave much better - when encountering freshly-updated rows. - - - - - - Improve performance of TRUNCATE when - the table was created or truncated earlier in the same transaction - (Tom Lane) - - - - - - Improve performance of finding inheritance child tables (Tom Lane) - - - - - - - - - Optimizer - - - - - - Remove unnecessary outer - joins (Robert Haas) - - - - Outer joins where the inner side is unique and not referenced above - the join are unnecessary and are therefore now removed. This will - accelerate many automatically generated queries, such as those created - by object-relational mappers (ORMs). - - - - - - Allow IS NOT NULL restrictions to use indexes (Tom Lane) - - - - This is particularly useful for finding - MAX()/MIN() values in indexes that - contain many null values. - - - - - - Improve the optimizer's choices about when to use materialize nodes, - and when to use sorting versus hashing for DISTINCT - (Tom Lane) - - - - - - Improve the optimizer's equivalence detection for expressions involving - boolean <> operators (Tom Lane) - - - - - - - <link linkend="geqo">GEQO</link> - - - - - - Use the same random seed every time GEQO plans a query (Andres - Freund) - - - - While the Genetic Query Optimizer (GEQO) still selects - random plans, it now always selects the same random plans for identical - queries, thus giving more consistent performance. You can modify geqo_seed to experiment with - alternative plans. - - - - - - Improve GEQO plan selection (Tom Lane) - - - - This avoids the rare error failed to make a valid plan, - and should also improve planning speed. - - - - - - - - - Optimizer Statistics - - - - - - Improve ANALYZE - to support inheritance-tree statistics (Tom Lane) - - - - This is particularly useful for partitioned tables. However, - autovacuum does not yet automatically re-analyze parent tables - when child tables change. - - - - - - Improve autovacuum's - detection of when re-analyze is necessary (Tom Lane) - - - - - - Improve optimizer's estimation for greater/less-than comparisons - (Tom Lane) - - - - When looking up statistics for greater/less-than comparisons, - if the comparison value is in the first or last histogram bucket, - use an index (if available) to fetch the current actual column - minimum or maximum. This greatly improves the accuracy of estimates - for comparison values near the ends of the data range, particularly - if the range is constantly changing due to addition of new data. - - - - - - Allow setting of number-of-distinct-values statistics using ALTER TABLE - (Robert Haas) - - - - This allows users to override the estimated number or percentage of - distinct values for a column. This statistic is normally computed by - ANALYZE, but the estimate can be poor, especially on tables - with very large numbers of rows. - - - - - - - - - Authentication - - - - - - Add support for RADIUS (Remote - Authentication Dial In User Service) authentication - (Magnus Hagander) - - - - - - Allow LDAP - (Lightweight Directory Access Protocol) authentication - to operate in search/bind mode - (Robert Fleming, Magnus Hagander) - - - - This allows the user to be looked up first, then the system uses - the DN (Distinguished Name) returned for that user. - - - - - - Add samehost - and samenet designations to - pg_hba.conf (Stef Walter) - - - - These match the server's IP address and subnet address - respectively. - - - - - - Pass trusted SSL root certificate names to the client so the client - can return an appropriate client certificate (Craig Ringer) - - - - - - - - - Monitoring - - - - - - Add the ability for clients to set an application - name, which is displayed in - pg_stat_activity (Dave Page) - - - - This allows administrators to characterize database traffic - and troubleshoot problems by source application. - - - - - - Add a SQLSTATE option (%e) to log_line_prefix - (Guillaume Smet) - - - - This allows users to compile statistics on errors and messages - by error code number. - - - - - - - Write to the Windows event log in UTF16 encoding - (Itagaki Takahiro) - - - - Now there is true multilingual support for PostgreSQL log messages - on Windows. - - - - - - - - - Statistics Counters - - - - - - Add pg_stat_reset_shared('bgwriter') - to reset the cluster-wide shared statistics for the - background writer (Greg Smith) - - - - - - Add pg_stat_reset_single_table_counters() - and pg_stat_reset_single_function_counters() - to allow resetting the statistics counters for individual - tables and functions (Magnus Hagander) - - - - - - - - - Server Settings - - - - - - Allow setting of configuration parameters based on database/role combinations - (Alvaro Herrera) - - - - Previously only per-database and per-role settings were possible, - not combinations. All role and database settings are now stored - in the new pg_db_role_setting system catalog. A new - psql command \drds shows these settings. - The legacy system views pg_roles, - pg_shadow, and pg_user - do not show combination settings, and therefore no longer - completely represent the configuration for a user or database. - - - - - - Add server parameter bonjour, which - controls whether a Bonjour-enabled server advertises - itself via Bonjour (Tom Lane) - - - - The default is off, meaning it does not advertise. This allows - packagers to distribute Bonjour-enabled builds without worrying - that individual users might not want the feature. - - - - - - Add server parameter enable_material, which - controls the use of materialize nodes in the optimizer - (Robert Haas) - - - - The default is on. When off, the optimizer will not add - materialize nodes purely for performance reasons, though they - will still be used when necessary for correctness. - - - - - - Change server parameter log_temp_files to - use default file size units of kilobytes (Robert Haas) - - - - Previously this setting was interpreted in bytes if no units were - specified. - - - - - - Log changes of parameter values when postgresql.conf is - reloaded (Peter Eisentraut) - - - - This lets administrators and security staff audit changes of database - settings, and is also very convenient for checking the effects of - postgresql.conf edits. - - - - - - Properly enforce superuser permissions for custom server parameters - (Tom Lane) - - - - Non-superusers can no longer issue ALTER - ROLE/DATABASE SET for parameters that are not currently - known to the server. This allows the server to correctly check that - superuser-only parameters are only set by superusers. Previously, - the SET would be allowed and then ignored at session start, - making superuser-only custom parameters much less useful than they - should be. - - - - - - - - - - - Queries - - - - - - Perform SELECT - FOR UPDATE/SHARE processing after - applying LIMIT, so the number of rows returned - is always predictable (Tom Lane) - - - - Previously, changes made by concurrent transactions could cause a - SELECT FOR UPDATE to unexpectedly return fewer rows than - specified by its LIMIT. FOR UPDATE in combination - with ORDER BY can still produce surprising results, but that - can be corrected by placing FOR UPDATE in a subquery. - - - - - - Allow mixing of traditional and SQL-standard LIMIT/OFFSET - syntax (Tom Lane) - - - - - - Extend the supported frame options in window functions (Hitoshi - Harada) - - - - Frames can now start with CURRENT ROW, and the ROWS - n PRECEDING/FOLLOWING options are now - supported. - - - - - - Make SELECT INTO and CREATE TABLE AS return - row counts to the client in their command tags - (Boszormenyi Zoltan) - - - - This can save an entire round-trip to the client, allowing result counts - and pagination to be calculated without an additional - COUNT query. - - - - - - - Unicode Strings - - - - - - Support Unicode surrogate pairs (dual 16-bit representation) in - U& - strings and identifiers (Peter Eisentraut) - - - - - - Support Unicode escapes in E'...' - strings (Marko Kreen) - - - - - - - - - - - Object Manipulation - - - - - - Speed up CREATE - DATABASE by deferring flushes to disk (Andres - Freund, Greg Stark) - - - - - - Allow comments on - columns of tables, views, and composite types only, not other - relation types such as indexes and TOAST tables (Tom Lane) - - - - - - Allow the creation of enumerated types containing - no values (Bruce Momjian) - - - - - - Let values of columns having storage type MAIN remain on - the main heap page unless the row cannot fit on a page (Kevin Grittner) - - - - Previously MAIN values were forced out to TOAST - tables until the row size was less than one-quarter of the page size. - - - - - - - <command>ALTER TABLE</> - - - - - - Implement IF EXISTS for ALTER TABLE DROP COLUMN - and ALTER TABLE DROP CONSTRAINT (Andres Freund) - - - - - - Allow ALTER TABLE commands that rewrite tables to skip - WAL logging (Itagaki Takahiro) - - - - Such operations either produce a new copy of the table or are rolled - back, so WAL archiving can be skipped, unless running in - continuous archiving mode. This reduces I/O overhead and improves - performance. - - - - - - Fix failure of ALTER TABLE table ADD COLUMN - col serial when done by non-owner of table - (Tom Lane) - - - - - - - - - <link linkend="SQL-CREATETABLE"><command>CREATE TABLE</></link> - - - - - - Add support for copying COMMENTS and STORAGE - settings in CREATE TABLE ... LIKE commands - (Itagaki Takahiro) - - - - - - Add a shortcut for copying all properties in CREATE - TABLE ... LIKE commands (Itagaki Takahiro) - - - - - - Add the SQL-standard - CREATE TABLE ... OF type command - (Peter Eisentraut) - - - - This allows creation of a table that matches an existing composite - type. Additional constraints and defaults can be specified in the - command. - - - - - - - - - Constraints - - - - - - Add deferrable - unique constraints (Dean Rasheed) - - - - This allows mass updates, such as - UPDATE tab SET col = col + 1, - to work reliably - on columns that have unique indexes or are marked as primary keys. - If the constraint is specified as DEFERRABLE it will be - checked at the end of the statement, rather than after each row is - updated. The constraint check can also be deferred until the end of the - current transaction, allowing such updates to be spread over multiple - SQL commands. - - - - - - Add - exclusion constraints - (Jeff Davis) - - - - Exclusion constraints generalize uniqueness constraints by allowing - arbitrary comparison operators, not just equality. They are created - with the CREATE - TABLE CONSTRAINT ... EXCLUDE clause. - The most common use of exclusion constraints is to specify that column - entries must not overlap, rather than simply not be equal. This is - useful for time periods and other ranges, as well as arrays. - This feature enhances checking of data integrity for many - calendaring, time-management, and scientific applications. - - - - - - Improve uniqueness-constraint violation error messages to - report the values causing the failure (Itagaki Takahiro) - - - - For example, a uniqueness constraint violation might now report - Key (x)=(2) already exists. - - - - - - - - - Object Permissions - - - - - - Add the ability to make mass permission changes across a whole - schema using the new GRANT/REVOKE - IN SCHEMA clause (Petr Jelinek) - - - - This simplifies management of object permissions - and makes it easier to utilize database roles for application - data security. - - - - - - Add ALTER - DEFAULT PRIVILEGES command to control privileges - of objects created later (Petr Jelinek) - - - - This greatly simplifies the assignment of object privileges in a - complex database application. Default privileges can be set for - tables, views, sequences, and functions. Defaults may be assigned on a - per-schema basis, or database-wide. - - - - - - Add the ability to control large object (BLOB) permissions with - GRANT/REVOKE (KaiGai Kohei) - - - - Formerly, any database user could read or modify any large object. - Read and write permissions can now be granted and revoked per - large object, and the ownership of large objects is tracked. - - - - - - - - - - - Utility Operations - - - - - - Make LISTEN/NOTIFY store pending events - in a memory queue, rather than in a system table (Joachim - Wieland) - - - - This substantially improves performance, while retaining the existing - features of transactional support and guaranteed delivery. - - - - - - Allow NOTIFY - to pass an optional payload string to listeners - (Joachim Wieland) - - - - This greatly improves the usefulness of - LISTEN/NOTIFY as a - general-purpose event queue system. - - - - - - Allow CLUSTER - on all per-database system catalogs (Tom Lane) - - - - Shared catalogs still cannot be clustered. - - - - - - - <link linkend="SQL-COPY"><command>COPY</></link> - - - - - - Accept COPY ... CSV FORCE QUOTE * - (Itagaki Takahiro) - - - - Now * can be used as shorthand for all columns - in the FORCE QUOTE clause. - - - - - - Add new COPY syntax that allows options to be - specified inside parentheses (Robert Haas, Emmanuel Cecchet) - - - - This allows greater flexibility for future COPY options. - The old syntax is still supported, but only for pre-existing options. - - - - - - - - - <link linkend="SQL-EXPLAIN"><command>EXPLAIN</></link> - - - - - - Allow EXPLAIN to output in XML, - JSON, or YAML format (Robert Haas, Greg - Sabino Mullane) - - - - The new output formats are easily machine-readable, supporting the - development of new tools for analysis of EXPLAIN output. - - - - - - Add new BUFFERS option to report query - buffer usage during EXPLAIN ANALYZE (Itagaki Takahiro) - - - - This allows better query profiling for individual queries. - Buffer usage is no longer reported in the output for log_statement_stats - and related settings. - - - - - - Add hash usage information to EXPLAIN output (Robert - Haas) - - - - - - Add new EXPLAIN syntax that allows options to be - specified inside parentheses (Robert Haas) - - - - This allows greater flexibility for future EXPLAIN options. - The old syntax is still supported, but only for pre-existing options. - - - - - - - - - <link linkend="SQL-VACUUM"><command>VACUUM</></link> - - - - - - Change VACUUM FULL to rewrite the entire table and - rebuild its indexes, rather than moving individual rows around to - compact space (Itagaki Takahiro, Tom Lane) - - - - The previous method was usually slower and caused index bloat. - Note that the new method will use more disk space transiently - during VACUUM FULL; potentially as much as twice - the space normally occupied by the table and its indexes. - - - - - - - Add new VACUUM syntax that allows options to be - specified inside parentheses (Itagaki Takahiro) - - - - This allows greater flexibility for future VACUUM options. - The old syntax is still supported, but only for pre-existing options. - - - - - - - - - Indexes - - - - - - Allow an index to be named automatically by omitting the index name in - CREATE INDEX - (Tom Lane) - - - - - - By default, multicolumn indexes are now named after all their columns; - and index expression columns are now named based on their expressions - (Tom Lane) - - - - - - Reindexing shared system catalogs is now fully transactional - and crash-safe (Tom Lane) - - - - Formerly, reindexing a shared index was only allowed in standalone - mode, and a crash during the operation could leave the index in - worse condition than it was before. - - - - - - Add point_ops operator class for GiST - (Teodor Sigaev) - - - - This feature permits GiST indexing of point - columns. The index can be used for several types of queries - such as point <@ polygon - (point is in polygon). This should make many - PostGIS queries faster. - - - - - - Use red-black binary trees for GIN index creation - (Teodor Sigaev) - - - - Red-black trees are self-balancing. This avoids slowdowns in - cases where the input is in nonrandom order. - - - - - - - - - - - - Data Types - - - - - - Allow bytea values - to be written in hex notation (Peter Eisentraut) - - - - The server parameter bytea_output controls - whether hex or traditional format is used for bytea - output. Libpq's PQescapeByteaConn() function automatically - uses the hex format when connected to PostgreSQL 9.0 - or newer servers. However, pre-9.0 libpq versions will not - correctly process hex format from newer servers. - - - - The new hex format will be directly compatible with more applications - that use binary data, allowing them to store and retrieve it without - extra conversion. It is also significantly faster to read and write - than the traditional format. - - - - - - Allow server parameter extra_float_digits - to be increased to 3 (Tom Lane) - - - - The previous maximum extra_float_digits setting was - 2. There are cases where 3 digits are needed to dump and - restore float4 values exactly. pg_dump will - now use the setting of 3 when dumping from a server that allows it. - - - - - - Tighten input checking for int2vector values (Caleb - Welton) - - - - - - - <link linkend="textsearch">Full Text Search</link> - - - - - - Add prefix support in synonym dictionaries - (Teodor Sigaev) - - - - - - Add filtering dictionaries (Teodor Sigaev) - - - - Filtering dictionaries allow tokens to be modified then passed to - subsequent dictionaries. - - - - - - Allow underscores in email-address tokens (Teodor Sigaev) - - - - - - Use more standards-compliant rules for parsing URL tokens - (Tom Lane) - - - - - - - - - - - Functions - - - - - - Allow function calls to supply parameter names and match them to named - parameters in the function definition (Pavel Stehule) - - - - For example, if a function is defined to take parameters a - and b, it can be called with func(a := 7, b - := 12) or func(b := 12, a := 7). - - - - - - Support locale-specific regular expression - processing with UTF-8 server encoding (Tom Lane) - - - - Locale-specific regular expression functionality includes - case-insensitive matching and locale-specific character classes. - Previously, these features worked correctly for non-ASCII - characters only if the database used a single-byte server encoding (such - as LATIN1). They will still misbehave in multi-byte encodings other - than UTF-8. - - - - - - Add support for scientific notation in to_char() - (EEEE - specification) - (Pavel Stehule, Brendan Jurd) - - - - - - Make to_char() honor FM - (fill mode) in Y, YY, and - YYY specifications (Bruce Momjian, Tom Lane) - - - - It was already honored by YYYY. - - - - - - Fix to_char() to output localized numeric and monetary - strings in the correct encoding on Windows - (Hiroshi Inoue, Itagaki Takahiro, Bruce Momjian) - - - - - - Correct calculations of overlaps - and contains operations for polygons (Teodor Sigaev) - - - - The polygon && (overlaps) operator formerly just - checked to see if the two polygons' bounding boxes overlapped. It now - does a more correct check. The polygon @> and - <@ (contains/contained by) operators formerly checked - to see if one polygon's vertexes were all contained in the other; - this can wrongly report true for some non-convex polygons. - Now they check that all line segments of one polygon are contained in - the other. - - - - - - - Aggregates - - - - - - Allow aggregate functions to use ORDER BY (Andrew Gierth) - - - - For example, this is now supported: array_agg(a ORDER BY - b). This is useful with aggregates for which the order of input - values is significant, and eliminates the need to use a nonstandard - subquery to determine the ordering. - - - - - - Multi-argument aggregate functions can now use DISTINCT - (Andrew Gierth) - - - - - - Add the string_agg() - aggregate function to combine values into a single - string (Pavel Stehule) - - - - - - Aggregate functions that are called with DISTINCT are - now passed NULL values if the aggregate transition function is - not marked as STRICT (Andrew Gierth) - - - - For example, agg(DISTINCT x) might pass a NULL x - value to agg(). This is more consistent with the behavior - in non-DISTINCT cases. - - - - - - - - - Bit Strings - - - - - - Add get_bit() - and set_bit() functions for bit - strings, mirroring those for bytea (Leonardo - F) - - - - - - Implement OVERLAY() - (replace) for bit strings and bytea - (Leonardo F) - - - - - - - - - Object Information Functions - - - - - - Add pg_table_size() - and pg_indexes_size() to provide a more - user-friendly interface to the pg_relation_size() - function (Bernd Helmle) - - - - - - Add has_sequence_privilege() - for sequence permission checking (Abhijit Menon-Sen) - - - - - - Update the information_schema - views to conform to SQL:2008 - (Peter Eisentraut) - - - - - - Make the information_schema views correctly display maximum - octet lengths for char and varchar columns (Peter - Eisentraut) - - - - - - Speed up information_schema privilege views - (Joachim Wieland) - - - - - - - - - Function and Trigger Creation - - - - - - Support execution of anonymous code blocks using the DO statement - (Petr Jelinek, Joshua Tolley, Hannu Valtonen) - - - - This allows execution of server-side code without the need to create - and delete a temporary function definition. Code can be executed in - any language for which the user has permissions to define a function. - - - - - - Implement SQL-standard-compliant per-column triggers - (Itagaki Takahiro) - - - - Such triggers are fired only when the specified column(s) are affected - by the query, e.g. appear in an UPDATE's SET - list. - - - - - - Add the WHEN clause to CREATE TRIGGER - to allow control over whether a trigger is fired (Itagaki - Takahiro) - - - - While the same type of check can always be performed inside the - trigger, doing it in an external WHEN clause can have - performance benefits. - - - - - - - - - - - Server-Side Languages - - - - - - Add the OR REPLACE clause to CREATE LANGUAGE - (Tom Lane) - - - - This is helpful to optionally install a language if it does not - already exist, and is particularly helpful now that PL/pgSQL is - installed by default. - - - - - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side - Language - - - - - - Install PL/pgSQL by default (Bruce Momjian) - - - - The language can still be removed from a particular database if the - administrator has security or performance concerns about making it - available. - - - - - - Improve handling of cases where PL/pgSQL variable names conflict with - identifiers used in queries within a function - (Tom Lane) - - - - The default behavior is now to throw an error when there is a conflict, - so as to avoid surprising behaviors. This can be modified, via the - configuration parameter plpgsql.variable_conflict - or the per-function option #variable_conflict, to allow - either the variable or the query-supplied column to be used. In any - case PL/pgSQL will no longer attempt to substitute variables in places - where they would not be syntactically valid. - - - - - - Make PL/pgSQL use the main lexer, rather than its own version - (Tom Lane) - - - - This ensures accurate tracking of the main system's behavior for details - such as string escaping. Some user-visible details, such as the set - of keywords considered reserved in PL/pgSQL, have changed in - consequence. - - - - - - Avoid throwing an unnecessary error for an invalid record reference - (Tom Lane) - - - - An error is now thrown only if the reference is actually fetched, - rather than whenever the enclosing expression is reached. For - example, many people have tried to do this in triggers: - -if TG_OP = 'INSERT' and NEW.col1 = ... then - - This will now actually work as expected. - - - - - - Improve PL/pgSQL's ability to handle row types with dropped columns - (Pavel Stehule) - - - - - - Allow input parameters to be assigned values within - PL/pgSQL functions (Steve Prentice) - - - - Formerly, input parameters were treated as being declared - CONST, so the function's code could not change their - values. This restriction has been removed to simplify - porting of functions from other DBMSes that do not impose the - equivalent restriction. An input parameter now acts like a local - variable initialized to the passed-in value. - - - - - - Improve error location reporting in PL/pgSQL (Tom Lane) - - - - - - Add count and ALL options to MOVE - FORWARD/BACKWARD in PL/pgSQL (Pavel Stehule) - - - - - - Allow PL/pgSQL's WHERE CURRENT OF to use a cursor - variable (Tom Lane) - - - - - - Allow PL/pgSQL's OPEN cursor FOR EXECUTE to - use parameters (Pavel Stehule, Itagaki Takahiro) - - - - This is accomplished with a new USING clause. - - - - - - - - - <link linkend="plperl">PL/Perl</link> Server-Side Language - - - - - - Add new PL/Perl functions: quote_literal(), - quote_nullable(), quote_ident(), - encode_bytea(), decode_bytea(), - looks_like_number(), - encode_array_literal(), - encode_array_constructor() (Tim Bunce) - - - - - - Add server parameter plperl.on_init to - specify a PL/Perl initialization function (Tim - Bunce) - - - - plperl.on_plperl_init - and plperl.on_plperlu_init - are also available for initialization that is specific to the trusted - or untrusted language respectively. - - - - - - Support END blocks in PL/Perl (Tim Bunce) - - - - END blocks do not currently allow database access. - - - - - - Allow use strict in PL/Perl (Tim Bunce) - - - - Perl strict checks can also be globally enabled with the - new server parameter plperl.use_strict. - - - - - - Allow require in PL/Perl (Tim Bunce) - - - - This basically tests to see if the module is loaded, and if not, - generates an error. It will not allow loading of modules that - the administrator has not preloaded via the initialization parameters. - - - - - - Allow use feature in PL/Perl if Perl version 5.10 or - later is used (Tim Bunce) - - - - - - Verify that PL/Perl return values are valid in the server encoding - (Andrew Dunstan) - - - - - - - - - <link linkend="plpython">PL/Python</link> Server-Side Language - - - - - - Add Unicode support in PL/Python (Peter Eisentraut) - - - - Strings are automatically converted from/to the server encoding as - necessary. - - - - - - Improve bytea support in PL/Python (Caleb Welton) - - - - Bytea values passed into PL/Python are now represented as - binary, rather than the PostgreSQL bytea text format. - Bytea values containing null bytes are now also output - properly from PL/Python. Passing of boolean, integer, and float - values was also improved. - - - - - - Support arrays as parameters and - return values in PL/Python (Peter Eisentraut) - - - - - - Improve mapping of SQL domains to Python types (Peter Eisentraut) - - - - - - Add Python 3 support to PL/Python (Peter Eisentraut) - - - - The new server-side language is called plpython3u. This - cannot be used in the same session with the - Python 2 server-side language. - - - - - - Improve error location and exception reporting in PL/Python (Peter Eisentraut) - - - - - - - - - - - Client Applications - - - - - - Add an - - - - - - <link linkend="APP-PSQL"><application>psql</></link> - - - - - - Add support for quoting/escaping the values of psql - variables as SQL strings or - identifiers (Pavel Stehule, Robert Haas) - - - - For example, :'var' will produce the value of - var quoted and properly escaped as a literal string, while - :"var" will produce its value quoted and escaped as an - identifier. - - - - - - Ignore a leading UTF-8-encoded Unicode byte-order marker in - script files read by psql (Itagaki Takahiro) - - - - This is enabled when the client encoding is UTF-8. - It improves compatibility with certain editors, mostly on Windows, - that insist on inserting such markers. - - - - - - Fix psql --file - to properly honor - - - - - Avoid overwriting of psql's command-line history when - two psql sessions are run concurrently (Tom Lane) - - - - - - Improve psql's tab completion support (Itagaki - Takahiro) - - - - - - Show \timing output when it is enabled, regardless of - quiet mode (Peter Eisentraut) - - - - - - - <application>psql</> Display - - - - - - Improve display of wrapped columns in psql (Roger - Leigh) - - - - This behavior is now the default. - The previous formatting is available by using \pset linestyle - old-ascii. - - - - - - Allow psql to use fancy Unicode line-drawing - characters via \pset linestyle unicode (Roger Leigh) - - - - - - - - - <application>psql</> <link - linkend="APP-PSQL-meta-commands"><command>\d</></link> - Commands - - - - - - Make \d show child tables that inherit from the specified - parent (Damien Clochard) - - - - \d shows only the number of child tables, while - \d+ shows the names of all child tables. - - - - - - Show definitions of index columns in \d index_name - (Khee Chin) - - - - The definition is useful for expression indexes. - - - - - - Show a view's defining query only in - \d+, not in \d (Peter Eisentraut) - - - - Always including the query was deemed overly verbose. - - - - - - - - - - <link linkend="APP-PGDUMP"><application>pg_dump</></link> - - - - - - Make pg_dump/pg_restore - - - - - - Fix pg_dump to properly dump large objects when - standard_conforming_strings is enabled (Tom Lane) - - - - The previous coding could fail when dumping to an archive file - and then generating script output from pg_restore. - - - - - - pg_restore now emits large-object data in hex format - when generating script output (Tom Lane) - - - - This could cause compatibility problems if the script is then - loaded into a pre-9.0 server. To work around that, restore - directly to the server, instead. - - - - - - Allow pg_dump to dump comments attached to columns - of composite types (Taro Minowa (Higepon)) - - - - - - Make pg_dump - - - These were already provided in custom output mode. - - - - - - pg_restore now complains if any command-line arguments - remain after the switches and optional file name (Tom Lane) - - - - Previously, it silently ignored any such arguments. - - - - - - - - - <link - linkend="app-pg-ctl"><application>pg_ctl</></link> - - - - - - Allow pg_ctl to be used safely to start the - postmaster during a system reboot (Tom Lane) - - - - Previously, pg_ctl's parent process could have been - mistakenly identified as a running postmaster based on - a stale postmaster lock file, resulting in a transient - failure to start the database. - - - - - - Give pg_ctl the ability to initialize the database - (by invoking initdb) (Zdenek Kotala) - - - - - - - - - - - <application>Development Tools</> - - - <link linkend="libpq"><application>libpq</></link> - - - - - - Add new libpq functions - PQconnectdbParams() - and PQconnectStartParams() (Guillaume - Lelarge) - - - - These functions are similar to PQconnectdb() and - PQconnectStart() except that they accept a null-terminated - array of connection options, rather than requiring all options to - be provided in a single string. - - - - - - Add libpq functions PQescapeLiteral() - and PQescapeIdentifier() (Robert Haas) - - - - These functions return appropriately quoted and escaped SQL string - literals and identifiers. The caller is not required to pre-allocate - the string result, as is required by PQescapeStringConn(). - - - - - - Add support for a per-user service file (.pg_service.conf), - which is checked before the site-wide service file - (Peter Eisentraut) - - - - - - Properly report an error if the specified libpq service - cannot be found (Peter Eisentraut) - - - - - - Add TCP keepalive settings - in libpq (Tollef Fog Heen, Fujii Masao, Robert Haas) - - - - Keepalive settings were already supported on the server end of - TCP connections. - - - - - - Avoid extra system calls to block and unblock SIGPIPE - in libpq, on platforms that offer alternative methods - (Jeremy Kerr) - - - - - - When a .pgpass-supplied - password fails, mention where the password came from in the error - message (Bruce Momjian) - - - - - - Load all SSL certificates given in the client certificate file - (Tom Lane) - - - - This improves support for indirectly-signed SSL certificates. - - - - - - - - - <link linkend="ecpg"><application>ecpg</></link> - - - - - - Add SQLDA - (SQL Descriptor Area) support to ecpg - (Boszormenyi Zoltan) - - - - - - Add the DESCRIBE - [ OUTPUT ] statement to ecpg - (Boszormenyi Zoltan) - - - - - - Add an ECPGtransactionStatus - function to return the current transaction status (Bernd Helmle) - - - - - - Add the string data type in ecpg - Informix-compatibility mode (Boszormenyi Zoltan) - - - - - - Allow ecpg to use new and old - variable names without restriction (Michael Meskes) - - - - - - Allow ecpg to use variable names in - free() (Michael Meskes) - - - - - - Make ecpg_dynamic_type() return zero for non-SQL3 data - types (Michael Meskes) - - - - Previously it returned the negative of the data type OID. - This could be confused with valid type OIDs, however. - - - - - - Support long long types on platforms that already have 64-bit - long (Michael Meskes) - - - - - - - <application>ecpg</> Cursors - - - - - - Add out-of-scope cursor support in ecpg's native mode - (Boszormenyi Zoltan) - - - - This allows DECLARE to use variables that are not in - scope when OPEN is called. This facility already existed - in ecpg's Informix-compatibility mode. - - - - - - Allow dynamic cursor names in ecpg (Boszormenyi Zoltan) - - - - - - Allow ecpg to use noise words FROM and - IN in FETCH and MOVE (Boszormenyi - Zoltan) - - - - - - - - - - - - - Build Options - - - - - - Enable client thread safety by default (Bruce Momjian) - - - - The thread-safety option can be disabled with configure - - - - - - Add support for controlling the Linux out-of-memory killer - (Alex Hunsaker, Tom Lane) - - - - Now that /proc/self/oom_adj allows disabling - of the Linux out-of-memory (OOM) - killer, it's recommendable to disable OOM kills for the postmaster. - It may then be desirable to re-enable OOM kills for the postmaster's - child processes. The new compile-time option LINUX_OOM_ADJ - allows the killer to be reactivated for child processes. - - - - - - - Makefiles - - - - - - New Makefile targets world, - install-world, and installcheck-world - (Andrew Dunstan) - - - - These are similar to the existing all, install, - and installcheck targets, but they also build the - HTML documentation, build and test contrib, - and test server-side languages and ecpg. - - - - - - Add data and documentation installation location control to - PGXS Makefiles (Mark Cave-Ayland) - - - - - - Add Makefile rules to build the PostgreSQL documentation - as a single HTML file or as a single plain-text file - (Peter Eisentraut, Bruce Momjian) - - - - - - - - - Windows - - - - - - Support compiling on 64-bit - Windows and running in 64-bit - mode (Tsutomu Yamada, Magnus Hagander) - - - - This allows for large shared memory sizes on Windows. - - - - - - Support server builds using Visual Studio - 2008 (Magnus Hagander) - - - - - - - - - - - Source Code - - - - - - Distribute prebuilt documentation in a subdirectory tree, rather than - as tar archive files inside the distribution tarball - (Peter Eisentraut) - - - - For example, the prebuilt HTML documentation is now in - doc/src/sgml/html/; the manual pages are packaged - similarly. - - - - - - Make the server's lexer reentrant (Tom Lane) - - - - This was needed for use of the lexer by PL/pgSQL. - - - - - - Improve speed of memory allocation (Tom Lane, Greg Stark) - - - - - - User-defined constraint triggers now have entries in - pg_constraint as well as pg_trigger - (Tom Lane) - - - - Because of this change, - pg_constraint.pgconstrname is now - redundant and has been removed. - - - - - - Add system catalog columns - pg_constraint.conindid and - pg_trigger.tgconstrindid - to better document the use of indexes for constraint - enforcement (Tom Lane) - - - - - - Allow multiple conditions to be communicated to backends using a single - operating system signal (Fujii Masao) - - - - This allows new features to be added without a platform-specific - constraint on the number of signal conditions. - - - - - - Improve source code test coverage, including contrib, PL/Python, - and PL/Perl (Peter Eisentraut, Andrew Dunstan) - - - - - - Remove the use of flat files for system table bootstrapping - (Tom Lane, Alvaro Herrera) - - - - This improves performance when using many roles or - databases, and eliminates some possible failure conditions. - - - - - - Automatically generate the initial contents of - pg_attribute for bootstrapped catalogs - (John Naylor) - - - - This greatly simplifies changes to these catalogs. - - - - - - Split the processing of - INSERT/UPDATE/DELETE operations out - of execMain.c (Marko Tiikkaja) - - - - Updates are now executed in a separate ModifyTable node. This change is - necessary infrastructure for future improvements. - - - - - - Simplify translation of psql's SQL help text - (Peter Eisentraut) - - - - - - Reduce the lengths of some file names so that all file paths in the - distribution tarball are less than 100 characters (Tom Lane) - - - - Some decompression programs have problems with longer file paths. - - - - - - Add a new ERRCODE_INVALID_PASSWORD - SQLSTATE error code (Bruce Momjian) - - - - - - With authors' permissions, remove the few remaining personal source code - copyright notices (Bruce Momjian) - - - - The personal copyright notices were insignificant but the community - occasionally had to answer questions about them. - - - - - - Add new documentation section - about running PostgreSQL in non-durable mode - to improve performance (Bruce Momjian) - - - - - - Restructure the HTML documentation - Makefile rules to make their dependency checks work - correctly, avoiding unnecessary rebuilds (Peter Eisentraut) - - - - - - Use DocBook XSL stylesheets for man page - building, rather than Docbook2X (Peter Eisentraut) - - - - This changes the set of tools needed to build the man pages. - - - - - - Improve PL/Perl code structure (Tim Bunce) - - - - - - Improve error context reports in PL/Perl (Alexey Klyukin) - - - - - - - New Build Requirements - - - Note that these requirements do not apply when building from a - distribution tarball, since tarballs include the files that these - programs are used to build. - - - - - - Require Autoconf 2.63 to build - configure (Peter Eisentraut) - - - - - - Require Flex 2.5.31 or later to build - from a CVS checkout (Tom Lane) - - - - - - Require Perl version 5.8 or later to build - from a CVS checkout (John Naylor, Andrew Dunstan) - - - - - - - - - Portability - - - - - - Use a more modern API for Bonjour (Tom Lane) - - - - Bonjour support now requires OS X 10.3 or later. - The older API has been deprecated by Apple. - - - - - - Add spinlock support for the SuperH - architecture (Nobuhiro Iwamatsu) - - - - - - Allow non-GCC compilers to use inline functions if - they support them (Kurt Harriman) - - - - - - Remove support for platforms that don't have a working 64-bit - integer data type (Tom Lane) - - - - - - Restructure use of LDFLAGS to be more consistent - across platforms (Tom Lane) - - - - LDFLAGS is now used for linking both executables and shared - libraries, and we add on LDFLAGS_EX when linking - executables, or LDFLAGS_SL when linking shared libraries. - - - - - - - - - Server Programming - - - - - - Make backend header files safe to include in C++ - (Kurt Harriman, Peter Eisentraut) - - - - These changes remove keyword conflicts that previously made - C++ usage difficult in backend code. However, there - are still other complexities when using C++ for backend - functions. extern "C" { } is still necessary in - appropriate places, and memory management and error handling are - still problematic. - - - - - - Add AggCheckCallContext() - for use in detecting if a C function is - being called as an aggregate (Hitoshi Harada) - - - - - - Change calling convention for SearchSysCache() and related - functions to avoid hard-wiring the maximum number of cache keys - (Robert Haas) - - - - Existing calls will still work for the moment, but can be expected to - break in 9.1 or later if not converted to the new style. - - - - - - Require calls of fastgetattr() and - heap_getattr() backend macros to provide a non-NULL fourth - argument (Robert Haas) - - - - - - Custom typanalyze functions should no longer rely on - VacAttrStats.attr to determine the type - of data they will be passed (Tom Lane) - - - - This was changed to allow collection of statistics on index columns - for which the storage type is different from the underlying column - data type. There are new fields that tell the actual datatype being - analyzed. - - - - - - - - - Server Hooks - - - - - - Add parser hooks for processing ColumnRef and ParamRef nodes - (Tom Lane) - - - - - - Add a ProcessUtility hook so loadable modules can control utility - commands (Itagaki Takahiro) - - - - - - - - - Binary Upgrade Support - - - - - - Add contrib/pg_upgrade - to support in-place upgrades (Bruce Momjian) - - - - This avoids the requirement of dumping/reloading the database when - upgrading to a new major release of PostgreSQL, thus reducing downtime - by orders of magnitude. It supports upgrades to 9.0 - from PostgreSQL 8.3 and 8.4. - - - - - - Add support for preserving relation relfilenode values - during binary upgrades (Bruce Momjian) - - - - - - Add support for preserving pg_type - and pg_enum OIDs during binary upgrades - (Bruce Momjian) - - - - - - Move data files within tablespaces into - PostgreSQL-version-specific subdirectories - (Bruce Momjian) - - - - This simplifies binary upgrades. - - - - - - - - - - - Contrib - - - - - - Add multithreading option ( - - - This allows multiple CPUs to be used by pgbench, - reducing the risk of pgbench itself becoming the test bottleneck. - - - - - - Add \shell and \setshell meta - commands to contrib/pgbench - (Michael Paquier) - - - - - - New features for contrib/dict_xsyn - (Sergey Karpov) - - - - The new options are matchorig, matchsynonyms, - and keepsynonyms. - - - - - - Add full text dictionary contrib/unaccent - (Teodor Sigaev) - - - - This filtering dictionary removes accents from letters, which - makes full-text searches over multiple languages much easier. - - - - - - Add dblink_get_notify() - to contrib/dblink (Marcus Kempe) - - - - This allows asynchronous notifications in dblink. - - - - - - Improve contrib/dblink's handling of dropped columns - (Tom Lane) - - - - This affects dblink_build_sql_insert() - and related functions. These functions now number columns according - to logical not physical column numbers. - - - - - - Greatly increase contrib/hstore's data - length limit, and add B-tree and hash support so GROUP - BY and DISTINCT operations are possible on - hstore columns (Andrew Gierth) - - - - New functions and operators were also added. These improvements - make hstore a full-function key-value store embedded in - PostgreSQL. - - - - - - Add contrib/passwordcheck - to support site-specific password strength policies (Laurenz - Albe) - - - - The source code of this module should be modified to implement - site-specific password policies. - - - - - - Add contrib/pg_archivecleanup - tool (Simon Riggs) - - - - This is designed to be used in the - archive_cleanup_command - server parameter, to remove no-longer-needed archive files. - - - - - - Add query text to contrib/auto_explain - output (Andrew Dunstan) - - - - - - Add buffer access counters to contrib/pg_stat_statements - (Itagaki Takahiro) - - - - - - Update contrib/start-scripts/linux - to use /proc/self/oom_adj to disable the - Linux - out-of-memory (OOM) killer (Alex - Hunsaker, Tom Lane) - - - - - - - - diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml deleted file mode 100644 index c443671399..0000000000 --- a/doc/src/sgml/release-9.1.sgml +++ /dev/null @@ -1,11763 +0,0 @@ - - - - - Release 9.1.24 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.1.23. - For information about new features in the 9.1 major release, see - . - - - - This is expected to be the last PostgreSQL release - in the 9.1.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 9.1.24 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - Make ecpg's - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.1.23 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.1.22. - For information about new features in the 9.1 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.1.X release series in September 2016. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.1.23 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - Avoid canceling hot-standby queries during VACUUM FREEZE - (Simon Riggs, Álvaro Herrera) - - - - VACUUM FREEZE on an otherwise-idle master server could - result in unnecessary cancellations of queries on its standby - servers. - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - - Revert to the old heuristic timeout for pg_ctl start -w - (Tom Lane) - - - - The new method adopted as of release 9.1.20 does not work - when silent_mode is enabled, so go back to the old way. - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.1.22 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.1.21. - For information about new features in the 9.1 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.1.X release series in September 2016. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.1.22 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.1.21 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.1.20. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.21 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.1.20 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.1.19. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.20 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - Perform an immediate shutdown if the postmaster.pid file - is removed (Tom Lane) - - - - The postmaster now checks every minute or so - that postmaster.pid is still there and still contains its - own PID. If not, it performs an immediate shutdown, as though it had - received SIGQUIT. The main motivation for this change - is to ensure that failed buildfarm runs will get cleaned up without - manual intervention; but it also serves to limit the bad effects if a - DBA forcibly removes postmaster.pid and then starts a new - postmaster. - - - - - - In SERIALIZABLE transaction isolation mode, serialization - anomalies could be missed due to race conditions during insertions - (Kevin Grittner, Thomas Munro) - - - - - - Fix failure to emit appropriate WAL records when doing ALTER - TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier, - Andres Freund) - - - - Even though the relation's data is unlogged, the move must be logged or - the relation will be inaccessible after a standby is promoted to master. - - - - - - Fix possible misinitialization of unlogged relations at the end of - crash recovery (Andres Freund, Michael Paquier) - - - - - - Fix ALTER COLUMN TYPE to reconstruct inherited check - constraints properly (Tom Lane) - - - - - - Fix REASSIGN OWNED to change ownership of composite types - properly (Álvaro Herrera) - - - - - - Fix REASSIGN OWNED and ALTER OWNER to correctly - update granted-permissions lists when changing owners of data types, - foreign data wrappers, or foreign servers (Bruce Momjian, - Álvaro Herrera) - - - - - - Fix REASSIGN OWNED to ignore foreign user mappings, - rather than fail (Álvaro Herrera) - - - - - - Add more defenses against bad planner cost estimates for GIN index - scans when the index's internal statistics are very out-of-date - (Tom Lane) - - - - - - Make planner cope with hypothetical GIN indexes suggested by an index - advisor plug-in (Julien Rouhaud) - - - - - - Fix dumping of whole-row Vars in ROW() - and VALUES() lists (Tom Lane) - - - - - - Fix possible internal overflow in numeric division - (Dean Rasheed) - - - - - - Fix enforcement of restrictions inside parentheses within regular - expression lookahead constraints (Tom Lane) - - - - Lookahead constraints aren't allowed to contain backrefs, and - parentheses within them are always considered non-capturing, according - to the manual. However, the code failed to handle these cases properly - inside a parenthesized subexpression, and would give unexpected - results. - - - - - - Conversion of regular expressions to indexscan bounds could produce - incorrect bounds from regexps containing lookahead constraints - (Tom Lane) - - - - - - Fix regular-expression compiler to handle loops of constraint arcs - (Tom Lane) - - - - The code added for CVE-2007-4772 was both incomplete, in that it didn't - handle loops involving more than one state, and incorrect, in that it - could cause assertion failures (though there seem to be no bad - consequences of that in a non-assert build). Multi-state loops would - cause the compiler to run until the query was canceled or it reached - the too-many-states error condition. - - - - - - Improve memory-usage accounting in regular-expression compiler - (Tom Lane) - - - - This causes the code to emit regular expression is too - complex errors in some cases that previously used unreasonable - amounts of time and memory. - - - - - - Improve performance of regular-expression compiler (Tom Lane) - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - On Windows, ensure the shared-memory mapping handle gets closed in - child processes that don't need it (Tom Lane, Amit Kapila) - - - - This oversight resulted in failure to recover from crashes - whenever logging_collector is turned on. - - - - - - Fix possible failure to detect socket EOF in non-blocking mode on - Windows (Tom Lane) - - - - It's not entirely clear whether this problem can happen in pre-9.5 - branches, but if it did, the symptom would be that a walsender process - would wait indefinitely rather than noticing a loss of connection. - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - In psql, ensure that libreadline's idea - of the screen size is updated when the terminal window size changes - (Merlin Moncure) - - - - Previously, libreadline did not notice if the window - was resized during query output, leading to strange behavior during - later input of multiline queries. - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - Avoid possible crash in psql's \c command - when previous connection was via Unix socket and command specifies a - new hostname and same username (Tom Lane) - - - - - - In pg_ctl start -w, test child process status directly - rather than relying on heuristics (Tom Lane, Michael Paquier) - - - - Previously, pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five - seconds. But that can fail on heavily-loaded systems, - causing pg_ctl to report incorrectly that the - postmaster failed to start. - - - - Except on Windows, this change also means that a pg_ctl start - -w done immediately after another such command will now reliably - fail, whereas previously it would report success if done within two - seconds of the first command. - - - - - - In pg_ctl start -w, don't attempt to use a wildcard listen - address to connect to the postmaster (Kondo Yuta) - - - - On Windows, pg_ctl would fail to detect postmaster - startup if listen_addresses is set to 0.0.0.0 - or ::, because it would try to use that value verbatim as - the address to connect to, which doesn't work. Instead assume - that 127.0.0.1 or ::1, respectively, is the - right thing to use. - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - In pg_dump and pg_basebackup, adopt - the GNU convention for handling tar-archive members exceeding 8GB - (Tom Lane) - - - - The POSIX standard for tar file format does not allow - archive member files to exceed 8GB, but most modern implementations - of tar support an extension that fixes that. Adopt - this extension so that pg_dump with - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - Ensure that relation option values are properly quoted - in pg_dump (Kouhei Sutou, Tom Lane) - - - - A reloption value that isn't a simple identifier or number could lead - to dump/reload failures due to syntax errors in CREATE statements - issued by pg_dump. This is not an issue with any - reloption currently supported by core PostgreSQL, but - extensions could allow reloptions that cause the problem. - - - - - - Fix pg_upgrade's file-copying code to handle errors - properly on Windows (Bruce Momjian) - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - Improve libpq's handling of out-of-memory situations - (Michael Paquier, Amit Kapila, Heikki Linnakangas) - - - - - - Fix order of arguments - in ecpg-generated typedef statements - (Michael Meskes) - - - - - - Use %g not %f format - in ecpg's PGTYPESnumeric_from_double() - (Tom Lane) - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - Ensure that contrib/pgcrypto's crypt() - function can be interrupted by query cancel (Andreas Karlsson) - - - - - - Accept flex versions later than 2.5.x - (Tom Lane, Michael Paquier) - - - - Now that flex 2.6.0 has been released, the version checks in our build - scripts needed to be adjusted. - - - - - - Install our missing script where PGXS builds can find it - (Jim Nasby) - - - - This allows sane behavior in a PGXS build done on a machine where build - tools such as bison are missing. - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - Add variant regression test expected-output file to match behavior of - current libxml2 (Tom Lane) - - - - The fix for libxml2's CVE-2015-7499 causes it not to - output error context reports in some cases where it used to do so. - This seems to be a bug, but we'll probably have to live with it for - some time, so work around it. - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.1.19 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.1.18. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.19 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - Back-patch 9.3-era addition of per-resource-owner lock caches - (Jeff Janes) - - - - This substantially improves performance when pg_dump - tries to dump a large number of tables. - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - - - Use fuzzy path cost tiebreaking rule in all supported branches (Tom Lane) - - - - This change is meant to avoid platform-specific behavior when - alternative plan choices have effectively-identical estimated costs. - - - - - - Ensure standby promotion trigger files are removed at postmaster - startup (Michael Paquier, Fujii Masao) - - - - This prevents unwanted promotion from occurring if these files appear - in a database backup that is used to initialize a new standby server. - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - Fix PL/Perl to handle non-ASCII error - message texts correctly (Alex Hunsaker) - - - - - - Fix PL/Python crash when returning the string - representation of a record result (Tom Lane) - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - In contrib/isn, fix output of ISBN-13 numbers that begin - with 979 (Fabien Coelho) - - - - EANs beginning with 979 (but not 9790) are considered ISBNs, but they - must be printed in the new 13-digit format, not the 10-digit format. - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - Fix selection of default zlib compression level - in pg_dump's directory output format (Andrew Dunstan) - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - Fix assorted minor memory leaks in pg_dump and other - client-side programs (Michael Paquier) - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.1.18 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.1.17. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.18 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - - - - - Release 9.1.17 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.1.16. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.17 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.16, - see . - - - - - - Changes - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - Allow libpq to use TLS protocol versions beyond v1 - (Noah Misch) - - - - For a long time, libpq was coded so that the only SSL - protocol it would allow was TLS v1. Now that newer TLS versions are - becoming popular, allow it to negotiate the highest commonly-supported - TLS version with the server. (PostgreSQL servers were - already capable of such negotiation, so no change is needed on the - server side.) This is a back-patch of a change already released in - 9.4.0. - - - - - - - - - - Release 9.1.16 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.1.15. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.16 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you use contrib/citext's - regexp_matches() functions, see the changelog entry below - about that. - - - - Also, if you are upgrading from a version earlier than 9.1.14, - see . - - - - - - Changes - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - Fix incorrect declaration of contrib/citext's - regexp_matches() functions (Tom Lane) - - - - These functions should return setof text[], like the core - functions they are wrappers for; but they were incorrectly declared as - returning just text[]. This mistake had two results: first, - if there was no match you got a scalar null result, whereas what you - should get is an empty set (zero rows). Second, the g flag - was effectively ignored, since you would get only one result array even - if there were multiple matches. - - - - While the latter behavior is clearly a bug, there might be applications - depending on the former behavior; therefore the function declarations - will not be changed by default until PostgreSQL 9.5. - In pre-9.5 branches, the old behavior exists in version 1.0 of - the citext extension, while we have provided corrected - declarations in version 1.1 (which is not installed by - default). To adopt the fix in pre-9.5 branches, execute - ALTER EXTENSION citext UPDATE TO '1.1' in each database in - which citext is installed. (You can also update - back to 1.0 if you need to undo that.) Be aware that either update - direction will require dropping and recreating any views or rules that - use citext's regexp_matches() functions. - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - Avoid cannot GetMultiXactIdMembers() during recovery error - (Álvaro Herrera) - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - Ensure tableoid of a foreign table is reported - correctly when a READ COMMITTED recheck occurs after - locking rows in SELECT FOR UPDATE, UPDATE, - or DELETE (Etsuro Fujita) - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - Report WAL flush, not insert, position in IDENTIFY_SYSTEM - replication command (Heikki Linnakangas) - - - - This avoids a possible startup failure - in pg_receivexlog. - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - In pg_dump, fix failure to honor -Z - compression level option together with -Fd - (Michael Paquier) - - - - - - Make pg_dump consider foreign key relationships - between extension configuration tables while choosing dump order - (Gilles Darold, Michael Paquier, Stephen Frost) - - - - This oversight could result in producing dumps that fail to reload - because foreign key constraints are transiently violated. - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - Improve handling of readdir() failures when scanning - directories in initdb and pg_basebackup - (Marco Nenciarini) - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.1.15 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.1.14. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.15 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.14, - see . - - - - - - Changes - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - Avoid possible data corruption if ALTER DATABASE SET - TABLESPACE is used to move a database to a new tablespace and then - shortly later move it back to its original tablespace (Tom Lane) - - - - - - Avoid corrupting tables when ANALYZE inside a transaction - is rolled back (Andres Freund, Tom Lane, Michael Paquier) - - - - If the failing transaction had earlier removed the last index, rule, or - trigger from the table, the table would be left in a corrupted state - with the relevant pg_class flags not set though they - should be. - - - - - - Ensure that unlogged tables are copied correctly - during CREATE DATABASE or ALTER DATABASE SET - TABLESPACE (Pavan Deolasee, Andres Freund) - - - - - - Fix DROP's dependency searching to correctly handle the - case where a table column is recursively visited before its table - (Petr Jelinek, Tom Lane) - - - - This case is only known to arise when an extension creates both a - datatype and a table using that datatype. The faulty code might - refuse a DROP EXTENSION unless CASCADE is - specified, which should not be required. - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - Fix planning of SELECT FOR UPDATE when using a partial - index on a child table (Kyotaro Horiguchi) - - - - In READ COMMITTED mode, SELECT FOR UPDATE must - also recheck the partial index's WHERE condition when - rechecking a recently-updated row to see if it still satisfies the - query's WHERE condition. This requirement was missed if the - index belonged to an inheritance child table, so that it was possible - to incorrectly return rows that no longer satisfy the query condition. - - - - - - Fix corner case wherein SELECT FOR UPDATE could return a row - twice, and possibly miss returning other rows (Tom Lane) - - - - In READ COMMITTED mode, a SELECT FOR UPDATE - that is scanning an inheritance tree could incorrectly return a row - from a prior child table instead of the one it should return from a - later child table. - - - - - - Reject duplicate column names in the referenced-columns list of - a FOREIGN KEY declaration (David Rowley) - - - - This restriction is per SQL standard. Previously we did not reject - the case explicitly, but later on the code would fail with - bizarre-looking errors. - - - - - - Fix bugs in raising a numeric value to a large integral power - (Tom Lane) - - - - The previous code could get a wrong answer, or consume excessive - amounts of time and memory before realizing that the answer must - overflow. - - - - - - In numeric_recv(), truncate away any fractional digits - that would be hidden according to the value's dscale field - (Tom Lane) - - - - A numeric value's display scale (dscale) should - never be less than the number of nonzero fractional digits; but - apparently there's at least one broken client application that - transmits binary numeric values in which that's true. - This leads to strange behavior since the extra digits are taken into - account by arithmetic operations even though they aren't printed. - The least risky fix seems to be to truncate away such hidden - digits on receipt, so that the value is indeed what it prints as. - - - - - - Reject out-of-range numeric timezone specifications (Tom Lane) - - - - Simple numeric timezone specifications exceeding +/- 168 hours (one - week) would be accepted, but could then cause null-pointer dereference - crashes in certain operations. There's no use-case for such large UTC - offsets, so reject them. - - - - - - Fix bugs in tsquery @> tsquery - operator (Heikki Linnakangas) - - - - Two different terms would be considered to match if they had the same - CRC. Also, if the second operand had more terms than the first, it - would be assumed not to be contained in the first; which is wrong - since it might contain duplicate terms. - - - - - - Improve ispell dictionary's defenses against bad affix files (Tom Lane) - - - - - - Allow more than 64K phrases in a thesaurus dictionary (David Boutin) - - - - The previous coding could crash on an oversize dictionary, so this was - deemed a back-patchable bug fix rather than a feature addition. - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - Fix planner problems with nested append relations, such as inherited - tables within UNION ALL subqueries (Tom Lane) - - - - - - Fail cleanly when a GiST index tuple doesn't fit on a page, rather - than going into infinite recursion (Andrew Gierth) - - - - - - Exempt tables that have per-table cost_limit - and/or cost_delay settings from autovacuum's global cost - balancing rules (Álvaro Herrera) - - - - The previous behavior resulted in basically ignoring these per-table - settings, which was unintended. Now, a table having such settings - will be vacuumed using those settings, independently of what is going - on in other autovacuum workers. This may result in heavier total I/O - load than before, so such settings should be re-examined for sanity. - - - - - - Avoid wholesale autovacuuming when autovacuum is nominally off - (Tom Lane) - - - - Even when autovacuum is nominally off, we will still launch autovacuum - worker processes to vacuum tables that are at risk of XID wraparound. - However, such a worker process then proceeded to vacuum all tables in - the target database, if they met the usual thresholds for - autovacuuming. This is at best pretty unexpected; at worst it delays - response to the wraparound threat. Fix it so that if autovacuum is - turned off, workers only do anti-wraparound vacuums and - not any other work. - - - - - - During crash recovery, ensure that unlogged relations are rewritten as - empty and are synced to disk before recovery is considered complete - (Abhijit Menon-Sen, Andres Freund) - - - - This prevents scenarios in which unlogged relations might contain - garbage data following database crash recovery. - - - - - - Fix race condition between hot standby queries and replaying a - full-page image (Heikki Linnakangas) - - - - This mistake could result in transient errors in queries being - executed in hot standby. - - - - - - Fix several cases where recovery logic improperly ignored WAL records - for COMMIT/ABORT PREPARED (Heikki Linnakangas) - - - - The most notable oversight was - that recovery_target_xid could not be used to stop at - a two-phase commit. - - - - - - Avoid creating unnecessary .ready marker files for - timeline history files (Fujii Masao) - - - - - - Fix possible null pointer dereference when an empty prepared statement - is used and the log_statement setting is mod - or ddl (Fujii Masao) - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - Fix SPARC spinlock implementation to ensure correctness if the CPU is - being run in a non-TSO coherency mode, as some non-Solaris kernels do - (Andres Freund) - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - Fix processing of repeated dbname parameters - in PQconnectdbParams() (Alex Shulgin) - - - - Unexpected behavior ensued if the first occurrence - of dbname contained a connection string or URI to be - expanded. - - - - - - Ensure that libpq reports a suitable error message on - unexpected socket EOF (Marko Tiikkaja, Tom Lane) - - - - Depending on kernel behavior, libpq might return an - empty error string rather than something useful when the server - unexpectedly closed the socket. - - - - - - Clear any old error message during PQreset() - (Heikki Linnakangas) - - - - If PQreset() is called repeatedly, and the connection - cannot be re-established, error messages from the failed connection - attempts kept accumulating in the PGconn's error - string. - - - - - - Properly handle out-of-memory conditions while parsing connection - options in libpq (Alex Shulgin, Heikki Linnakangas) - - - - - - Fix array overrun in ecpg's version - of ParseDateTime() (Michael Paquier) - - - - - - In initdb, give a clearer error message if a password - file is specified but is empty (Mats Erik Andersson) - - - - - - Fix psql's \s command to work nicely with - libedit, and add pager support (Stepan Rutz, Tom Lane) - - - - When using libedit rather than readline, \s printed the - command history in a fairly unreadable encoded format, and on recent - libedit versions might fail altogether. Fix that by printing the - history ourselves rather than having the library do it. A pleasant - side-effect is that the pager is used if appropriate. - - - - This patch also fixes a bug that caused newline encoding to be applied - inconsistently when saving the command history with libedit. - Multiline history entries written by older psql - versions will be read cleanly with this patch, but perhaps not - vice versa, depending on the exact libedit versions involved. - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - Fix psql's expanded-mode display to work - consistently when using border = 3 - and linestyle = ascii or unicode - (Stephen Frost) - - - - - - Improve performance of pg_dump when the database - contains many instances of multiple dependency paths between the same - two objects (Tom Lane) - - - - - - Fix possible deadlock during parallel restore of a schema-only dump - (Robert Haas, Tom Lane) - - - - - - Fix core dump in pg_dump --binary-upgrade on zero-column - composite type (Rushabh Lathia) - - - - - - Prevent WAL files created by pg_basebackup -x/-X from - being archived again when the standby is promoted (Andres Freund) - - - - - - Fix upgrade-from-unpackaged script for contrib/citext - (Tom Lane) - - - - - - Fix block number checking - in contrib/pageinspect's get_raw_page() - (Tom Lane) - - - - The incorrect checking logic could prevent access to some pages in - non-main relation forks. - - - - - - Fix contrib/pgcrypto's pgp_sym_decrypt() - to not fail on messages whose length is 6 less than a power of 2 - (Marko Tiikkaja) - - - - - - Fix file descriptor leak in contrib/pg_test_fsync - (Jeff Janes) - - - - This could cause failure to remove temporary files on Windows. - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - Avoid a possible crash in contrib/xml2's - xslt_process() (Mark Simonetti) - - - - libxslt seems to have an undocumented dependency on - the order in which resources are freed; reorder our calls to avoid a - crash. - - - - - - Mark some contrib I/O functions with correct volatility - properties (Tom Lane) - - - - The previous over-conservative marking was immaterial in normal use, - but could cause optimization problems or rejection of valid index - expression definitions. Since the consequences are not large, we've - just adjusted the function definitions in the extension modules' - scripts, without changing version numbers. - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - Detect incompatible OpenLDAP versions during build (Noah Misch) - - - - With OpenLDAP versions 2.4.24 through 2.4.31, - inclusive, PostgreSQL backends can crash at exit. - Raise a warning during configure based on the - compile-time OpenLDAP version number, and test the crashing scenario - in the contrib/dblink regression test. - - - - - - In non-MSVC Windows builds, ensure libpq.dll is installed - with execute permissions (Noah Misch) - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - Update time zone abbreviations lists (Tom Lane) - - - - Add CST (China Standard Time) to our lists. - Remove references to ADT as Arabia Daylight Time, an - abbreviation that's been out of use since 2007; therefore, claiming - there is a conflict with Atlantic Daylight Time doesn't seem - especially helpful. - Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST - (Fiji); we didn't even have them on the proper side of the date line. - - - - - - Update time zone data files to tzdata release 2015a. - - - - The IANA timezone database has adopted abbreviations of the form - AxST/AxDT - for all Australian time zones, reflecting what they believe to be - current majority practice Down Under. These names do not conflict - with usage elsewhere (other than ACST for Acre Summer Time, which has - been in disuse since 1994). Accordingly, adopt these names into - our Default timezone abbreviation set. - The Australia abbreviation set now contains only CST, EAST, - EST, SAST, SAT, and WST, all of which are thought to be mostly - historical usage. Note that SAST has also been changed to be South - Africa Standard Time in the Default abbreviation set. - - - - Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT - (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were - DST law changes in Chile, Mexico, the Turks & Caicos Islands - (America/Grand_Turk), and Fiji. There is a new zone - Pacific/Bougainville for portions of Papua New Guinea. Also, numerous - corrections for historical (pre-1970) time zone data. - - - - - - - - - - Release 9.1.14 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 9.1.13. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.14 - - - A dump/restore is not required for those running 9.1.X. - - - - However, this release corrects an index corruption problem in some GiST - indexes. See the first changelog entry below to find out whether your - installation has been affected and what steps you should take if so. - - - - Also, if you are upgrading from a version earlier than 9.1.11, - see . - - - - - - Changes - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - Don't clear the right-link of a GiST index page while replaying - updates from WAL (Heikki Linnakangas) - - - - This error could lead to transiently wrong answers from GiST index - scans performed in Hot Standby. - - - - - - Fix feedback status when is - turned off on-the-fly (Simon Riggs) - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - Fix could not find pathkey item to sort planner failures - with UNION ALL over subqueries reading from tables with - inheritance children (Tom Lane) - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - Prevent foreign tables from being created with OIDS - when is true - (Etsuro Fujita) - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - Fix client host name lookup when processing pg_hba.conf - entries that specify host names instead of IP addresses (Tom Lane) - - - - Ensure that reverse-DNS lookup failures are reported, instead of just - silently not matching such entries. Also ensure that we make only - one reverse-DNS lookup attempt per connection, not one per host name - entry, which is what previously happened if the lookup attempts failed. - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - Fix tablespace creation WAL replay to work on Windows (MauMau) - - - - - - Fix detection of socket creation failures on Windows (Bruce Momjian) - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - Fix linking of libpython on macOS (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - Fix ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more - than one row, as well as some other array-handling fixes - (Ashutosh Bapat) - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 9.1.13 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 9.1.12. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.13 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.11, - see . - - - - - - Changes - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - Avoid race condition in checking transaction commit status during - receipt of a NOTIFY message (Marko Tiikkaja) - - - - This prevents a scenario wherein a sufficiently fast client might - respond to a notification before database updates made by the - notifier have become visible to the recipient. - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - Improve performance of index endpoint probes during planning (Tom Lane) - - - - This change fixes a significant performance problem that occurred - when there were many not-yet-committed rows at the end of the index, - which is a common situation for indexes on sequentially-assigned - values such as timestamps or sequence-generated identifiers. - - - - - - Fix walsender's failure to shut down cleanly when client - is pg_receivexlog (Fujii Masao) - - - - - - Fix test to see if hot standby connections can be allowed immediately - after a crash (Heikki Linnakangas) - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - Fix memory leak in PL/Perl when returning a composite result, including - multiple-OUT-parameter cases (Alex Hunsaker) - - - - - - Prevent intermittent could not reserve shared memory region - failures on recent Windows versions (MauMau) - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 9.1.12 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 9.1.11. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.12 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.11, - see . - - - - - - Changes - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - Fix bug in determining when recovery has reached consistency - (Tomonari Katsumata, Heikki Linnakangas) - - - - In some cases WAL replay would mistakenly conclude that the database - was already consistent at the start of replay, thus possibly allowing - hot-standby queries before the database was really consistent. Other - symptoms such as PANIC: WAL contains references to invalid - pages were also possible. - - - - - - Fix improper locking of btree index pages while replaying - a VACUUM operation in hot-standby mode (Andres Freund, - Heikki Linnakangas, Tom Lane) - - - - This error could result in PANIC: WAL contains references to - invalid pages failures. - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - When pause_at_recovery_target - and recovery_target_inclusive are both set, ensure the - target record is applied before pausing, not after (Heikki - Linnakangas) - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - Fix race conditions in walsender shutdown logic and walreceiver - SIGHUP signal handler (Tom Lane) - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - Allow keywords that are type names to be used in lists of roles - (Stephen Frost) - - - - A previous patch allowed such keywords to be used without quoting - in places such as role identifiers; but it missed cases where a - list of role identifiers was permitted, such as DROP ROLE. - - - - - - Fix parser crash for EXISTS(SELECT * FROM - zero_column_table) (Tom Lane) - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - Fix placement of permissions checks in pg_start_backup() - and pg_stop_backup() (Andres Freund, Magnus Hagander) - - - - The previous coding might attempt to do catalog access when it - shouldn't. - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - Fix possible incorrect printing of filenames - in pg_basebackup's verbose mode (Magnus Hagander) - - - - - - Avoid including tablespaces inside PGDATA twice in base backups - (Dimitri Fontaine, Magnus Hagander) - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - Avoid using the deprecated dllwrap tool in Cygwin builds - (Marco Atzeri) - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 9.1.11 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 9.1.10. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.11 - - - A dump/restore is not required for those running 9.1.X. - - - - However, this release corrects a number of potential data corruption - issues. See the first two changelog entries below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 9.1.9, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. Users - upgrading from releases 9.0.4 or 8.4.8 or earlier are not affected, but - all later versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix initialization of pg_clog and pg_subtrans - during hot standby startup (Andres Freund, Heikki Linnakangas) - - - - This bug can cause data loss on standby servers at the moment they - start to accept hot-standby queries, by marking committed transactions - as uncommitted. The likelihood of such corruption is small unless, at - the time of standby startup, the primary server has executed many - updating transactions since its last checkpoint. Symptoms include - missing rows, rows that should have been deleted being still visible, - and obsolete versions of updated rows being still visible alongside - their newer versions. - - - - This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. - Standby servers that have only been running earlier releases are not - at risk. It's recommended that standby servers that have ever run any - of the buggy releases be re-cloned from the primary (e.g., with a new - base backup) after upgrading. - - - - - - Truncate pg_multixact contents during WAL replay - (Andres Freund) - - - - This avoids ever-increasing disk space consumption in standby servers. - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix incorrect generation of optimized MIN()/MAX() plans for - inheritance trees (Tom Lane) - - - - The planner could fail in cases where the MIN()/MAX() argument was an - expression rather than a simple variable. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Make ecpg search for quoted cursor names - case-sensitively (Zoltán Böszörményi) - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 9.1.10 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 9.1.9. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.10 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.9, - see . - - - - - - Changes - - - - - - Prevent corruption of multi-byte characters when attempting to - case-fold identifiers (Andrew Dunstan) - - - - PostgreSQL case-folds non-ASCII characters only - when using a single-byte server encoding. - - - - - - Fix checkpoint memory leak in background writer when wal_level = - hot_standby (Naoya Anzai) - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Fix memory overcommit bug when work_mem is using more - than 24GB of memory (Stephen Frost) - - - - - - Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Fix possible SSL state corruption in threaded libpq applications - (Nick Phillips, Stephen Frost) - - - - - - Properly compute row estimates for boolean columns containing many NULL - values (Andrew Gierth) - - - - Previously tests like col IS NOT TRUE and col IS - NOT FALSE did not properly factor in NULL values when estimating - plan costs. - - - - - - Prevent pushing down WHERE clauses into unsafe - UNION/INTERSECT subqueries (Tom Lane) - - - - Subqueries of a UNION or INTERSECT that - contain set-returning functions or volatile functions in their - SELECT lists could be improperly optimized, leading to - run-time errors or incorrect query results. - - - - - - Fix rare case of failed to locate grouping columns - planner failure (Tom Lane) - - - - - - Fix pg_dump of foreign tables with dropped columns (Andrew Dunstan) - - - - Previously such cases could cause a pg_upgrade error. - - - - - - Reorder pg_dump processing of extension-related - rules and event triggers (Joe Conway) - - - - - - Force dumping of extension tables if specified by pg_dump - -t or -n (Joe Conway) - - - - - - Improve view dumping code's handling of dropped columns in referenced - tables (Tom Lane) - - - - - - Fix pg_restore -l with the directory archive to display - the correct format name (Fujii Masao) - - - - - - Properly record index comments created using UNIQUE - and PRIMARY KEY syntax (Andres Freund) - - - - This fixes a parallel pg_restore failure. - - - - - - Properly guarantee transmission of WAL files before clean switchover - (Fujii Masao) - - - - Previously, the streaming replication connection might close before all - WAL files had been replayed on the standby. - - - - - - Fix WAL segment timeline handling during recovery (Mitsumasa Kondo, - Heikki Linnakangas) - - - - WAL file recycling during standby recovery could lead to premature - recovery completion, resulting in data loss. - - - - - - Fix REINDEX TABLE and REINDEX DATABASE - to properly revalidate constraints and mark invalidated indexes as - valid (Noah Misch) - - - - REINDEX INDEX has always worked properly. - - - - - - Fix possible deadlock during concurrent CREATE INDEX - CONCURRENTLY operations (Tom Lane) - - - - - - Fix regexp_matches() handling of zero-length matches - (Jeevan Chalke) - - - - Previously, zero-length matches like '^' could return too many matches. - - - - - - Fix crash for overly-complex regular expressions (Heikki Linnakangas) - - - - - - Fix regular expression match failures for back references combined with - non-greedy quantifiers (Jeevan Chalke) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Allow ALTER DEFAULT PRIVILEGES to operate on schemas - without requiring CREATE permission (Tom Lane) - - - - - - Loosen restriction on keywords used in queries (Tom Lane) - - - - Specifically, lessen keyword restrictions for role names, language - names, EXPLAIN and COPY options, and - SET values. This allows COPY ... (FORMAT - BINARY) to work as expected; previously BINARY needed - to be quoted. - - - - - - Fix pgp_pub_decrypt() so it works for secret keys with - passwords (Marko Kreen) - - - - - - Make pg_upgrade use pg_dump - --quote-all-identifiers to avoid problems with keyword changes - between releases (Tom Lane) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - Ensure that VACUUM ANALYZE still runs the ANALYZE phase - if its attempt to truncate the file is cancelled due to lock conflicts - (Kevin Grittner) - - - - - - Avoid possible failure when performing transaction control commands (e.g - ROLLBACK) in prepared queries (Tom Lane) - - - - - - Ensure that floating-point data input accepts standard spellings - of infinity on all platforms (Tom Lane) - - - - The C99 standard says that allowable spellings are inf, - +inf, -inf, infinity, - +infinity, and -infinity. Make sure we - recognize these even if the platform's strtod function - doesn't. - - - - - - Expand ability to compare rows to records and arrays (Rafal Rzepecki, - Tom Lane) - - - - - - Update time zone data files to tzdata release 2013d - for DST law changes in Israel, Morocco, Palestine, and Paraguay. - Also, historical zone data corrections for Macquarie Island. - - - - - - - - - - Release 9.1.9 - - - Release date: - 2013-04-04 - - - - This release contains a variety of fixes from 9.1.8. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.9 - - - A dump/restore is not required for those running 9.1.X. - - - - However, this release corrects several errors in management of GiST - indexes. After installing this update, it is advisable to - REINDEX any GiST indexes that meet one or more of the - conditions described below. - - - - Also, if you are upgrading from a version earlier than 9.1.6, - see . - - - - - - Changes - - - - - - Fix insecure parsing of server command-line switches (Mitsumasa - Kondo, Kyotaro Horiguchi) - - - - A connection request containing a database name that begins with - - could be crafted to damage or destroy - files within the server's data directory, even if the request is - eventually rejected. (CVE-2013-1899) - - - - - - Reset OpenSSL randomness state in each postmaster child process - (Marko Kreen) - - - - This avoids a scenario wherein random numbers generated by - contrib/pgcrypto functions might be relatively easy for - another database user to guess. The risk is only significant when - the postmaster is configured with ssl = on - but most connections don't use SSL encryption. (CVE-2013-1900) - - - - - - Make REPLICATION privilege checks test current user not authenticated - user (Noah Misch) - - - - An unprivileged database user could exploit this mistake to call - pg_start_backup() or pg_stop_backup(), - thus possibly interfering with creation of routine backups. - (CVE-2013-1901) - - - - - - Fix GiST indexes to not use fuzzy geometric comparisons when - it's not appropriate to do so (Alexander Korotkov) - - - - The core geometric types perform comparisons using fuzzy - equality, but gist_box_same must do exact comparisons, - else GiST indexes using it might become inconsistent. After installing - this update, users should REINDEX any GiST indexes on - box, polygon, circle, or point - columns, since all of these use gist_box_same. - - - - - - Fix erroneous range-union and penalty logic in GiST indexes that use - contrib/btree_gist for variable-width data types, that is - text, bytea, bit, and numeric - columns (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in useless - index bloat. Users are advised to REINDEX such indexes - after installing this update. - - - - - - Fix bugs in GiST page splitting code for multi-column indexes - (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in indexes - that are unnecessarily inefficient to search. Users are advised to - REINDEX multi-column GiST indexes after installing this - update. - - - - - - Fix gist_point_consistent - to handle fuzziness consistently (Alexander Korotkov) - - - - Index scans on GiST indexes on point columns would sometimes - yield results different from a sequential scan, because - gist_point_consistent disagreed with the underlying - operator code about whether to do comparisons exactly or fuzzily. - - - - - - Fix buffer leak in WAL replay (Heikki Linnakangas) - - - - This bug could result in incorrect local pin count errors - during replay, making recovery impossible. - - - - - - Fix race condition in DELETE RETURNING (Tom Lane) - - - - Under the right circumstances, DELETE RETURNING could - attempt to fetch data from a shared buffer that the current process - no longer has any pin on. If some other process changed the buffer - meanwhile, this would lead to garbage RETURNING output, or - even a crash. - - - - - - Fix infinite-loop risk in regular expression compilation (Tom Lane, - Don Porter) - - - - - - Fix potential null-pointer dereference in regular expression compilation - (Tom Lane) - - - - - - Fix to_char() to use ASCII-only case-folding rules where - appropriate (Tom Lane) - - - - This fixes misbehavior of some template patterns that should be - locale-independent, but mishandled I and - i in Turkish locales. - - - - - - Fix unwanted rejection of timestamp 1999-12-31 24:00:00 - (Tom Lane) - - - - - - Fix logic error when a single transaction does UNLISTEN - then LISTEN (Tom Lane) - - - - The session wound up not listening for notify events at all, though it - surely should listen in this case. - - - - - - Fix possible planner crash after columns have been added to a view - that's depended on by another view (Tom Lane) - - - - - - Remove useless picksplit doesn't support secondary split log - messages (Josh Hansen, Tom Lane) - - - - This message seems to have been added in expectation of code that was - never written, and probably never will be, since GiST's default - handling of secondary splits is actually pretty good. So stop nagging - end users about it. - - - - - - Fix possible failure to send a session's last few transaction - commit/abort counts to the statistics collector (Tom Lane) - - - - - - Eliminate memory leaks in PL/Perl's spi_prepare() function - (Alex Hunsaker, Tom Lane) - - - - - - Fix pg_dumpall to handle database names containing - = correctly (Heikki Linnakangas) - - - - - - Avoid crash in pg_dump when an incorrect connection - string is given (Heikki Linnakangas) - - - - - - Ignore invalid indexes in pg_dump and - pg_upgrade (Michael Paquier, Bruce Momjian) - - - - Dumping invalid indexes can cause problems at restore time, for example - if the reason the index creation failed was because it tried to enforce - a uniqueness condition not satisfied by the table's data. Also, if the - index creation is in fact still in progress, it seems reasonable to - consider it to be an uncommitted DDL change, which - pg_dump wouldn't be expected to dump anyway. - pg_upgrade now also skips invalid indexes rather than - failing. - - - - - - In pg_basebackup, include only the current server - version's subdirectory when backing up a tablespace (Heikki - Linnakangas) - - - - - - Add a server version check in pg_basebackup and - pg_receivexlog, so they fail cleanly with version - combinations that won't work (Heikki Linnakangas) - - - - - - Fix contrib/pg_trgm's similarity() function - to return zero for trigram-less strings (Tom Lane) - - - - Previously it returned NaN due to internal division by zero. - - - - - - Update time zone data files to tzdata release 2013b - for DST law changes in Chile, Haiti, Morocco, Paraguay, and some - Russian areas. Also, historical zone data corrections for numerous - places. - - - - Also, update the time zone abbreviation files for recent changes in - Russia and elsewhere: CHOT, GET, - IRKT, KGT, KRAT, MAGT, - MAWT, MSK, NOVT, OMST, - TKT, VLAT, WST, YAKT, - YEKT now follow their current meanings, and - VOLT (Europe/Volgograd) and MIST - (Antarctica/Macquarie) are added to the default abbreviations list. - - - - - - - - - - Release 9.1.8 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 9.1.7. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.8 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.6, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Fix multiple problems in detection of when a consistent database - state has been reached during WAL replay (Fujii Masao, Heikki - Linnakangas, Simon Riggs, Andres Freund) - - - - - - Update minimum recovery point when truncating a relation file (Heikki - Linnakangas) - - - - Once data has been discarded, it's no longer safe to stop recovery at - an earlier point in the timeline. - - - - - - Fix recycling of WAL segments after changing recovery target timeline - (Heikki Linnakangas) - - - - - - Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs) - - - - The need to cancel conflicting hot-standby queries would sometimes be - missed, allowing those queries to see inconsistent data. - - - - - - Prevent recovery pause feature from pausing before users can connect - (Tom Lane) - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Fix performance problems with autovacuum truncation in busy workloads - (Jan Wieck) - - - - Truncation of empty pages at the end of a table requires exclusive - lock, but autovacuum was coded to fail (and release the table lock) - when there are conflicting lock requests. Under load, it is easily - possible that truncation would never occur, resulting in table bloat. - Fix by performing a partial truncation, releasing the lock, then - attempting to re-acquire the lock and continue. This fix also greatly - reduces the average time before autovacuum releases the lock after a - conflicting request arrives. - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Fix error in vacuum_freeze_table_age - implementation (Andres Freund) - - - - In installations that have existed for more than vacuum_freeze_min_age - transactions, this mistake prevented autovacuum from using partial-table - scans, so that a full-table scan would always happen instead. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Fix failure to ignore leftover temporary tables after a server crash - (Tom Lane) - - - - - - Reject out-of-range dates in to_date() (Hitoshi Harada) - - - - - - Fix pg_extension_config_dump() to handle - extension-update cases properly (Tom Lane) - - - - This function will now replace any existing entry for the target - table, making it usable in extension update scripts. - - - - - - Fix PL/Python's handling of functions used as triggers on multiple - tables (Andres Freund) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix possible error if a relation file is removed while - pg_basebackup is running (Heikki Linnakangas) - - - - - - Make pg_dump exclude data of unlogged tables when - running on a hot-standby server (Magnus Hagander) - - - - This would fail anyway because the data is not available on the standby - server, so it seems most convenient to assume - - - - - - Fix pg_upgrade to deal with invalid indexes safely - (Bruce Momjian) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Make ecpglib use translated messages properly - (Chen Huajun) - - - - - - Properly install ecpg_compat and - pgtypes libraries on MSVC (Jiang Guiqing) - - - - - - Include our version of isinf() in - libecpg if it's not provided by the system - (Jiang Guiqing) - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 9.1.7 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 9.1.6. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.7 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.6, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE INDEX - CONCURRENTLY (Andres Freund, Tom Lane) - - - - Fix CREATE INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - - - Fix buffer locking during WAL replay (Tom Lane) - - - - The WAL replay code was insufficiently careful about locking buffers - when replaying WAL records that affect more than one page. This could - result in hot standby queries transiently seeing inconsistent states, - resulting in wrong answers or unexpected failures. - - - - - - Fix an error in WAL generation logic for GIN indexes (Tom Lane) - - - - This could result in index corruption, if a torn-page failure occurred. - - - - - - Properly remove startup process's virtual XID lock when promoting a - hot standby server to normal running (Simon Riggs) - - - - This oversight could prevent subsequent execution of certain - operations such as CREATE INDEX CONCURRENTLY. - - - - - - Avoid bogus out-of-sequence timeline ID errors in standby - mode (Heikki Linnakangas) - - - - - - Prevent the postmaster from launching new child processes after it's - received a shutdown signal (Tom Lane) - - - - This mistake could result in shutdown taking longer than it should, or - even never completing at all without additional user action. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Prevent file descriptors for dropped tables from being held open past - transaction end (Tom Lane) - - - - This should reduce problems with long-since-dropped tables continuing - to occupy disk space. - - - - - - Prevent database-wide crash and restart when a new child process is - unable to create a pipe for its latch (Tom Lane) - - - - Although the new process must fail, there is no good reason to force a - database-wide restart, so avoid that. This improves robustness when - the kernel is nearly out of file descriptors. - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - - - - - - Fix SELECT DISTINCT with index-optimized - MIN/MAX on an inheritance tree (Tom Lane) - - - - The planner would fail with failed to re-find MinMaxAggInfo - record given this combination of factors. - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to a trigger WHEN condition, or to the - precheck logic for a foreign-key enforcement trigger. That could - result in a crash, or in an incorrect decision about whether to - fire the trigger. - - - - - - Fix ALTER COLUMN TYPE to handle inherited check - constraints properly (Pavan Deolasee) - - - - This worked correctly in pre-8.4 releases, and now works correctly - in 8.4 and later. - - - - - - Fix ALTER EXTENSION SET SCHEMA's failure to move some - subsidiary objects into the new schema (Álvaro Herrera, Dimitri - Fontaine) - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Fix failure to advance XID epoch if XID wraparound happens during a - checkpoint and wal_level is hot_standby - (Tom Lane, Andres Freund) - - - - While this mistake had no particular impact on - PostgreSQL itself, it was bad for - applications that rely on txid_current() and related - functions: the TXID value would appear to go backwards. - - - - - - Fix display of - pg_stat_replication.sync_state at a - page boundary (Kyotaro Horiguchi) - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - Fix race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Make pg_dump dump SEQUENCE SET items in - the data not pre-data section of the archive (Tom Lane) - - - - This change fixes dumping of sequences that are marked as extension - configuration tables. - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix tar files emitted by pg_basebackup to - be POSIX conformant (Brian Weaver, Tom Lane) - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Fix ecpg's ecpg_get_data function to - handle arrays properly (Michael Meskes) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Ensure that make install for an extension creates the - extension installation directory (Cédric Villemain) - - - - Previously, this step was missed if MODULEDIR was set in - the extension's Makefile. - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 9.1.6 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 9.1.5. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.6 - - - A dump/restore is not required for those running 9.1.X. - - - - However, you may need to perform REINDEX operations to - recover from the effects of the data corruption bug described in the - first changelog item below. - - - - Also, if you are upgrading from a version earlier than 9.1.4, - see . - - - - - - Changes - - - - - - Fix persistence marking of shared buffers during WAL replay - (Jeff Davis) - - - - This mistake can result in buffers not being written out during - checkpoints, resulting in data corruption if the server later crashes - without ever having written those buffers. Corruption can occur on - any server following crash recovery, but it is significantly more - likely to occur on standby slave servers since those perform much - more WAL replay. There is a low probability of corruption of btree - and GIN indexes. There is a much higher probability of corruption of - table visibility maps. Fortunately, visibility maps are - non-critical data in 9.1, so the worst consequence of such corruption - in 9.1 installations is transient inefficiency of vacuuming. Table - data proper cannot be corrupted by this bug. - - - - While no index corruption due to this bug is known to have occurred - in the field, as a precautionary measure it is recommended that - production installations REINDEX all btree and GIN - indexes at a convenient time after upgrading to 9.1.6. - - - - Also, if you intend to do an in-place upgrade to 9.2.X, before doing - so it is recommended to perform a VACUUM of all tables - while having vacuum_freeze_table_age - set to zero. This will ensure that any lingering wrong data in the - visibility maps is corrected before 9.2.X can depend on it. vacuum_cost_delay - can be adjusted to reduce the performance impact of vacuuming, while - causing it to take longer to finish. - - - - - - Fix planner's assignment of executor parameters, and fix executor's - rescan logic for CTE plan nodes (Tom Lane) - - - - These errors could result in wrong answers from queries that scan the - same WITH subquery multiple times. - - - - - - Fix misbehavior when default_transaction_isolation - is set to serializable (Kevin Grittner, Tom Lane, Heikki - Linnakangas) - - - - Symptoms include crashes at process start on Windows, and crashes in - hot standby operation. - - - - - - Improve selectivity estimation for text search queries involving - prefixes, i.e. word:* patterns (Tom Lane) - - - - - - Improve page-splitting decisions in GiST indexes (Alexander Korotkov, - Robert Haas, Tom Lane) - - - - Multi-column GiST indexes might suffer unexpected bloat due to this - error. - - - - - - Fix cascading privilege revoke to stop if privileges are still held - (Tom Lane) - - - - If we revoke a grant option from some role X, but - X still holds that option via a grant from someone - else, we should not recursively revoke the corresponding privilege - from role(s) Y that X had granted it - to. - - - - - - Disallow extensions from containing the schema they are assigned to - (Thom Brown) - - - - This situation creates circular dependencies that confuse - pg_dump and probably other things. It's confusing - for humans too, so disallow it. - - - - - - Improve error messages for Hot Standby misconfiguration errors - (Gurjeet Singh) - - - - - - Make configure probe for mbstowcs_l (Tom - Lane) - - - - This fixes build failures on some versions of AIX. - - - - - - Fix handling of SIGFPE when PL/Perl is in use (Andres Freund) - - - - Perl resets the process's SIGFPE handler to - SIG_IGN, which could result in crashes later on. Restore - the normal Postgres signal handler after initializing PL/Perl. - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Fix bugs in contrib/pg_trgm's LIKE pattern - analysis code (Fujii Masao) - - - - LIKE queries using a trigram index could produce wrong - results if the pattern contained LIKE escape characters. - - - - - - Fix pg_upgrade's handling of line endings on Windows - (Andrew Dunstan) - - - - Previously, pg_upgrade might add or remove carriage - returns in places such as function bodies. - - - - - - On Windows, make pg_upgrade use backslash path - separators in the scripts it emits (Andrew Dunstan) - - - - - - Remove unnecessary dependency on pg_config from - pg_upgrade (Peter Eisentraut) - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 9.1.5 - - - Release date: - 2012-08-17 - - - - This release contains a variety of fixes from 9.1.4. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.5 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.4, - see . - - - - - - Changes - - - - - - Prevent access to external files/URLs via XML entity references - (Noah Misch, Tom Lane) - - - - xml_parse() would attempt to fetch external files or - URLs as needed to resolve DTD and entity references in an XML value, - thus allowing unprivileged database users to attempt to fetch data - with the privileges of the database server. While the external data - wouldn't get returned directly to the user, portions of it could be - exposed in error messages if the data didn't parse as valid XML; and - in any case the mere ability to check existence of a file might be - useful to an attacker. (CVE-2012-3489) - - - - - - Prevent access to external files/URLs via contrib/xml2's - xslt_process() (Peter Eisentraut) - - - - libxslt offers the ability to read and write both - files and URLs through stylesheet commands, thus allowing - unprivileged database users to both read and write data with the - privileges of the database server. Disable that through proper use - of libxslt's security options. (CVE-2012-3488) - - - - Also, remove xslt_process()'s ability to fetch documents - and stylesheets from external files/URLs. While this was a - documented feature, it was long regarded as a bad idea. - The fix for CVE-2012-3489 broke that capability, and rather than - expend effort on trying to fix it, we're just going to summarily - remove it. - - - - - - Prevent too-early recycling of btree index pages (Noah Misch) - - - - When we allowed read-only transactions to skip assigning XIDs, we - introduced the possibility that a deleted btree page could be - recycled while a read-only transaction was still in flight to it. - This would result in incorrect index search results. The probability - of such an error occurring in the field seems very low because of the - timing requirements, but nonetheless it should be fixed. - - - - - - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) - - - - If ALTER SEQUENCE was executed on a freshly created or - reset sequence, and then precisely one nextval() call - was made on it, and then the server crashed, WAL replay would restore - the sequence to a state in which it appeared that no - nextval() had been done, thus allowing the first - sequence value to be returned again by the next - nextval() call. In particular this could manifest for - serial columns, since creation of a serial column's sequence - includes an ALTER SEQUENCE OWNED BY step. - - - - - - Fix race condition in enum-type value comparisons (Robert - Haas, Tom Lane) - - - - Comparisons could fail when encountering an enum value added since - the current query started. - - - - - - Fix txid_current() to report the correct epoch when not - in hot standby (Heikki Linnakangas) - - - - This fixes a regression introduced in the previous minor release. - - - - - - Prevent selection of unsuitable replication connections as - the synchronous standby (Fujii Masao) - - - - The master might improperly choose pseudo-servers such as - pg_receivexlog or pg_basebackup - as the synchronous standby, and then wait indefinitely for them. - - - - - - Fix bug in startup of Hot Standby when a master transaction has many - subtransactions (Andres Freund) - - - - This mistake led to failures reported as out-of-order XID - insertion in KnownAssignedXids. - - - - - - Ensure the backup_label file is fsync'd after - pg_start_backup() (Dave Kerr) - - - - - - Fix timeout handling in walsender processes (Tom Lane) - - - - WAL sender background processes neglected to establish a - SIGALRM handler, meaning they would wait forever in - some corner cases where a timeout ought to happen. - - - - - - Wake walsenders after each background flush by walwriter (Andres - Freund, Simon Riggs) - - - - This greatly reduces replication delay when the workload contains - only asynchronously-committed transactions. - - - - - - Fix LISTEN/NOTIFY to cope better with I/O - problems, such as out of disk space (Tom Lane) - - - - After a write failure, all subsequent attempts to send more - NOTIFY messages would fail with messages like - Could not read from file "pg_notify/nnnn" at - offset nnnnn: Success. - - - - - - Only allow autovacuum to be auto-canceled by a directly blocked - process (Tom Lane) - - - - The original coding could allow inconsistent behavior in some cases; - in particular, an autovacuum could get canceled after less than - deadlock_timeout grace period. - - - - - - Improve logging of autovacuum cancels (Robert Haas) - - - - - - Fix log collector so that log_truncate_on_rotation works - during the very first log rotation after server start (Tom Lane) - - - - - - Fix WITH attached to a nested set operation - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Ensure that a whole-row reference to a subquery doesn't include any - extra GROUP BY or ORDER BY columns (Tom Lane) - - - - - - Fix dependencies generated during ALTER TABLE ... ADD - CONSTRAINT USING INDEX (Tom Lane) - - - - This command left behind a redundant pg_depend entry - for the index, which could confuse later operations, notably - ALTER TABLE ... ALTER COLUMN TYPE on one of the indexed - columns. - - - - - - Fix REASSIGN OWNED to work on extensions (Alvaro Herrera) - - - - - - Disallow copying whole-row references in CHECK - constraints and index definitions during CREATE TABLE - (Tom Lane) - - - - This situation can arise in CREATE TABLE with - LIKE or INHERITS. The copied whole-row - variable was incorrectly labeled with the row type of the original - table not the new one. Rejecting the case seems reasonable for - LIKE, since the row types might well diverge later. For - INHERITS we should ideally allow it, with an implicit - coercion to the parent table's row type; but that will require more - work than seems safe to back-patch. - - - - - - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki - Linnakangas, Tom Lane) - - - - - - Fix planner to pass correct collation to operator selectivity - estimators (Tom Lane) - - - - This was not previously required by any core selectivity estimation - function, but third-party code might need it. - - - - - - Fix extraction of common prefixes from regular expressions (Tom Lane) - - - - The code could get confused by quantified parenthesized - subexpressions, such as ^(foo)?bar. This would lead to - incorrect index optimization of searches for such patterns. - - - - - - Fix bugs with parsing signed - hh:mm and - hh:mm:ss - fields in interval constants (Amit Kapila, Tom Lane) - - - - - - Fix pg_dump to better handle views containing partial - GROUP BY lists (Tom Lane) - - - - A view that lists only a primary key column in GROUP BY, - but uses other table columns as if they were grouped, gets marked as - depending on the primary key. Improper handling of such primary key - dependencies in pg_dump resulted in poorly-ordered - dumps, which at best would be inefficient to restore and at worst - could result in outright failure of a parallel - pg_restore run. - - - - - - In PL/Perl, avoid setting UTF8 flag when in SQL_ASCII encoding - (Alex Hunsaker, Kyotaro Horiguchi, Alvaro Herrera) - - - - - - Use Postgres' encoding conversion functions, not Python's, when - converting a Python Unicode string to the server encoding in - PL/Python (Jan Urbanski) - - - - This avoids some corner-case problems, notably that Python doesn't - support all the encodings Postgres does. A notable functional change - is that if the server encoding is SQL_ASCII, you will get the UTF-8 - representation of the string; formerly, any non-ASCII characters in - the string would result in an error. - - - - - - Fix mapping of PostgreSQL encodings to Python encodings in PL/Python - (Jan Urbanski) - - - - - - Report errors properly in contrib/xml2's - xslt_process() (Tom Lane) - - - - - - Update time zone data files to tzdata release 2012e - for DST law changes in Morocco and Tokelau - - - - - - - - - - Release 9.1.4 - - - Release date: - 2012-06-04 - - - - This release contains a variety of fixes from 9.1.3. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.4 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you use the citext data type, and you upgraded - from a previous major release by running pg_upgrade, - you should run CREATE EXTENSION citext FROM unpackaged - to avoid collation-related failures in citext operations. - The same is necessary if you restore a dump from a pre-9.1 database - that contains an instance of the citext data type. - If you've already run the CREATE EXTENSION command before - upgrading to 9.1.4, you will instead need to do manual catalog updates - as explained in the third changelog item below. - - - - Also, if you are upgrading from a version earlier than 9.1.2, - see . - - - - - - Changes - - - - - - Fix incorrect password transformation in - contrib/pgcrypto's DES crypt() function - (Solar Designer) - - - - If a password string contained the byte value 0x80, the - remainder of the password was ignored, causing the password to be much - weaker than it appeared. With this fix, the rest of the string is - properly included in the DES hash. Any stored password values that are - affected by this bug will thus no longer match, so the stored values may - need to be updated. (CVE-2012-2143) - - - - - - Ignore SECURITY DEFINER and SET attributes for - a procedural language's call handler (Tom Lane) - - - - Applying such attributes to a call handler could crash the server. - (CVE-2012-2655) - - - - - - Make contrib/citext's upgrade script fix collations of - citext arrays and domains over citext - (Tom Lane) - - - - Release 9.1.2 provided a fix for collations of citext columns - and indexes in databases upgraded or reloaded from pre-9.1 - installations, but that fix was incomplete: it neglected to handle arrays - and domains over citext. This release extends the module's - upgrade script to handle these cases. As before, if you have already - run the upgrade script, you'll need to run the collation update - commands by hand instead. See the 9.1.2 release notes for more - information about doing this. - - - - - - Allow numeric timezone offsets in timestamp input to be up to - 16 hours away from UTC (Tom Lane) - - - - Some historical time zones have offsets larger than 15 hours, the - previous limit. This could result in dumped data values being rejected - during reload. - - - - - - Fix timestamp conversion to cope when the given time is exactly the - last DST transition time for the current timezone (Tom Lane) - - - - This oversight has been there a long time, but was not noticed - previously because most DST-using zones are presumed to have an - indefinite sequence of future DST transitions. - - - - - - Fix text to name and char to name - casts to perform string truncation correctly in multibyte encodings - (Karl Schnaitter) - - - - - - Fix memory copying bug in to_tsquery() (Heikki Linnakangas) - - - - - - Ensure txid_current() reports the correct epoch when - executed in hot standby (Simon Riggs) - - - - - - Fix planner's handling of outer PlaceHolderVars within subqueries (Tom - Lane) - - - - This bug concerns sub-SELECTs that reference variables coming from the - nullable side of an outer join of the surrounding query. - In 9.1, queries affected by this bug would fail with ERROR: - Upper-level PlaceHolderVar found where not expected. But in 9.0 and - 8.4, you'd silently get possibly-wrong answers, since the value - transmitted into the subquery wouldn't go to null when it should. - - - - - - Fix planning of UNION ALL subqueries with output columns - that are not simple variables (Tom Lane) - - - - Planning of such cases got noticeably worse in 9.1 as a result of a - misguided fix for MergeAppend child's targetlist doesn't match - MergeAppend errors. Revert that fix and do it another way. - - - - - - Fix slow session startup when pg_attribute is very large - (Tom Lane) - - - - If pg_attribute exceeds one-fourth of - shared_buffers, cache rebuilding code that is sometimes - needed during session start would trigger the synchronized-scan logic, - causing it to take many times longer than normal. The problem was - particularly acute if many new sessions were starting at once. - - - - - - Ensure sequential scans check for query cancel reasonably often (Merlin - Moncure) - - - - A scan encountering many consecutive pages that contain no live tuples - would not respond to interrupts meanwhile. - - - - - - Ensure the Windows implementation of PGSemaphoreLock() - clears ImmediateInterruptOK before returning (Tom Lane) - - - - This oversight meant that a query-cancel interrupt received later - in the same query could be accepted at an unsafe time, with - unpredictable but not good consequences. - - - - - - Show whole-row variables safely when printing views or rules - (Abbas Butt, Tom Lane) - - - - Corner cases involving ambiguous names (that is, the name could be - either a table or column name of the query) were printed in an - ambiguous way, risking that the view or rule would be interpreted - differently after dump and reload. Avoid the ambiguous case by - attaching a no-op cast. - - - - - - Fix COPY FROM to properly handle null marker strings that - correspond to invalid encoding (Tom Lane) - - - - A null marker string such as E'\\0' should work, and did - work in the past, but the case got broken in 8.4. - - - - - - Fix EXPLAIN VERBOSE for writable CTEs containing - RETURNING clauses (Tom Lane) - - - - - - Fix PREPARE TRANSACTION to work correctly in the presence - of advisory locks (Tom Lane) - - - - Historically, PREPARE TRANSACTION has simply ignored any - session-level advisory locks the session holds, but this case was - accidentally broken in 9.1. - - - - - - Fix truncation of unlogged tables (Robert Haas) - - - - - - Ignore missing schemas during non-interactive assignments of - search_path (Tom Lane) - - - - This re-aligns 9.1's behavior with that of older branches. Previously - 9.1 would throw an error for nonexistent schemas mentioned in - search_path settings obtained from places such as - ALTER DATABASE SET. - - - - - - Fix bugs with temporary or transient tables used in extension scripts - (Tom Lane) - - - - This includes cases such as a rewriting ALTER TABLE within - an extension update script, since that uses a transient table behind - the scenes. - - - - - - Ensure autovacuum worker processes perform stack depth checking - properly (Heikki Linnakangas) - - - - Previously, infinite recursion in a function invoked by - auto-ANALYZE could crash worker processes. - - - - - - Fix logging collector to not lose log coherency under high load (Andrew - Dunstan) - - - - The collector previously could fail to reassemble large messages if it - got too busy. - - - - - - Fix logging collector to ensure it will restart file rotation - after receiving SIGHUP (Tom Lane) - - - - - - Fix too many LWLocks taken failure in GiST indexes (Heikki - Linnakangas) - - - - - - Fix WAL replay logic for GIN indexes to not fail if the index was - subsequently dropped (Tom Lane) - - - - - - Correctly detect SSI conflicts of prepared transactions after a crash - (Dan Ports) - - - - - - Avoid synchronous replication delay when committing a transaction that - only modified temporary tables (Heikki Linnakangas) - - - - In such a case the transaction's commit record need not be flushed to - standby servers, but some of the code didn't know that and waited for - it to happen anyway. - - - - - - Fix error handling in pg_basebackup - (Thomas Ogrisegg, Fujii Masao) - - - - - - Fix walsender to not go into a busy loop if connection - is terminated (Fujii Masao) - - - - - - Fix memory leak in PL/pgSQL's RETURN NEXT command (Joe - Conway) - - - - - - Fix PL/pgSQL's GET DIAGNOSTICS command when the target - is the function's first variable (Tom Lane) - - - - - - Ensure that PL/Perl package-qualifies the _TD variable - (Alex Hunsaker) - - - - This bug caused trigger invocations to fail when they are nested - within a function invocation that changes the current package. - - - - - - Fix PL/Python functions returning composite types to accept a string - for their result value (Jan Urbanski) - - - - This case was accidentally broken by the 9.1 additions to allow a - composite result value to be supplied in other formats, such as - dictionaries. - - - - - - Fix potential access off the end of memory in psql's - expanded display (\x) mode (Peter Eisentraut) - - - - - - Fix several performance problems in pg_dump when - the database contains many objects (Jeff Janes, Tom Lane) - - - - pg_dump could get very slow if the database contained - many schemas, or if many objects are in dependency loops, or if there - are many owned sequences. - - - - - - Fix memory and file descriptor leaks in pg_restore - when reading a directory-format archive (Peter Eisentraut) - - - - - - Fix pg_upgrade for the case that a database stored in a - non-default tablespace contains a table in the cluster's default - tablespace (Bruce Momjian) - - - - - - In ecpg, fix rare memory leaks and possible overwrite - of one byte after the sqlca_t structure (Peter Eisentraut) - - - - - - Fix contrib/dblink's dblink_exec() to not leak - temporary database connections upon error (Tom Lane) - - - - - - Fix contrib/dblink to report the correct connection name in - error messages (Kyotaro Horiguchi) - - - - - - Fix contrib/vacuumlo to use multiple transactions when - dropping many large objects (Tim Lewis, Robert Haas, Tom Lane) - - - - This change avoids exceeding max_locks_per_transaction when - many objects need to be dropped. The behavior can be adjusted with the - new -l (limit) option. - - - - - - Update time zone data files to tzdata release 2012c - for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland - Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands; - also historical corrections for Canada. - - - - - - - - - - Release 9.1.3 - - - Release date: - 2012-02-27 - - - - This release contains a variety of fixes from 9.1.2. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.3 - - - A dump/restore is not required for those running 9.1.X. - - - - However, if you are upgrading from a version earlier than 9.1.2, - see . - - - - - - Changes - - - - - - Require execute permission on the trigger function for - CREATE TRIGGER (Robert Haas) - - - - This missing check could allow another user to execute a trigger - function with forged input data, by installing it on a table he owns. - This is only of significance for trigger functions marked - SECURITY DEFINER, since otherwise trigger functions run - as the table owner anyway. (CVE-2012-0866) - - - - - - Remove arbitrary limitation on length of common name in SSL - certificates (Heikki Linnakangas) - - - - Both libpq and the server truncated the common name - extracted from an SSL certificate at 32 bytes. Normally this would - cause nothing worse than an unexpected verification failure, but there - are some rather-implausible scenarios in which it might allow one - certificate holder to impersonate another. The victim would have to - have a common name exactly 32 bytes long, and the attacker would have - to persuade a trusted CA to issue a certificate in which the common - name has that string as a prefix. Impersonating a server would also - require some additional exploit to redirect client connections. - (CVE-2012-0867) - - - - - - Convert newlines to spaces in names written in pg_dump - comments (Robert Haas) - - - - pg_dump was incautious about sanitizing object names - that are emitted within SQL comments in its output script. A name - containing a newline would at least render the script syntactically - incorrect. Maliciously crafted object names could present a SQL - injection risk when the script is reloaded. (CVE-2012-0868) - - - - - - Fix btree index corruption from insertions concurrent with vacuuming - (Tom Lane) - - - - An index page split caused by an insertion could sometimes cause a - concurrently-running VACUUM to miss removing index entries - that it should remove. After the corresponding table rows are removed, - the dangling index entries would cause errors (such as could not - read block N in file ...) or worse, silently wrong query results - after unrelated rows are re-inserted at the now-free table locations. - This bug has been present since release 8.2, but occurs so infrequently - that it was not diagnosed until now. If you have reason to suspect - that it has happened in your database, reindexing the affected index - will fix things. - - - - - - Fix transient zeroing of shared buffers during WAL replay (Tom Lane) - - - - The replay logic would sometimes zero and refill a shared buffer, so - that the contents were transiently invalid. In hot standby mode this - can result in a query that's executing in parallel seeing garbage data. - Various symptoms could result from that, but the most common one seems - to be invalid memory alloc request size. - - - - - - Fix handling of data-modifying WITH subplans in - READ COMMITTED rechecking (Tom Lane) - - - - A WITH clause containing - INSERT/UPDATE/DELETE would crash - if the parent UPDATE or DELETE command needed - to be re-evaluated at one or more rows due to concurrent updates - in READ COMMITTED mode. - - - - - - Fix corner case in SSI transaction cleanup - (Dan Ports) - - - - When finishing up a read-write serializable transaction, - a crash could occur if all remaining active serializable transactions - are read-only. - - - - - - Fix postmaster to attempt restart after a hot-standby crash (Tom Lane) - - - - A logic error caused the postmaster to terminate, rather than attempt - to restart the cluster, if any backend process crashed while operating - in hot standby mode. - - - - - - Fix CLUSTER/VACUUM FULL handling of toast - values owned by recently-updated rows (Tom Lane) - - - - This oversight could lead to duplicate key value violates unique - constraint errors being reported against the toast table's index - during one of these commands. - - - - - - Update per-column permissions, not only per-table permissions, when - changing table owner (Tom Lane) - - - - Failure to do this meant that any previously granted column permissions - were still shown as having been granted by the old owner. This meant - that neither the new owner nor a superuser could revoke the - now-untraceable-to-table-owner permissions. - - - - - - Support foreign data wrappers and foreign servers in - REASSIGN OWNED (Alvaro Herrera) - - - - This command failed with unexpected classid errors if - it needed to change the ownership of any such objects. - - - - - - Allow non-existent values for some settings in ALTER - USER/DATABASE SET (Heikki Linnakangas) - - - - Allow default_text_search_config, - default_tablespace, and temp_tablespaces to be - set to names that are not known. This is because they might be known - in another database where the setting is intended to be used, or for the - tablespace cases because the tablespace might not be created yet. The - same issue was previously recognized for search_path, and - these settings now act like that one. - - - - - - Fix unsupported node type error caused by COLLATE - in an INSERT expression (Tom Lane) - - - - - - Avoid crashing when we have problems deleting table files post-commit - (Tom Lane) - - - - Dropping a table should lead to deleting the underlying disk files only - after the transaction commits. In event of failure then (for instance, - because of wrong file permissions) the code is supposed to just emit a - warning message and go on, since it's too late to abort the - transaction. This logic got broken as of release 8.4, causing such - situations to result in a PANIC and an unrestartable database. - - - - - - Recover from errors occurring during WAL replay of DROP - TABLESPACE (Tom Lane) - - - - Replay will attempt to remove the tablespace's directories, but there - are various reasons why this might fail (for example, incorrect - ownership or permissions on those directories). Formerly the replay - code would panic, rendering the database unrestartable without manual - intervention. It seems better to log the problem and continue, since - the only consequence of failure to remove the directories is some - wasted disk space. - - - - - - Fix race condition in logging AccessExclusiveLocks for hot standby - (Simon Riggs) - - - - Sometimes a lock would be logged as being held by transaction - zero. This is at least known to produce assertion failures on - slave servers, and might be the cause of more serious problems. - - - - - - Track the OID counter correctly during WAL replay, even when it wraps - around (Tom Lane) - - - - Previously the OID counter would remain stuck at a high value until the - system exited replay mode. The practical consequences of that are - usually nil, but there are scenarios wherein a standby server that's - been promoted to master might take a long time to advance the OID - counter to a reasonable value once values are needed. - - - - - - Prevent emitting misleading consistent recovery state reached - log message at the beginning of crash recovery (Heikki Linnakangas) - - - - - - Fix initial value of - pg_stat_replication.replay_location - (Fujii Masao) - - - - Previously, the value shown would be wrong until at least one WAL - record had been replayed. - - - - - - Fix regular expression back-references with * attached - (Tom Lane) - - - - Rather than enforcing an exact string match, the code would effectively - accept any string that satisfies the pattern sub-expression referenced - by the back-reference symbol. - - - - A similar problem still afflicts back-references that are embedded in a - larger quantified expression, rather than being the immediate subject - of the quantifier. This will be addressed in a future - PostgreSQL release. - - - - - - Fix recently-introduced memory leak in processing of - inet/cidr values (Heikki Linnakangas) - - - - A patch in the December 2011 releases of PostgreSQL - caused memory leakage in these operations, which could be significant - in scenarios such as building a btree index on such a column. - - - - - - Fix planner's ability to push down index-expression restrictions - through UNION ALL (Tom Lane) - - - - This type of optimization was inadvertently disabled by a fix for - another problem in 9.1.2. - - - - - - Fix planning of WITH clauses referenced in - UPDATE/DELETE on an inherited table - (Tom Lane) - - - - This bug led to could not find plan for CTE failures. - - - - - - Fix GIN cost estimation to handle column IN (...) - index conditions (Marti Raudsepp) - - - - This oversight would usually lead to crashes if such a condition could - be used with a GIN index. - - - - - - Prevent assertion failure when exiting a session with an open, failed - transaction (Tom Lane) - - - - This bug has no impact on normal builds with asserts not enabled. - - - - - - Fix dangling pointer after CREATE TABLE AS/SELECT - INTO in a SQL-language function (Tom Lane) - - - - In most cases this only led to an assertion failure in assert-enabled - builds, but worse consequences seem possible. - - - - - - Avoid double close of file handle in syslogger on Windows (MauMau) - - - - Ordinarily this error was invisible, but it would cause an exception - when running on a debug version of Windows. - - - - - - Fix I/O-conversion-related memory leaks in plpgsql - (Andres Freund, Jan Urbanski, Tom Lane) - - - - Certain operations would leak memory until the end of the current - function. - - - - - - Work around bug in perl's SvPVutf8() function (Andrew Dunstan) - - - - This function crashes when handed a typeglob or certain read-only - objects such as $^V. Make plperl avoid passing those to - it. - - - - - - In pg_dump, don't dump contents of an extension's - configuration tables if the extension itself is not being dumped - (Tom Lane) - - - - - - Improve pg_dump's handling of inherited table columns - (Tom Lane) - - - - pg_dump mishandled situations where a child column has - a different default expression than its parent column. If the default - is textually identical to the parent's default, but not actually the - same (for instance, because of schema search path differences) it would - not be recognized as different, so that after dump and restore the - child would be allowed to inherit the parent's default. Child columns - that are NOT NULL where their parent is not could also be - restored subtly incorrectly. - - - - - - Fix pg_restore's direct-to-database mode for - INSERT-style table data (Tom Lane) - - - - Direct-to-database restores from archive files made with - - - - - - Teach pg_upgrade to handle renaming of - plpython's shared library (Bruce Momjian) - - - - Upgrading a pre-9.1 database that included plpython would fail because - of this oversight. - - - - - - Allow pg_upgrade to process tables containing - regclass columns (Bruce Momjian) - - - - Since pg_upgrade now takes care to preserve - pg_class OIDs, there was no longer any reason for this - restriction. - - - - - - Make libpq ignore ENOTDIR errors - when looking for an SSL client certificate file - (Magnus Hagander) - - - - This allows SSL connections to be established, though without a - certificate, even when the user's home directory is set to something - like /dev/null. - - - - - - Fix some more field alignment issues in ecpg's SQLDA area - (Zoltan Boszormenyi) - - - - - - Allow AT option in ecpg - DEALLOCATE statements (Michael Meskes) - - - - The infrastructure to support this has been there for awhile, but - through an oversight there was still an error check rejecting the case. - - - - - - Do not use the variable name when defining a varchar structure in ecpg - (Michael Meskes) - - - - - - Fix contrib/auto_explain's JSON output mode to produce - valid JSON (Andrew Dunstan) - - - - The output used brackets at the top level, when it should have used - braces. - - - - - - Fix error in contrib/intarray's int[] & - int[] operator (Guillaume Lelarge) - - - - If the smallest integer the two input arrays have in common is 1, - and there are smaller values in either array, then 1 would be - incorrectly omitted from the result. - - - - - - Fix error detection in contrib/pgcrypto's - encrypt_iv() and decrypt_iv() - (Marko Kreen) - - - - These functions failed to report certain types of invalid-input errors, - and would instead return random garbage values for incorrect input. - - - - - - Fix one-byte buffer overrun in contrib/test_parser - (Paul Guyot) - - - - The code would try to read one more byte than it should, which would - crash in corner cases. - Since contrib/test_parser is only example code, this is - not a security issue in itself, but bad example code is still bad. - - - - - - Use __sync_lock_test_and_set() for spinlocks on ARM, if - available (Martin Pitt) - - - - This function replaces our previous use of the SWPB - instruction, which is deprecated and not available on ARMv6 and later. - Reports suggest that the old code doesn't fail in an obvious way on - recent ARM boards, but simply doesn't interlock concurrent accesses, - leading to bizarre failures in multiprocess operation. - - - - - - Use - - - This prevents assorted scenarios wherein recent versions of gcc will - produce creative results. - - - - - - Allow use of threaded Python on FreeBSD (Chris Rees) - - - - Our configure script previously believed that this combination wouldn't - work; but FreeBSD fixed the problem, so remove that error check. - - - - - - Allow MinGW builds to use standardly-named OpenSSL libraries - (Tomasz Ostrowski) - - - - - - - - - - Release 9.1.2 - - - Release date: - 2011-12-05 - - - - This release contains a variety of fixes from 9.1.1. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.2 - - - A dump/restore is not required for those running 9.1.X. - - - - However, a longstanding error was discovered in the definition of the - information_schema.referential_constraints view. If you - rely on correct results from that view, you should replace its - definition as explained in the first changelog item below. - - - - Also, if you use the citext data type, and you upgraded - from a previous major release by running pg_upgrade, - you should run CREATE EXTENSION citext FROM unpackaged - to avoid collation-related failures in citext operations. - The same is necessary if you restore a dump from a pre-9.1 database - that contains an instance of the citext data type. - If you've already run the CREATE EXTENSION command before - upgrading to 9.1.2, you will instead need to do manual catalog updates - as explained in the second changelog item. - - - - - - Changes - - - - - - Fix bugs in information_schema.referential_constraints view - (Tom Lane) - - - - This view was being insufficiently careful about matching the - foreign-key constraint to the depended-on primary or unique key - constraint. That could result in failure to show a foreign key - constraint at all, or showing it multiple times, or claiming that it - depends on a different constraint than the one it really does. - - - - Since the view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can (as a superuser) drop the - information_schema schema then re-create it by sourcing - SHAREDIR/information_schema.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) This must be repeated in each database - to be fixed. - - - - - - Make contrib/citext's upgrade script fix collations of - citext columns and indexes (Tom Lane) - - - - Existing citext columns and indexes aren't correctly marked as - being of a collatable data type during pg_upgrade from - a pre-9.1 server, or when a pre-9.1 dump containing the citext - type is loaded into a 9.1 server. - That leads to operations on these columns failing with errors - such as could not determine which collation to use for string - comparison. This change allows them to be fixed by the same - script that upgrades the citext module into a proper 9.1 - extension during CREATE EXTENSION citext FROM unpackaged. - - - - If you have a previously-upgraded database that is suffering from this - problem, and you already ran the CREATE EXTENSION command, - you can manually run (as superuser) the UPDATE commands - found at the end of - SHAREDIR/extension/citext--unpackaged--1.0.sql. - (Run pg_config --sharedir if you're uncertain where - SHAREDIR is.) - There is no harm in doing this again if unsure. - - - - - - Fix possible crash during UPDATE or DELETE that - joins to the output of a scalar-returning function (Tom Lane) - - - - A crash could only occur if the target row had been concurrently - updated, so this problem surfaced only intermittently. - - - - - - Fix incorrect replay of WAL records for GIN index updates - (Tom Lane) - - - - This could result in transiently failing to find index entries after - a crash, or on a hot-standby server. The problem would be repaired - by the next VACUUM of the index, however. - - - - - - Fix TOAST-related data corruption during CREATE TABLE dest AS - SELECT * FROM src or INSERT INTO dest SELECT * FROM src - (Tom Lane) - - - - If a table has been modified by ALTER TABLE ADD COLUMN, - attempts to copy its data verbatim to another table could produce - corrupt results in certain corner cases. - The problem can only manifest in this precise form in 8.4 and later, - but we patched earlier versions as well in case there are other code - paths that could trigger the same bug. - - - - - - Fix possible failures during hot standby startup (Simon Riggs) - - - - - - Start hot standby faster when initial snapshot is incomplete - (Simon Riggs) - - - - - - Fix race condition during toast table access from stale syscache entries - (Tom Lane) - - - - The typical symptom was transient errors like missing chunk - number 0 for toast value NNNNN in pg_toast_2619, where the cited - toast table would always belong to a system catalog. - - - - - - Track dependencies of functions on items used in parameter default - expressions (Tom Lane) - - - - Previously, a referenced object could be dropped without having dropped - or modified the function, leading to misbehavior when the function was - used. Note that merely installing this update will not fix the missing - dependency entries; to do that, you'd need to CREATE OR - REPLACE each such function afterwards. If you have functions whose - defaults depend on non-built-in objects, doing so is recommended. - - - - - - Fix incorrect management of placeholder variables in nestloop joins - (Tom Lane) - - - - This bug is known to lead to variable not found in subplan target - list planner errors, and could possibly result in wrong query output - when outer joins are involved. - - - - - - Fix window functions that sort by expressions involving aggregates - (Tom Lane) - - - - Previously these could fail with could not find pathkey item to - sort planner errors. - - - - - - Fix MergeAppend child's targetlist doesn't match MergeAppend - planner errors (Tom Lane) - - - - - - Fix index matching for operators with both collatable and noncollatable - inputs (Tom Lane) - - - - In 9.1.0, an indexable operator that has a non-collatable left-hand - input type and a collatable right-hand input type would not be - recognized as matching the left-hand column's index. An example is - the hstore ? text operator. - - - - - - Allow inlining of set-returning SQL functions with multiple OUT - parameters (Tom Lane) - - - - - - Don't trust deferred-unique indexes for join removal (Tom Lane and Marti - Raudsepp) - - - - A deferred uniqueness constraint might not hold intra-transaction, - so assuming that it does could give incorrect query results. - - - - - - Make DatumGetInetP() unpack inet datums that have a 1-byte - header, and add a new macro, DatumGetInetPP(), that does - not (Heikki Linnakangas) - - - - This change affects no core code, but might prevent crashes in add-on - code that expects DatumGetInetP() to produce an unpacked - datum as per usual convention. - - - - - - Improve locale support in money type's input and output - (Tom Lane) - - - - Aside from not supporting all standard - lc_monetary - formatting options, the input and output functions were inconsistent, - meaning there were locales in which dumped money values could - not be re-read. - - - - - - Don't let transform_null_equals - affect CASE foo WHEN NULL ... constructs - (Heikki Linnakangas) - - - - transform_null_equals is only supposed to affect - foo = NULL expressions written directly by the user, not - equality checks generated internally by this form of CASE. - - - - - - Change foreign-key trigger creation order to better support - self-referential foreign keys (Tom Lane) - - - - For a cascading foreign key that references its own table, a row update - will fire both the ON UPDATE trigger and the - CHECK trigger as one event. The ON UPDATE - trigger must execute first, else the CHECK will check a - non-final state of the row and possibly throw an inappropriate error. - However, the firing order of these triggers is determined by their - names, which generally sort in creation order since the triggers have - auto-generated names following the convention - RI_ConstraintTrigger_NNNN. A proper fix would require - modifying that convention, which we will do in 9.2, but it seems risky - to change it in existing releases. So this patch just changes the - creation order of the triggers. Users encountering this type of error - should drop and re-create the foreign key constraint to get its - triggers into the right order. - - - - - - Fix IF EXISTS to work correctly in DROP OPERATOR - FAMILY (Robert Haas) - - - - - - Disallow dropping of an extension from within its own script - (Tom Lane) - - - - This prevents odd behavior in case of incorrect management of extension - dependencies. - - - - - - Don't mark auto-generated types as extension members (Robert Haas) - - - - Relation rowtypes and automatically-generated array types do not need to - have their own extension membership entries in pg_depend, - and creating such entries complicates matters for extension upgrades. - - - - - - Cope with invalid pre-existing search_path settings during - CREATE EXTENSION (Tom Lane) - - - - - - Avoid floating-point underflow while tracking buffer allocation rate - (Greg Matthews) - - - - While harmless in itself, on certain platforms this would result in - annoying kernel log messages. - - - - - - Prevent autovacuum transactions from running in serializable mode - (Tom Lane) - - - - Autovacuum formerly used the cluster-wide default transaction isolation - level, but there is no need for it to use anything higher than READ - COMMITTED, and using SERIALIZABLE could result in unnecessary delays - for other processes. - - - - - - Ensure walsender processes respond promptly to SIGTERM - (Magnus Hagander) - - - - - - Exclude postmaster.opts from base backups - (Magnus Hagander) - - - - - - Preserve configuration file name and line number values when starting - child processes under Windows (Tom Lane) - - - - Formerly, these would not be displayed correctly in the - pg_settings view. - - - - - - Fix incorrect field alignment in ecpg's SQLDA area - (Zoltan Boszormenyi) - - - - - - Preserve blank lines within commands in psql's command - history (Robert Haas) - - - - The former behavior could cause problems if an empty line was removed - from within a string literal, for example. - - - - - - Avoid platform-specific infinite loop in pg_dump - (Steve Singer) - - - - - - Fix compression of plain-text output format in pg_dump - (Adrian Klaver and Tom Lane) - - - - pg_dump has historically understood -Z with - no -F switch to mean that it should emit a gzip-compressed - version of its plain text output. Restore that behavior. - - - - - - Fix pg_dump to dump user-defined casts between - auto-generated types, such as table rowtypes (Tom Lane) - - - - - - Fix missed quoting of foreign server names in pg_dump - (Tom Lane) - - - - - - Assorted fixes for pg_upgrade (Bruce Momjian) - - - - Handle exclusion constraints correctly, avoid failures on Windows, - don't complain about mismatched toast table names in 8.4 databases. - - - - - - In PL/pgSQL, allow foreign tables to define row types - (Alexander Soudakov) - - - - - - Fix up conversions of PL/Perl functions' results - (Alex Hunsaker and Tom Lane) - - - - Restore the pre-9.1 behavior that PL/Perl functions returning - void ignore the result value of their last Perl statement; - 9.1.0 would throw an error if that statement returned a reference. - Also, make sure it works to return a string value for a composite type, - so long as the string meets the type's input format. - In addition, throw errors for attempts to return Perl arrays or hashes - when the function's declared result type is not an array or composite - type, respectively. (Pre-9.1 versions rather uselessly returned - strings like ARRAY(0x221a9a0) or - HASH(0x221aa90) in such cases.) - - - - - - Ensure PL/Perl strings are always correctly UTF8-encoded - (Amit Khandekar and Alex Hunsaker) - - - - - - Use the preferred version of xsubpp to build PL/Perl, - not necessarily the operating system's main copy - (David Wheeler and Alex Hunsaker) - - - - - - Correctly propagate SQLSTATE in PL/Python exceptions - (Mika Eloranta and Jan Urbanski) - - - - - - Do not install PL/Python extension files for Python major versions - other than the one built against (Peter Eisentraut) - - - - - - Change all the contrib extension script files to report - a useful error message if they are fed to psql - (Andrew Dunstan and Tom Lane) - - - - This should help teach people about the new method of using - CREATE EXTENSION to load these files. In most cases, - sourcing the scripts directly would fail anyway, but with - harder-to-interpret messages. - - - - - - Fix incorrect coding in contrib/dict_int and - contrib/dict_xsyn (Tom Lane) - - - - Some functions incorrectly assumed that memory returned by - palloc() is guaranteed zeroed. - - - - - - Remove contrib/sepgsql tests from the regular regression - test mechanism (Tom Lane) - - - - Since these tests require root privileges for setup, they're impractical - to run automatically. Switch over to a manual approach instead, and - provide a testing script to help with that. - - - - - - Fix assorted errors in contrib/unaccent's configuration - file parsing (Tom Lane) - - - - - - Honor query cancel interrupts promptly in pgstatindex() - (Robert Haas) - - - - - - Fix incorrect quoting of log file name in macOS start script - (Sidar Lopez) - - - - - - Revert unintentional enabling of WAL_DEBUG (Robert Haas) - - - - Fortunately, as debugging tools go, this one is pretty cheap; - but it's not intended to be enabled by default, so revert. - - - - - - Ensure VPATH builds properly install all server header files - (Peter Eisentraut) - - - - - - Shorten file names reported in verbose error messages (Peter Eisentraut) - - - - Regular builds have always reported just the name of the C file - containing the error message call, but VPATH builds formerly - reported an absolute path name. - - - - - - Fix interpretation of Windows timezone names for Central America - (Tom Lane) - - - - Map Central America Standard Time to CST6, not - CST6CDT, because DST is generally not observed anywhere in - Central America. - - - - - - Update time zone data files to tzdata release 2011n - for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa; - also historical corrections for Alaska and British East Africa. - - - - - - - - - - Release 9.1.1 - - - Release date: - 2011-09-26 - - - - This release contains a small number of fixes from 9.1.0. - For information about new features in the 9.1 major release, see - . - - - - Migration to Version 9.1.1 - - - A dump/restore is not required for those running 9.1.X. - - - - - - Changes - - - - - - Make pg_options_to_table return NULL for an option with no - value (Tom Lane) - - - - Previously such cases would result in a server crash. - - - - - - Fix memory leak at end of a GiST index scan (Tom Lane) - - - - Commands that perform many separate GiST index scans, such as - verification of a new GiST-based exclusion constraint on a table - already containing many rows, could transiently require large amounts of - memory due to this leak. - - - - - - Fix explicit reference to pg_temp schema in CREATE - TEMPORARY TABLE (Robert Haas) - - - - This used to be allowed, but failed in 9.1.0. - - - - - - - - - - Release 9.1 - - - Release date: - 2011-09-12 - - - - Overview - - - This release shows PostgreSQL moving beyond the - traditional relational-database feature set with new, ground-breaking - functionality that is unique to PostgreSQL. - The streaming replication feature introduced in release 9.0 is - significantly enhanced by adding a synchronous-replication option, - streaming backups, and monitoring improvements. - Major enhancements include: - - - - - - - - - Allow synchronous - replication - - - - - - Add support for foreign - tables - - - - - - Add per-column collation support - - - - - - Add extensions which - simplify packaging of additions to PostgreSQL - - - - - - Add a true serializable isolation level - - - - - - Support unlogged tables using the UNLOGGED - option in CREATE - TABLE - - - - - - Allow data-modification commands - (INSERT/UPDATE/DELETE) in - WITH clauses - - - - - - Add nearest-neighbor (order-by-operator) searching to GiST indexes - - - - - - Add a SECURITY - LABEL command and support for - SELinux permissions control - - - - - - Update the PL/Python server-side - language - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.1 - - - A dump/restore using pg_dump, - or use of pg_upgrade, is required - for those wishing to migrate data from any previous - release. - - - - Version 9.1 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - Strings - - - - - - Change the default value of standard_conforming_strings - to on (Robert Haas) - - - - By default, backslashes are now ordinary characters in string literals, - not escape characters. This change removes a long-standing - incompatibility with the SQL standard. escape_string_warning - has produced warnings about this usage for years. E'' - strings are the proper way to embed backslash escapes in strings and are - unaffected by this change. - - - - - This change can break applications that are not expecting it and - do their own string escaping according to the old rules. The - consequences could be as severe as introducing SQL-injection security - holes. Be sure to test applications that are exposed to untrusted - input, to ensure that they correctly handle single quotes and - backslashes in text strings. - - - - - - - - - - Casting - - - - - - Disallow function-style and attribute-style data type casts for - composite types (Tom Lane) - - - - For example, disallow - composite_value.text and - text(composite_value). - Unintentional uses of this syntax have frequently resulted in bug - reports; although it was not a bug, it seems better to go back to - rejecting such expressions. - The CAST and :: syntaxes are still available - for use when a cast of an entire composite value is actually intended. - - - - - - Tighten casting checks for domains based on arrays (Tom Lane) - - - - When a domain is based on an array type, it is allowed to look - through the domain type to access the array elements, including - subscripting the domain value to fetch or assign an element. - Assignment to an element of such a domain value, for instance via - UPDATE ... SET domaincol[5] = ..., will now result in - rechecking the domain type's constraints, whereas before the checks - were skipped. - - - - - - - - - Arrays - - - - - - Change string_to_array() - to return an empty array for a zero-length string (Pavel - Stehule) - - - - Previously this returned a null value. - - - - - - Change string_to_array() - so a NULL separator splits the string into characters - (Pavel Stehule) - - - - Previously this returned a null value. - - - - - - - - - Object Modification - - - - - - Fix improper checks for before/after triggers (Tom Lane) - - - - Triggers can now be fired in three cases: BEFORE, - AFTER, or INSTEAD OF some action. - Trigger function authors should verify that their logic behaves - sanely in all three cases. - - - - - - Require superuser or CREATEROLE permissions in order to - set comments on roles (Tom Lane) - - - - - - - - - Server Settings - - - - - - Change pg_last_xlog_receive_location() - so it never moves backwards (Fujii Masao) - - - - Previously, the value of pg_last_xlog_receive_location() - could move backward when streaming replication is restarted. - - - - - - Have logging of replication connections honor log_connections - (Magnus Hagander) - - - - Previously, replication connections were always logged. - - - - - - - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Change PL/pgSQL's RAISE command without parameters - to be catchable by the attached exception block (Piyush Newe) - - - - Previously RAISE in a code block was always scoped to - an attached exception block, so it was uncatchable at the same - scope. - - - - - - Adjust PL/pgSQL's error line numbering code to be consistent - with other PLs (Pavel Stehule) - - - - Previously, PL/pgSQL would ignore (not count) an empty line at the - start of the function body. Since this was inconsistent with all - other languages, the special case was removed. - - - - - - Make PL/pgSQL complain about conflicting IN and OUT parameter names - (Tom Lane) - - - - Formerly, the collision was not detected, and the name would just - silently refer to only the OUT parameter. - - - - - - Type modifiers of PL/pgSQL variables are now visible to the SQL parser - (Tom Lane) - - - - A type modifier (such as a varchar length limit) attached to a PL/pgSQL - variable was formerly enforced during assignments, but was ignored for - all other purposes. Such variables will now behave more like table - columns declared with the same modifier. This is not expected to make - any visible difference in most cases, but it could result in subtle - changes for some SQL commands issued by PL/pgSQL functions. - - - - - - - - - Contrib - - - - - - All contrib modules are now installed with CREATE EXTENSION - rather than by manually invoking their SQL scripts - (Dimitri Fontaine, Tom Lane) - - - - To update an existing database containing the 9.0 version of a contrib - module, use CREATE EXTENSION ... FROM unpackaged - to wrap the existing contrib module's objects into an extension. When - updating from a pre-9.0 version, drop the contrib module's objects - using its old uninstall script, then use CREATE EXTENSION. - - - - - - - - - Other Incompatibilities - - - - - - Make pg_stat_reset() - reset all database-level statistics (Tomas Vondra) - - - - Some pg_stat_database counters were not being reset. - - - - - - Fix some information_schema.triggers - column names to match the new SQL-standard names (Dean Rasheed) - - - - - - Treat ECPG cursor names as case-insensitive - (Zoltan Boszormenyi) - - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.1 and the previous major - release. - - - - Server - - - Performance - - - - - - Support unlogged tables using the UNLOGGED - option in CREATE - TABLE (Robert Haas) - - - - Such tables provide better update performance than regular tables, - but are not crash-safe: their contents are automatically cleared in - case of a server crash. Their contents do not propagate to - replication slaves, either. - - - - - - Allow FULL OUTER JOIN to be implemented as a - hash join, and allow either side of a LEFT OUTER JOIN - or RIGHT OUTER JOIN to be hashed (Tom Lane) - - - - Previously FULL OUTER JOIN could only be - implemented as a merge join, and LEFT OUTER JOIN - and RIGHT OUTER JOIN could hash only the nullable - side of the join. These changes provide additional query optimization - possibilities. - - - - - - Merge duplicate fsync requests (Robert Haas, Greg Smith) - - - - This greatly improves performance under heavy write loads. - - - - - - Improve performance of commit_siblings - (Greg Smith) - - - - This allows the use of commit_siblings with - less overhead. - - - - - - Reduce the memory requirement for large ispell dictionaries - (Pavel Stehule, Tom Lane) - - - - - - Avoid leaving data files open after blind writes - (Alvaro Herrera) - - - - This fixes scenarios in which backends might hold files open long - after they were deleted, preventing the kernel from reclaiming - disk space. - - - - - - - - - Optimizer - - - - - - Allow inheritance table scans to return meaningfully-sorted - results (Greg Stark, Hans-Jurgen Schonig, Robert Haas, Tom Lane) - - - - This allows better optimization of queries that use ORDER - BY, LIMIT, or MIN/MAX with - inherited tables. - - - - - - Improve GIN index scan cost estimation (Teodor Sigaev) - - - - - - Improve cost estimation for aggregates and window functions (Tom Lane) - - - - - - - - - Authentication - - - - - - Support host names and host suffixes - (e.g. .example.com) in pg_hba.conf - (Peter Eisentraut) - - - - Previously only host IP addresses and CIDR - values were supported. - - - - - - Support the key word all in the host column of pg_hba.conf - (Peter Eisentraut) - - - - Previously people used 0.0.0.0/0 or ::/0 - for this. - - - - - - Reject local lines in pg_hba.conf - on platforms that don't support Unix-socket connections - (Magnus Hagander) - - - - Formerly, such lines were silently ignored, which could be surprising. - This makes the behavior more like other unsupported cases. - - - - - - Allow GSSAPI - to be used to authenticate to servers via SSPI (Christian Ullrich) - - - - Specifically this allows Unix-based GSSAPI clients - to do SSPI authentication with Windows servers. - - - - - - ident - authentication over local sockets is now known as - peer - (Magnus Hagander) - - - - The old term is still accepted for backward compatibility, but since - the two methods are fundamentally different, it seemed better to adopt - different names for them. - - - - - - Rewrite peer - authentication to avoid use of credential control messages (Tom Lane) - - - - This change makes the peer authentication code simpler and - better-performing. However, it requires the platform to provide the - getpeereid function or an equivalent socket operation. - So far as is known, the only platform for which peer authentication - worked before and now will not is pre-5.0 NetBSD. - - - - - - - - - Monitoring - - - - - - Add details to the logging of restartpoints and checkpoints, - which is controlled by log_checkpoints - (Fujii Masao, Greg Smith) - - - - New details include WAL file and sync activity. - - - - - - Add log_file_mode - which controls the permissions on log files created by the - logging collector (Martin Pihlak) - - - - - - Reduce the default maximum line length for syslog - logging to 900 bytes plus prefixes (Noah Misch) - - - - This avoids truncation of long log lines on syslog implementations - that have a 1KB length limit, rather than the more common 2KB. - - - - - - - - - Statistical Views - - - - - - Add client_hostname column to pg_stat_activity - (Peter Eisentraut) - - - - Previously only the client address was reported. - - - - - - Add pg_stat_xact_* - statistics functions and views (Joel Jacobson) - - - - These are like the database-wide statistics counter views, but - reflect counts for only the current transaction. - - - - - - Add time of last reset in database-level and background writer - statistics views (Tomas Vondra) - - - - - - Add columns showing the number of vacuum and analyze operations - in pg_stat_*_tables - views (Magnus Hagander) - - - - - - Add buffers_backend_fsync column to pg_stat_bgwriter - (Greg Smith) - - - - This new column counts the number of times a backend fsyncs a - buffer. - - - - - - - - - Server Settings - - - - - - Provide auto-tuning of wal_buffers (Greg - Smith) - - - - By default, the value of wal_buffers is now chosen - automatically based on the value of shared_buffers. - - - - - - Increase the maximum values for - deadlock_timeout, - log_min_duration_statement, and - log_autovacuum_min_duration - (Peter Eisentraut) - - - - The maximum value for each of these parameters was previously - only about 35 minutes. Much larger values are now allowed. - - - - - - - - - - - Replication and Recovery - - - Streaming Replication and Continuous Archiving - - - - - - Allow synchronous - replication (Simon Riggs, Fujii Masao) - - - - This allows the primary server to wait for a standby to write a - transaction's information to disk before acknowledging the commit. - One standby at a time can take the role of the synchronous standby, - as controlled by the - synchronous_standby_names - setting. Synchronous replication can be enabled or disabled on a - per-transaction basis using the - synchronous_commit - setting. - - - - - - Add protocol support for sending file system backups to standby servers - using the streaming replication network connection (Magnus Hagander, - Heikki Linnakangas) - - - - This avoids the requirement of manually transferring a file - system backup when setting up a standby server. - - - - - - Add - replication_timeout - setting (Fujii Masao, Heikki Linnakangas) - - - - Replication connections that are idle for more than the - replication_timeout interval will be terminated - automatically. Formerly, a failed connection was typically not - detected until the TCP timeout elapsed, which is inconveniently - long in many situations. - - - - - - Add command-line tool pg_basebackup - for creating a new standby server or database backup (Magnus - Hagander) - - - - - - Add a replication permission - for roles (Magnus Hagander) - - - - This is a read-only permission used for streaming replication. - It allows a non-superuser role to be used for replication connections. - Previously only superusers could initiate replication - connections; superusers still have this permission by default. - - - - - - - - - Replication Monitoring - - - - - - Add system view pg_stat_replication - which displays activity of WAL sender processes (Itagaki - Takahiro, Simon Riggs) - - - - This reports the status of all connected standby servers. - - - - - - Add monitoring function pg_last_xact_replay_timestamp() - (Fujii Masao) - - - - This returns the time at which the primary generated the most - recent commit or abort record applied on the standby. - - - - - - - - - Hot Standby - - - - - - Add configuration parameter hot_standby_feedback - to enable standbys to postpone cleanup of old row versions on the - primary (Simon Riggs) - - - - This helps avoid canceling long-running queries on the standby. - - - - - - Add the pg_stat_database_conflicts - system view to show queries that have been canceled and the - reason (Magnus Hagander) - - - - Cancellations can occur because of dropped tablespaces, lock - timeouts, old snapshots, pinned buffers, and deadlocks. - - - - - - Add a conflicts count to pg_stat_database - (Magnus Hagander) - - - - This is the number of conflicts that occurred in the database. - - - - - - Increase the maximum values for - max_standby_archive_delay and - max_standby_streaming_delay - - - - The maximum value for each of these parameters was previously - only about 35 minutes. Much larger values are now allowed. - - - - - - Add ERRCODE_T_R_DATABASE_DROPPED - error code to report recovery conflicts due to dropped databases - (Tatsuo Ishii) - - - - This is useful for connection pooling software. - - - - - - - - - Recovery Control - - - - - - Add functions to control streaming replication replay (Simon Riggs) - - - - The new functions are pg_xlog_replay_pause(), - pg_xlog_replay_resume(), - and the status function pg_is_xlog_replay_paused(). - - - - - - Add recovery.conf setting - pause_at_recovery_target - to pause recovery at target (Simon Riggs) - - - - This allows a recovery server to be queried to check whether - the recovery point is the one desired. - - - - - - Add the ability to create named restore points using pg_create_restore_point() - (Jaime Casanova) - - - - These named restore points can be specified as recovery - targets using the new recovery.conf setting - recovery_target_name. - - - - - - Allow standby recovery to switch to a new timeline automatically - (Heikki Linnakangas) - - - - Now standby servers scan the archive directory for new - timelines periodically. - - - - - - Add restart_after_crash - setting which disables automatic server restart after a backend - crash (Robert Haas) - - - - This allows external cluster management software to control - whether the database server restarts or not. - - - - - - Allow recovery.conf - to use the same quoting behavior as postgresql.conf - (Dimitri Fontaine) - - - - Previously all values had to be quoted. - - - - - - - - - - - Queries - - - - - - Add a true serializable isolation level - (Kevin Grittner, Dan Ports) - - - - Previously, asking for serializable isolation guaranteed only that a - single MVCC snapshot would be used for the entire transaction, which - allowed certain documented anomalies. The old snapshot isolation - behavior is still available by requesting the REPEATABLE READ - isolation level. - - - - - - Allow data-modification commands - (INSERT/UPDATE/DELETE) in - WITH clauses - (Marko Tiikkaja, Hitoshi Harada) - - - - These commands can use RETURNING to pass data up to the - containing query. - - - - - - Allow WITH - clauses to be attached to INSERT, UPDATE, - DELETE statements (Marko Tiikkaja, Hitoshi Harada) - - - - - - Allow non-GROUP - BY columns in the query target list when the primary - key is specified in the GROUP BY clause (Peter - Eisentraut) - - - - The SQL standard allows this behavior, and - because of the primary key, the result is unambiguous. - - - - - - Allow use of the key word DISTINCT in UNION/INTERSECT/EXCEPT - clauses (Tom Lane) - - - - DISTINCT is the default behavior so use of this - key word is redundant, but the SQL standard allows it. - - - - - - Fix ordinary queries with rules to use the same snapshot behavior - as EXPLAIN ANALYZE (Marko Tiikkaja) - - - - Previously EXPLAIN ANALYZE used slightly different - snapshot timing for queries involving rules. The - EXPLAIN ANALYZE behavior was judged to be more logical. - - - - - - - Strings - - - - - - Add per-column collation support - (Peter Eisentraut, Tom Lane) - - - - Previously collation (the sort ordering of text strings) could only be - chosen at database creation. - Collation can now be set per column, domain, index, or - expression, via the SQL-standard COLLATE clause. - - - - - - - - - - - Object Manipulation - - - - - - Add extensions which - simplify packaging of additions to PostgreSQL - (Dimitri Fontaine, Tom Lane) - - - - Extensions are controlled by the new CREATE/ALTER/DROP EXTENSION - commands. This replaces ad-hoc methods of grouping objects that - are added to a PostgreSQL installation. - - - - - - Add support for foreign - tables (Shigeru Hanada, Robert Haas, Jan Urbanski, - Heikki Linnakangas) - - - - This allows data stored outside the database to be used like - native PostgreSQL-stored data. Foreign tables - are currently read-only, however. - - - - - - Allow new values to be added to an existing enum type via - ALTER TYPE (Andrew - Dunstan) - - - - - - Add ALTER TYPE ... - ADD/DROP/ALTER/RENAME ATTRIBUTE (Peter Eisentraut) - - - - This allows modification of composite types. - - - - - - - <command>ALTER</> Object - - - - - - Add RESTRICT/CASCADE to ALTER TYPE operations - on typed tables (Peter Eisentraut) - - - - This controls - ADD/DROP/ALTER/RENAME - ATTRIBUTE cascading behavior. - - - - - - Support ALTER TABLE name {OF | NOT OF} - type - (Noah Misch) - - - - This syntax allows a standalone table to be made into a typed table, - or a typed table to be made standalone. - - - - - - Add support for more object types in ALTER ... SET - SCHEMA commands (Dimitri Fontaine) - - - - This command is now supported for conversions, operators, operator - classes, operator families, text search configurations, text search - dictionaries, text search parsers, and text search templates. - - - - - - - - - <link linkend="SQL-CREATETABLE"><command>CREATE/ALTER TABLE</></link> - - - - - - Add ALTER TABLE ... - ADD UNIQUE/PRIMARY KEY USING INDEX - (Gurjeet Singh) - - - - This allows a primary key or unique constraint to be defined using an - existing unique index, including a concurrently created unique index. - - - - - - Allow ALTER TABLE - to add foreign keys without validation (Simon Riggs) - - - - The new option is called NOT VALID. The constraint's - state can later be modified to VALIDATED and validation - checks performed. Together these allow you to add a foreign key - with minimal impact on read and write operations. - - - - - - Allow ALTER TABLE - ... SET DATA TYPE to avoid table rewrites in - appropriate cases (Noah Misch, Robert Haas) - - - - For example, converting a varchar column to - text no longer requires a rewrite of the table. - However, increasing the length constraint on a - varchar column still requires a table rewrite. - - - - - - Add CREATE TABLE IF - NOT EXISTS syntax (Robert Haas) - - - - This allows table creation without causing an error if the - table already exists. - - - - - - Fix possible tuple concurrently updated error - when two backends attempt to add an inheritance - child to the same table at the same time (Robert Haas) - - - - ALTER TABLE - now takes a stronger lock on the parent table, so that the sessions - cannot try to update it simultaneously. - - - - - - - - - Object Permissions - - - - - - Add a SECURITY - LABEL command (KaiGai Kohei) - - - - This allows security labels to be assigned to objects. - - - - - - - - - - - Utility Operations - - - - - - Add transaction-level advisory - locks (Marko Tiikkaja) - - - - These are similar to the existing session-level advisory locks, - but such locks are automatically released at transaction end. - - - - - - Make TRUNCATE ... RESTART - IDENTITY restart sequences transactionally (Steve - Singer) - - - - Previously the counter could have been left out of sync if a - backend crashed between the on-commit truncation activity and - commit completion. - - - - - - - <link linkend="SQL-COPY"><command>COPY</></link> - - - - - - Add ENCODING option to COPY TO/FROM (Hitoshi - Harada, Itagaki Takahiro) - - - - This allows the encoding of the COPY file to be - specified separately from client encoding. - - - - - - Add bidirectional COPY - protocol support (Fujii Masao) - - - - This is currently only used by streaming replication. - - - - - - - - - <link linkend="SQL-EXPLAIN"><command>EXPLAIN</></link> - - - - - - Make EXPLAIN VERBOSE show the function call expression - in a FunctionScan node (Tom Lane) - - - - - - - - - <link linkend="SQL-VACUUM"><command>VACUUM</></link> - - - - - - Add additional details to the output of VACUUM FULL VERBOSE - and CLUSTER VERBOSE - (Itagaki Takahiro) - - - - New information includes the live and dead tuple count and - whether CLUSTER is using an index to rebuild. - - - - - - Prevent autovacuum from - waiting if it cannot acquire a table lock (Robert Haas) - - - - It will try to vacuum that table later. - - - - - - - - - <link linkend="SQL-CLUSTER"><command>CLUSTER</></link> - - - - - - Allow CLUSTER to sort the table rather than scanning - the index when it seems likely to be cheaper (Leonardo Francalanci) - - - - - - - - - Indexes - - - - - - Add nearest-neighbor (order-by-operator) searching to GiST indexes (Teodor Sigaev, Tom Lane) - - - - This allows GiST indexes to quickly return the - N closest values in a query with LIMIT. - For example - point '(101,456)' LIMIT 10; -]]> - - finds the ten places closest to a given target point. - - - - - - Allow GIN indexes to index null - and empty values (Tom Lane) - - - - This allows full GIN index scans, and fixes various - corner cases in which GIN scans would fail. - - - - - - Allow GIN indexes to - better recognize duplicate search entries (Tom Lane) - - - - This reduces the cost of index scans, especially in cases where - it avoids unnecessary full index scans. - - - - - - Fix GiST indexes to be fully - crash-safe (Heikki Linnakangas) - - - - Previously there were rare cases where a REINDEX - would be required (you would be informed). - - - - - - - - - - - Data Types - - - - - - Allow numeric to use a more compact, two-byte header - in common cases (Robert Haas) - - - - Previously all numeric values had four-byte headers; - this change saves on disk storage. - - - - - - Add support for dividing money by money - (Andy Balholm) - - - - - - Allow binary I/O on type void (Radoslaw Smogura) - - - - - - Improve hypotenuse calculations for geometric operators (Paul Matthews) - - - - This avoids unnecessary overflows, and may also be more accurate. - - - - - - Support hashing array values (Tom Lane) - - - - This provides additional query optimization possibilities. - - - - - - Don't treat a composite type as sortable unless all its column types - are sortable (Tom Lane) - - - - This avoids possible could not identify a comparison function - failures at runtime, if it is possible to implement the query without - sorting. Also, ANALYZE won't try to use inappropriate - statistics-gathering methods for columns of such composite types. - - - - - - - Casting - - - - - - Add support for casting between money and numeric - (Andy Balholm) - - - - - - Add support for casting from int4 and int8 - to money (Joey Adams) - - - - - - Allow casting a table's row type to the table's supertype if - it's a typed table (Peter Eisentraut) - - - - This is analogous to the existing facility that allows casting a row - type to a supertable's row type. - - - - - - - - - <link linkend="functions-xml"><acronym>XML</></link> - - - - - - Add XML function XMLEXISTS and xpath_exists() - functions (Mike Fowler) - - - - These are used for XPath matching. - - - - - - Add XML functions xml_is_well_formed(), - xml_is_well_formed_document(), - xml_is_well_formed_content() - (Mike Fowler) - - - - These check whether the input is properly-formed XML. - They provide functionality that was previously available only in - the deprecated contrib/xml2 module. - - - - - - - - - - - Functions - - - - - - Add SQL function format(text, ...), which - behaves analogously to C's printf() (Pavel Stehule, - Robert Haas) - - - - It currently supports formats for strings, SQL literals, and - SQL identifiers. - - - - - - Add string functions concat(), - concat_ws(), - left(), - right(), - and reverse() - (Pavel Stehule) - - - - These improve compatibility with other database products. - - - - - - Add function pg_read_binary_file() - to read binary files (Dimitri Fontaine, Itagaki Takahiro) - - - - - - Add a single-parameter version of function pg_read_file() - to read an entire file (Dimitri Fontaine, Itagaki Takahiro) - - - - - - Add three-parameter forms of array_to_string() - and string_to_array() - for null value processing control (Pavel Stehule) - - - - - - - Object Information Functions - - - - - - Add the pg_describe_object() - function (Alvaro Herrera) - - - - This function is used to obtain a human-readable string describing - an object, based on the pg_class - OID, object OID, and sub-object ID. It can be used to help - interpret the contents of pg_depend. - - - - - - Update comments for built-in operators and their underlying - functions (Tom Lane) - - - - Functions that are meant to be used via an associated operator - are now commented as such. - - - - - - Add variable quote_all_identifiers - to force the quoting of all identifiers in EXPLAIN - and in system catalog functions like pg_get_viewdef() - (Robert Haas) - - - - This makes exporting schemas to tools and other databases with - different quoting rules easier. - - - - - - Add columns to the information_schema.sequences - system view (Peter Eisentraut) - - - - Previously, though the view existed, the columns about the - sequence parameters were unimplemented. - - - - - - Allow public as a pseudo-role name in has_table_privilege() - and related functions (Alvaro Herrera) - - - - This allows checking for public permissions. - - - - - - - - - Function and Trigger Creation - - - - - - Support INSTEAD - OF triggers on views (Dean Rasheed) - - - - This feature can be used to implement fully updatable views. - - - - - - - - - - - Server-Side Languages - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Add FOREACH IN - ARRAY to PL/pgSQL - (Pavel Stehule) - - - - This is more efficient and readable than previous methods of - iterating through the elements of an array value. - - - - - - Allow RAISE without parameters to be caught in - the same places that could catch a RAISE ERROR - from the same location (Piyush Newe) - - - - The previous coding threw the error - from the block containing the active exception handler. - The new behavior is more consistent with other DBMS products. - - - - - - - - - <link linkend="plperl">PL/Perl</link> Server-Side Language - - - - - - Allow generic record arguments to PL/Perl functions (Andrew - Dunstan) - - - - PL/Perl functions can now be declared to accept type record. - The behavior is the same as for any named composite type. - - - - - - Convert PL/Perl array arguments to Perl arrays (Alexey Klyukin, - Alex Hunsaker) - - - - String representations are still available. - - - - - - Convert PL/Perl composite-type arguments to Perl hashes - (Alexey Klyukin, Alex Hunsaker) - - - - String representations are still available. - - - - - - - - - <link linkend="plpython">PL/Python</link> Server-Side Language - - - - - - Add table function support for PL/Python (Jan Urbanski) - - - - PL/Python can now return multiple OUT parameters - and record sets. - - - - - - Add a validator to PL/Python (Jan Urbanski) - - - - This allows PL/Python functions to be syntax-checked at function - creation time. - - - - - - Allow exceptions for SQL queries in PL/Python (Jan Urbanski) - - - - This allows access to SQL-generated exception error codes from - PL/Python exception blocks. - - - - - - Add explicit subtransactions to PL/Python (Jan Urbanski) - - - - - - Add PL/Python functions for quoting strings (Jan Urbanski) - - - - These functions are plpy.quote_ident, - plpy.quote_literal, - and plpy.quote_nullable. - - - - - - Add traceback information to PL/Python errors (Jan Urbanski) - - - - - - Report PL/Python errors from iterators with PLy_elog (Jan - Urbanski) - - - - - - Fix exception handling with Python 3 (Jan Urbanski) - - - - Exception classes were previously not available in - plpy under Python 3. - - - - - - - - - - - Client Applications - - - - - - Mark createlang - and droplang - as deprecated now that they just invoke extension commands (Tom - Lane) - - - - - - - <link linkend="APP-PSQL"><application>psql</></link> - - - - - - Add psql command \conninfo - to show current connection information (David Christensen) - - - - - - Add psql command \sf to - show a function's definition (Pavel Stehule) - - - - - - Add psql command \dL to list - languages (Fernando Ike) - - - - - - Add the - - - \dn without S now suppresses system - schemas. - - - - - - Allow psql's \e and \ef - commands to accept a line number to be used to position the - cursor in the editor (Pavel Stehule) - - - - This is passed to the editor according to the - PSQL_EDITOR_LINENUMBER_ARG environment variable. - - - - - - Have psql set the client encoding from the - operating system locale by default (Heikki Linnakangas) - - - - This only happens if the PGCLIENTENCODING environment - variable is not set. - - - - - - Make \d distinguish between unique - indexes and unique constraints (Josh Kupershmidt) - - - - - - Make \dt+ report pg_table_size - instead of pg_relation_size when talking to 9.0 or - later servers (Bernd Helmle) - - - - This is a more useful measure of table size, but note that it is - not identical to what was previously reported in the same display. - - - - - - Additional tab completion support (Itagaki Takahiro, Pavel Stehule, - Andrey Popp, Christoph Berg, David Fetter, Josh Kupershmidt) - - - - - - - - - <link linkend="APP-PGDUMP"><application>pg_dump</></link> - - - - - - Add pg_dump - and pg_dumpall - option - - - - - Add directory format to pg_dump - (Joachim Wieland, Heikki Linnakangas) - - - - This is internally similar to the tar - pg_dump format. - - - - - - - - - <link linkend="APP-PG-CTL"><application>pg_ctl</></link> - - - - - - Fix pg_ctl - so it no longer incorrectly reports that the server is not - running (Bruce Momjian) - - - - Previously this could happen if the server was running but - pg_ctl could not authenticate. - - - - - - Improve pg_ctl start's wait - ( - - - The wait mode is now significantly more robust. It will not get - confused by non-default postmaster port numbers, non-default - Unix-domain socket locations, permission problems, or stale - postmaster lock files. - - - - - - Add promote option to pg_ctl to - switch a standby server to primary (Fujii Masao) - - - - - - - - - - - <application>Development Tools</> - - - <link linkend="libpq"><application>libpq</></link> - - - - - - Add a libpq connection option client_encoding - which behaves like the PGCLIENTENCODING environment - variable (Heikki Linnakangas) - - - - The value auto sets the client encoding based on - the operating system locale. - - - - - - Add PQlibVersion() - function which returns the libpq library version (Magnus - Hagander) - - - - libpq already had PQserverVersion() which returns - the server version. - - - - - - Allow libpq-using clients to - check the user name of the server process - when connecting via Unix-domain sockets, with the new requirepeer - connection option - (Peter Eisentraut) - - - - PostgreSQL already allowed servers to check - the client user name when connecting via Unix-domain sockets. - - - - - - Add PQping() - and PQpingParams() - to libpq (Bruce Momjian, Tom Lane) - - - - These functions allow detection of the server's status without - trying to open a new session. - - - - - - - - - <link linkend="ecpg"><application>ECPG</></link> - - - - - - Allow ECPG to accept dynamic cursor names even in - WHERE CURRENT OF clauses - (Zoltan Boszormenyi) - - - - - - Make ecpglib write double values with a - precision of 15 digits, not 14 as formerly (Akira Kurosawa) - - - - - - - - - - Build Options - - - - - - Use +Olibmerrno compile flag with HP-UX C compilers - that accept it (Ibrar Ahmed) - - - - This avoids possible misbehavior of math library calls on recent - HP platforms. - - - - - - - Makefiles - - - - - - Improved parallel make support (Peter Eisentraut) - - - - This allows for faster compiles. Also, make -k - now works more consistently. - - - - - - Require GNU make - 3.80 or newer (Peter Eisentraut) - - - - This is necessary because of the parallel-make improvements. - - - - - - Add make maintainer-check target - (Peter Eisentraut) - - - - This target performs various source code checks that are not - appropriate for either the build or the regression tests. Currently: - duplicate_oids, SGML syntax and tabs check, NLS syntax check. - - - - - - Support make check in contrib - (Peter Eisentraut) - - - - Formerly only make installcheck worked, but now - there is support for testing in a temporary installation. - The top-level make check-world target now includes - testing contrib this way. - - - - - - - - - Windows - - - - - - On Windows, allow pg_ctl to register - the service as auto-start or start-on-demand (Quan Zongliang) - - - - - - Add support for collecting crash - dumps on Windows (Craig Ringer, Magnus Hagander) - - - - minidumps can now be generated by non-debug - Windows binaries and analyzed by standard debugging tools. - - - - - - Enable building with the MinGW64 compiler (Andrew Dunstan) - - - - This allows building 64-bit Windows binaries even on non-Windows - platforms via cross-compiling. - - - - - - - - - - - Source Code - - - - - - Revise the API for GUC variable assign hooks (Tom Lane) - - - - The previous functions of assign hooks are now split between check - hooks and assign hooks, where the former can fail but the latter - shouldn't. This change will impact add-on modules that define custom - GUC parameters. - - - - - - Add latches to the source code to support waiting for events (Heikki - Linnakangas) - - - - - - Centralize data modification permissions-checking logic - (KaiGai Kohei) - - - - - - Add missing get_object_oid() functions, for consistency - (Robert Haas) - - - - - - Improve ability to use C++ compilers for compiling add-on modules by removing - conflicting key words (Tom Lane) - - - - - - Add support for DragonFly BSD (Rumko) - - - - - - Expose quote_literal_cstr() for backend use - (Robert Haas) - - - - - - Run regression tests in the - default encoding (Peter Eisentraut) - - - - Regression tests were previously always run with - SQL_ASCII encoding. - - - - - - Add src/tools/git_changelog to replace - cvs2cl and pgcvslog (Robert - Haas, Tom Lane) - - - - - - Add git-external-diff script to - src/tools (Bruce Momjian) - - - - This is used to generate context diffs from git. - - - - - - Improve support for building with - Clang (Peter Eisentraut) - - - - - - - Server Hooks - - - - - - Add source code hooks to check permissions (Robert Haas, - Stephen Frost) - - - - - - Add post-object-creation function hooks for use by security - frameworks (KaiGai Kohei) - - - - - - Add a client authentication hook (KaiGai Kohei) - - - - - - - - - - - Contrib - - - - - - Modify contrib modules and procedural - languages to install via the new extension mechanism (Tom Lane, - Dimitri Fontaine) - - - - - - Add contrib/file_fdw - foreign-data wrapper (Shigeru Hanada) - - - - Foreign tables using this foreign data wrapper can read flat files - in a manner very similar to COPY. - - - - - - Add nearest-neighbor search support to contrib/pg_trgm and contrib/btree_gist - (Teodor Sigaev) - - - - - - Add contrib/btree_gist - support for searching on not-equals (Jeff Davis) - - - - - - Fix contrib/fuzzystrmatch's - levenshtein() function to handle multibyte characters - (Alexander Korotkov) - - - - - - Add ssl_cipher() and ssl_version() - functions to contrib/sslinfo (Robert - Haas) - - - - - - Fix contrib/intarray - and contrib/hstore - to give consistent results with indexed empty arrays (Tom Lane) - - - - Previously an empty-array query that used an index might return - different results from one that used a sequential scan. - - - - - - Allow contrib/intarray - to work properly on multidimensional arrays (Tom Lane) - - - - - - In - contrib/intarray, - avoid errors complaining about the presence of nulls in cases where no - nulls are actually present (Tom Lane) - - - - - - In - contrib/intarray, - fix behavior of containment operators with respect to empty arrays - (Tom Lane) - - - - Empty arrays are now correctly considered to be contained in any other - array. - - - - - - Remove contrib/xml2's - arbitrary limit on the number of - parameter=value pairs that can be - handled by xslt_process() (Pavel Stehule) - - - - The previous limit was 10. - - - - - - In contrib/pageinspect, - fix heap_page_item to return infomasks as 32-bit values (Alvaro Herrera) - - - - This avoids returning negative values, which was confusing. The - underlying value is a 16-bit unsigned integer. - - - - - - - Security - - - - - - Add contrib/sepgsql - to interface permission checks with SELinux (KaiGai Kohei) - - - - This uses the new SECURITY LABEL - facility. - - - - - - Add contrib module auth_delay (KaiGai - Kohei) - - - - This causes the server to pause before returning authentication - failure; it is designed to make brute force password attacks - more difficult. - - - - - - Add dummy_seclabel - contrib module (KaiGai Kohei) - - - - This is used for permission regression testing. - - - - - - - - - Performance - - - - - - Add support for LIKE and ILIKE index - searches to contrib/pg_trgm (Alexander - Korotkov) - - - - - - Add levenshtein_less_equal() function to contrib/fuzzystrmatch, - which is optimized for small distances (Alexander Korotkov) - - - - - - Improve performance of index lookups on contrib/seg columns (Alexander - Korotkov) - - - - - - Improve performance of pg_upgrade for - databases with many relations (Bruce Momjian) - - - - - - Add flag to contrib/pgbench to - report per-statement latencies (Florian Pflug) - - - - - - - - - Fsync Testing - - - - - - Move src/tools/test_fsync to contrib/pg_test_fsync - (Bruce Momjian, Tom Lane) - - - - - - Add O_DIRECT support to contrib/pg_test_fsync - (Bruce Momjian) - - - - This matches the use of O_DIRECT by wal_sync_method. - - - - - - Add new tests to contrib/pg_test_fsync - (Bruce Momjian) - - - - - - - - - - - Documentation - - - - - - Extensive ECPG - documentation improvements (Satoshi Nagayasu) - - - - - - Extensive proofreading and documentation improvements - (Thom Brown, Josh Kupershmidt, Susanne Ebrecht) - - - - - - Add documentation for exit_on_error - (Robert Haas) - - - - This parameter causes sessions to exit on any error. - - - - - - Add documentation for pg_options_to_table() - (Josh Berkus) - - - - This function shows table storage options in a readable form. - - - - - - Document that it is possible to access all composite type - fields using (compositeval).* - syntax (Peter Eisentraut) - - - - - - Document that translate() - removes characters in from that don't have a - corresponding to character (Josh Kupershmidt) - - - - - - Merge documentation for CREATE CONSTRAINT TRIGGER and CREATE TRIGGER - (Alvaro Herrera) - - - - - - Centralize permission and upgrade documentation (Bruce Momjian) - - - - - - Add kernel tuning - documentation for Solaris 10 (Josh Berkus) - - - - Previously only Solaris 9 kernel tuning was documented. - - - - - - Handle non-ASCII characters consistently in HISTORY file - (Peter Eisentraut) - - - - While the HISTORY file is in English, we do have to deal - with non-ASCII letters in contributor names. These are now - transliterated so that they are reasonably legible without assumptions - about character set. - - - - - - - - - diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml deleted file mode 100644 index e1bfb2e2b2..0000000000 --- a/doc/src/sgml/release-9.2.sgml +++ /dev/null @@ -1,12201 +0,0 @@ - - - - - Release 9.2.24 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.2.23. - For information about new features in the 9.2 major release, see - . - - - - This is expected to be the last PostgreSQL - release in the 9.2.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 9.2.24 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.22, - see . - - - - - - Changes - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.2.23 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.2.22. - For information about new features in the 9.2 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.2.X release series in September 2017. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.2.23 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.22, - see . - - - - - - Changes - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - - - - - Release 9.2.22 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.2.21. - For information about new features in the 9.2 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.2.X release series in September 2017. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.2.22 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.2.20, - see . - - - - - - Changes - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - Always use - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - Fix unescaped-braces issue in our build scripts for Microsoft MSVC, - to avoid a warning or error from recent Perl versions (Andrew - Dunstan) - - - - - - In MSVC builds, handle the case where the openssl - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - - - - - Release 9.2.21 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.2.20. - For information about new features in the 9.2 major release, see - . - - - - The PostgreSQL community will stop releasing updates - for the 9.2.X release series in September 2017. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.2.21 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.2.20, - see . - - - - - - Changes - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - Support OpenSSL 1.1.0 (Heikki Linnakangas, Andreas Karlsson, Tom Lane) - - - - This is a back-patch of work previously done in newer branches; - it's needed since many platforms are adopting newer OpenSSL versions. - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.2.20 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.2.19. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.20 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - - Fix WAL page header validation when re-reading segments (Takayuki - Tsunakawa, Amit Kapila) - - - - In corner cases, a spurious out-of-sequence TLI error - could be reported during recovery. - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.2.19 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.2.18. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.19 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - Suppress printing of zeroes for unmeasured times - in EXPLAIN (Maksim Milyutin) - - - - Certain option combinations resulted in printing zero values for times - that actually aren't ever measured in that combination. Our general - policy in EXPLAIN is not to print such fields at all, so - do that consistently in all cases. - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - Make ecpg's - - - - - In pg_dump, never dump range constructor functions - (Tom Lane) - - - - This oversight led to pg_upgrade failures with - extensions containing range types, due to duplicate creation of the - constructor functions. - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the - - - - - Update Windows time zone mapping to recognize some time zone names - added in recent Windows versions (Michael Paquier) - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.2.18 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.2.17. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.18 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - Avoid crash in postgres -C when the specified variable - has a null string value (Michael Paquier) - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - Avoid canceling hot-standby queries during VACUUM FREEZE - (Simon Riggs, Álvaro Herrera) - - - - VACUUM FREEZE on an otherwise-idle master server could - result in unnecessary cancellations of queries on its standby - servers. - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - Prevent infinite loop in GiST index build for geometric columns - containing NaN component values (Tom Lane) - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - In pg_dump with both - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.2.17 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.2.16. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.17 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - Fix incorrect handling of equivalence-class tests in multilevel - nestloop plans (Tom Lane) - - - - Given a three-or-more-way equivalence class of variables, such - as X.X = Y.Y = Z.Z, it was possible for the planner to omit - some of the tests needed to enforce that all the variables are actually - equal, leading to join rows being output that didn't satisfy - the WHERE clauses. For various reasons, erroneous plans - were seldom selected in practice, so that this bug has gone undetected - for a long time. - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - Back-port 9.4-era memory-barrier code changes into 9.2 and 9.3 (Tom Lane) - - - - These changes were not originally needed in pre-9.4 branches, but we - recently back-patched a fix that expected the barrier code to work - properly. Only IA64 (when using icc), HPPA, and Alpha platforms are - affected. - - - - - - Reduce the number of SysV semaphores used by a build configured with - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.2.16 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.2.15. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.16 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.2.15 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.2.14. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.15 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - Perform an immediate shutdown if the postmaster.pid file - is removed (Tom Lane) - - - - The postmaster now checks every minute or so - that postmaster.pid is still there and still contains its - own PID. If not, it performs an immediate shutdown, as though it had - received SIGQUIT. The main motivation for this change - is to ensure that failed buildfarm runs will get cleaned up without - manual intervention; but it also serves to limit the bad effects if a - DBA forcibly removes postmaster.pid and then starts a new - postmaster. - - - - - - In SERIALIZABLE transaction isolation mode, serialization - anomalies could be missed due to race conditions during insertions - (Kevin Grittner, Thomas Munro) - - - - - - Fix failure to emit appropriate WAL records when doing ALTER - TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier, - Andres Freund) - - - - Even though the relation's data is unlogged, the move must be logged or - the relation will be inaccessible after a standby is promoted to master. - - - - - - Fix possible misinitialization of unlogged relations at the end of - crash recovery (Andres Freund, Michael Paquier) - - - - - - Fix ALTER COLUMN TYPE to reconstruct inherited check - constraints properly (Tom Lane) - - - - - - Fix REASSIGN OWNED to change ownership of composite types - properly (Álvaro Herrera) - - - - - - Fix REASSIGN OWNED and ALTER OWNER to correctly - update granted-permissions lists when changing owners of data types, - foreign data wrappers, or foreign servers (Bruce Momjian, - Álvaro Herrera) - - - - - - Fix REASSIGN OWNED to ignore foreign user mappings, - rather than fail (Álvaro Herrera) - - - - - - Add more defenses against bad planner cost estimates for GIN index - scans when the index's internal statistics are very out-of-date - (Tom Lane) - - - - - - Make planner cope with hypothetical GIN indexes suggested by an index - advisor plug-in (Julien Rouhaud) - - - - - - Fix dumping of whole-row Vars in ROW() - and VALUES() lists (Tom Lane) - - - - - - Fix possible internal overflow in numeric division - (Dean Rasheed) - - - - - - Fix enforcement of restrictions inside parentheses within regular - expression lookahead constraints (Tom Lane) - - - - Lookahead constraints aren't allowed to contain backrefs, and - parentheses within them are always considered non-capturing, according - to the manual. However, the code failed to handle these cases properly - inside a parenthesized subexpression, and would give unexpected - results. - - - - - - Conversion of regular expressions to indexscan bounds could produce - incorrect bounds from regexps containing lookahead constraints - (Tom Lane) - - - - - - Fix regular-expression compiler to handle loops of constraint arcs - (Tom Lane) - - - - The code added for CVE-2007-4772 was both incomplete, in that it didn't - handle loops involving more than one state, and incorrect, in that it - could cause assertion failures (though there seem to be no bad - consequences of that in a non-assert build). Multi-state loops would - cause the compiler to run until the query was canceled or it reached - the too-many-states error condition. - - - - - - Improve memory-usage accounting in regular-expression compiler - (Tom Lane) - - - - This causes the code to emit regular expression is too - complex errors in some cases that previously used unreasonable - amounts of time and memory. - - - - - - Improve performance of regular-expression compiler (Tom Lane) - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - On Windows, ensure the shared-memory mapping handle gets closed in - child processes that don't need it (Tom Lane, Amit Kapila) - - - - This oversight resulted in failure to recover from crashes - whenever logging_collector is turned on. - - - - - - Fix possible failure to detect socket EOF in non-blocking mode on - Windows (Tom Lane) - - - - It's not entirely clear whether this problem can happen in pre-9.5 - branches, but if it did, the symptom would be that a walsender process - would wait indefinitely rather than noticing a loss of connection. - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - In psql, ensure that libreadline's idea - of the screen size is updated when the terminal window size changes - (Merlin Moncure) - - - - Previously, libreadline did not notice if the window - was resized during query output, leading to strange behavior during - later input of multiline queries. - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - Avoid possible crash in psql's \c command - when previous connection was via Unix socket and command specifies a - new hostname and same username (Tom Lane) - - - - - - In pg_ctl start -w, test child process status directly - rather than relying on heuristics (Tom Lane, Michael Paquier) - - - - Previously, pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five - seconds. But that can fail on heavily-loaded systems, - causing pg_ctl to report incorrectly that the - postmaster failed to start. - - - - Except on Windows, this change also means that a pg_ctl start - -w done immediately after another such command will now reliably - fail, whereas previously it would report success if done within two - seconds of the first command. - - - - - - In pg_ctl start -w, don't attempt to use a wildcard listen - address to connect to the postmaster (Kondo Yuta) - - - - On Windows, pg_ctl would fail to detect postmaster - startup if listen_addresses is set to 0.0.0.0 - or ::, because it would try to use that value verbatim as - the address to connect to, which doesn't work. Instead assume - that 127.0.0.1 or ::1, respectively, is the - right thing to use. - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - In pg_dump and pg_basebackup, adopt - the GNU convention for handling tar-archive members exceeding 8GB - (Tom Lane) - - - - The POSIX standard for tar file format does not allow - archive member files to exceed 8GB, but most modern implementations - of tar support an extension that fixes that. Adopt - this extension so that pg_dump with - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - Ensure that relation option values are properly quoted - in pg_dump (Kouhei Sutou, Tom Lane) - - - - A reloption value that isn't a simple identifier or number could lead - to dump/reload failures due to syntax errors in CREATE statements - issued by pg_dump. This is not an issue with any - reloption currently supported by core PostgreSQL, but - extensions could allow reloptions that cause the problem. - - - - - - Fix pg_upgrade's file-copying code to handle errors - properly on Windows (Bruce Momjian) - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - Fix failure to localize messages emitted - by pg_receivexlog and pg_recvlogical - (Ioseph Kim) - - - - - - Avoid dump/reload problems when using both plpython2 - and plpython3 (Tom Lane) - - - - In principle, both versions of PL/Python can be used in - the same database, though not in the same session (because the two - versions of libpython cannot safely be used concurrently). - However, pg_restore and pg_upgrade both - do things that can fall foul of the same-session restriction. Work - around that by changing the timing of the check. - - - - - - Fix PL/Python regression tests to pass with Python 3.5 - (Peter Eisentraut) - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - Improve libpq's handling of out-of-memory situations - (Michael Paquier, Amit Kapila, Heikki Linnakangas) - - - - - - Fix order of arguments - in ecpg-generated typedef statements - (Michael Meskes) - - - - - - Use %g not %f format - in ecpg's PGTYPESnumeric_from_double() - (Tom Lane) - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - Ensure that contrib/pgcrypto's crypt() - function can be interrupted by query cancel (Andreas Karlsson) - - - - - - Accept flex versions later than 2.5.x - (Tom Lane, Michael Paquier) - - - - Now that flex 2.6.0 has been released, the version checks in our build - scripts needed to be adjusted. - - - - - - Install our missing script where PGXS builds can find it - (Jim Nasby) - - - - This allows sane behavior in a PGXS build done on a machine where build - tools such as bison are missing. - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - Add variant regression test expected-output file to match behavior of - current libxml2 (Tom Lane) - - - - The fix for libxml2's CVE-2015-7499 causes it not to - output error context reports in some cases where it used to do so. - This seems to be a bug, but we'll probably have to live with it for - some time, so work around it. - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.2.14 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.2.13. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.14 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - - - Back-patch 9.3-era addition of per-resource-owner lock caches - (Jeff Janes) - - - - This substantially improves performance when pg_dump - tries to dump a large number of tables. - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - In regular expression execution, correctly record match data for - capturing parentheses within a quantifier even when the match is - zero-length (Tom Lane) - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - Improve planner's performance for UPDATE/DELETE - on large inheritance sets (Tom Lane, Dean Rasheed) - - - - - - Ensure standby promotion trigger files are removed at postmaster - startup (Michael Paquier, Fujii Masao) - - - - This prevents unwanted promotion from occurring if these files appear - in a database backup that is used to initialize a new standby server. - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - Fix handling of all-zeroes pages in SP-GiST indexes (Heikki - Linnakangas) - - - - VACUUM attempted to recycle such pages, but did so in a - way that wasn't crash-safe. - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - Fix PL/Perl to handle non-ASCII error - message texts correctly (Alex Hunsaker) - - - - - - Fix PL/Python crash when returning the string - representation of a record result (Tom Lane) - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - In contrib/isn, fix output of ISBN-13 numbers that begin - with 979 (Fabien Coelho) - - - - EANs beginning with 979 (but not 9790) are considered ISBNs, but they - must be printed in the new 13-digit format, not the 10-digit format. - - - - - - - - Fix contrib/sepgsql's handling of SELECT INTO - statements (Kohei KaiGai) - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - Make pg_dump handle inherited NOT VALID - check constraints correctly (Tom Lane) - - - - - - Fix selection of default zlib compression level - in pg_dump's directory output format (Andrew Dunstan) - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping data types from pre-9.2 servers, and when dumping - functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - Fix assorted minor memory leaks in pg_dump and other - client-side programs (Michael Paquier) - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.2.13 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.2.12. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.13 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - - - - - Release 9.2.12 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.2.11. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.12 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.11, - see . - - - - - - Changes - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - - - Fix pg_get_functiondef() to show - functions' LEAKPROOF property, if set (Jeevan Chalke) - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - Allow libpq to use TLS protocol versions beyond v1 - (Noah Misch) - - - - For a long time, libpq was coded so that the only SSL - protocol it would allow was TLS v1. Now that newer TLS versions are - becoming popular, allow it to negotiate the highest commonly-supported - TLS version with the server. (PostgreSQL servers were - already capable of such negotiation, so no change is needed on the - server side.) This is a back-patch of a change already released in - 9.4.0. - - - - - - - - - - Release 9.2.11 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.2.10. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.11 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you use contrib/citext's - regexp_matches() functions, see the changelog entry below - about that. - - - - Also, if you are upgrading from a version earlier than 9.2.10, - see . - - - - - - Changes - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - Fix incorrect declaration of contrib/citext's - regexp_matches() functions (Tom Lane) - - - - These functions should return setof text[], like the core - functions they are wrappers for; but they were incorrectly declared as - returning just text[]. This mistake had two results: first, - if there was no match you got a scalar null result, whereas what you - should get is an empty set (zero rows). Second, the g flag - was effectively ignored, since you would get only one result array even - if there were multiple matches. - - - - While the latter behavior is clearly a bug, there might be applications - depending on the former behavior; therefore the function declarations - will not be changed by default until PostgreSQL 9.5. - In pre-9.5 branches, the old behavior exists in version 1.0 of - the citext extension, while we have provided corrected - declarations in version 1.1 (which is not installed by - default). To adopt the fix in pre-9.5 branches, execute - ALTER EXTENSION citext UPDATE TO '1.1' in each database in - which citext is installed. (You can also update - back to 1.0 if you need to undo that.) Be aware that either update - direction will require dropping and recreating any views or rules that - use citext's regexp_matches() functions. - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - Fix planning of star-schema-style queries (Tom Lane) - - - - Sometimes, efficient scanning of a large table requires that index - parameters be provided from more than one other table (commonly, - dimension tables whose keys are needed to index a large fact table). - The planner should be able to find such plans, but an overly - restrictive search heuristic prevented it. - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - - - Avoid cannot GetMultiXactIdMembers() during recovery error - (Álvaro Herrera) - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - Fix crash when doing COPY IN to a table with check - constraints that contain whole-row references (Tom Lane) - - - - The known failure case only crashes in 9.4 and up, but there is very - similar code in 9.3 and 9.2, so back-patch those branches as well. - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - Ensure tableoid of a foreign table is reported - correctly when a READ COMMITTED recheck occurs after - locking rows in SELECT FOR UPDATE, UPDATE, - or DELETE (Etsuro Fujita) - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - Report WAL flush, not insert, position in IDENTIFY_SYSTEM - replication command (Heikki Linnakangas) - - - - This avoids a possible startup failure - in pg_receivexlog. - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - In libpq, fix misparsing of empty values in URI - connection strings (Thomas Fanghaenel) - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - In pg_dump, fix failure to honor -Z - compression level option together with -Fd - (Michael Paquier) - - - - - - Make pg_dump consider foreign key relationships - between extension configuration tables while choosing dump order - (Gilles Darold, Michael Paquier, Stephen Frost) - - - - This oversight could result in producing dumps that fail to reload - because foreign key constraints are transiently violated. - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - Improve handling of readdir() failures when scanning - directories in initdb and pg_basebackup - (Marco Nenciarini) - - - - - - - - Fix failure in pg_receivexlog (Andres Freund) - - - - A patch merge mistake in 9.2.10 led to could not create archive - status file errors. - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.2.10 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.2.9. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.10 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are a Windows user and are using the Norwegian - (Bokmål) locale, manual action is needed after the upgrade to - replace any Norwegian (Bokmål)_Norway locale names stored - in PostgreSQL system catalogs with the plain-ASCII - alias Norwegian_Norway. For details see - - - - - Also, if you are upgrading from a version earlier than 9.2.9, - see . - - - - - - Changes - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - Cope with the Windows locale named Norwegian (Bokmål) - (Heikki Linnakangas) - - - - Non-ASCII locale names are problematic since it's not clear what - encoding they should be represented in. Map the troublesome locale - name to a plain-ASCII alias, Norwegian_Norway. - - - - - - Avoid possible data corruption if ALTER DATABASE SET - TABLESPACE is used to move a database to a new tablespace and then - shortly later move it back to its original tablespace (Tom Lane) - - - - - - Avoid corrupting tables when ANALYZE inside a transaction - is rolled back (Andres Freund, Tom Lane, Michael Paquier) - - - - If the failing transaction had earlier removed the last index, rule, or - trigger from the table, the table would be left in a corrupted state - with the relevant pg_class flags not set though they - should be. - - - - - - Ensure that unlogged tables are copied correctly - during CREATE DATABASE or ALTER DATABASE SET - TABLESPACE (Pavan Deolasee, Andres Freund) - - - - - - Fix DROP's dependency searching to correctly handle the - case where a table column is recursively visited before its table - (Petr Jelinek, Tom Lane) - - - - This case is only known to arise when an extension creates both a - datatype and a table using that datatype. The faulty code might - refuse a DROP EXTENSION unless CASCADE is - specified, which should not be required. - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - Fix planning of SELECT FOR UPDATE when using a partial - index on a child table (Kyotaro Horiguchi) - - - - In READ COMMITTED mode, SELECT FOR UPDATE must - also recheck the partial index's WHERE condition when - rechecking a recently-updated row to see if it still satisfies the - query's WHERE condition. This requirement was missed if the - index belonged to an inheritance child table, so that it was possible - to incorrectly return rows that no longer satisfy the query condition. - - - - - - Fix corner case wherein SELECT FOR UPDATE could return a row - twice, and possibly miss returning other rows (Tom Lane) - - - - In READ COMMITTED mode, a SELECT FOR UPDATE - that is scanning an inheritance tree could incorrectly return a row - from a prior child table instead of the one it should return from a - later child table. - - - - - - Reject duplicate column names in the referenced-columns list of - a FOREIGN KEY declaration (David Rowley) - - - - This restriction is per SQL standard. Previously we did not reject - the case explicitly, but later on the code would fail with - bizarre-looking errors. - - - - - - Restore previous behavior of conversion of domains to JSON - (Tom Lane) - - - - This change causes domains over numeric and boolean to be treated - like their base types for purposes of conversion to JSON. It worked - like that before 9.3.5 and 9.2.9, but was unintentionally changed - while fixing a related problem. - - - - - - Fix bugs in raising a numeric value to a large integral power - (Tom Lane) - - - - The previous code could get a wrong answer, or consume excessive - amounts of time and memory before realizing that the answer must - overflow. - - - - - - In numeric_recv(), truncate away any fractional digits - that would be hidden according to the value's dscale field - (Tom Lane) - - - - A numeric value's display scale (dscale) should - never be less than the number of nonzero fractional digits; but - apparently there's at least one broken client application that - transmits binary numeric values in which that's true. - This leads to strange behavior since the extra digits are taken into - account by arithmetic operations even though they aren't printed. - The least risky fix seems to be to truncate away such hidden - digits on receipt, so that the value is indeed what it prints as. - - - - - - Fix incorrect search for shortest-first regular expression matches - (Tom Lane) - - - - Matching would often fail when the number of allowed iterations is - limited by a ? quantifier or a bound expression. - - - - - - Reject out-of-range numeric timezone specifications (Tom Lane) - - - - Simple numeric timezone specifications exceeding +/- 168 hours (one - week) would be accepted, but could then cause null-pointer dereference - crashes in certain operations. There's no use-case for such large UTC - offsets, so reject them. - - - - - - Fix bugs in tsquery @> tsquery - operator (Heikki Linnakangas) - - - - Two different terms would be considered to match if they had the same - CRC. Also, if the second operand had more terms than the first, it - would be assumed not to be contained in the first; which is wrong - since it might contain duplicate terms. - - - - - - Improve ispell dictionary's defenses against bad affix files (Tom Lane) - - - - - - Allow more than 64K phrases in a thesaurus dictionary (David Boutin) - - - - The previous coding could crash on an oversize dictionary, so this was - deemed a back-patchable bug fix rather than a feature addition. - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - Ensure that whole-row variables expose nonempty column names - to functions that pay attention to column names within composite - arguments (Tom Lane) - - - - In some contexts, constructs like row_to_json(tab.*) may - not produce the expected column names. This is fixed properly as of - 9.4; in older branches, just ensure that we produce some nonempty - name. (In some cases this will be the underlying table's column name - rather than the query-assigned alias that should theoretically be - visible.) - - - - - - Fix mishandling of system columns, - particularly tableoid, in FDW queries (Etsuro Fujita) - - - - - - Avoid doing indexed_column = ANY - (array) as an index qualifier if that leads - to an inferior plan (Andrew Gierth) - - - - In some cases, = ANY conditions applied to non-first index - columns would be done as index conditions even though it would be - better to use them as simple filter conditions. - - - - - - Fix planner problems with nested append relations, such as inherited - tables within UNION ALL subqueries (Tom Lane) - - - - - - Fail cleanly when a GiST index tuple doesn't fit on a page, rather - than going into infinite recursion (Andrew Gierth) - - - - - - Exempt tables that have per-table cost_limit - and/or cost_delay settings from autovacuum's global cost - balancing rules (Álvaro Herrera) - - - - The previous behavior resulted in basically ignoring these per-table - settings, which was unintended. Now, a table having such settings - will be vacuumed using those settings, independently of what is going - on in other autovacuum workers. This may result in heavier total I/O - load than before, so such settings should be re-examined for sanity. - - - - - - Avoid wholesale autovacuuming when autovacuum is nominally off - (Tom Lane) - - - - Even when autovacuum is nominally off, we will still launch autovacuum - worker processes to vacuum tables that are at risk of XID wraparound. - However, such a worker process then proceeded to vacuum all tables in - the target database, if they met the usual thresholds for - autovacuuming. This is at best pretty unexpected; at worst it delays - response to the wraparound threat. Fix it so that if autovacuum is - turned off, workers only do anti-wraparound vacuums and - not any other work. - - - - - - During crash recovery, ensure that unlogged relations are rewritten as - empty and are synced to disk before recovery is considered complete - (Abhijit Menon-Sen, Andres Freund) - - - - This prevents scenarios in which unlogged relations might contain - garbage data following database crash recovery. - - - - - - Fix race condition between hot standby queries and replaying a - full-page image (Heikki Linnakangas) - - - - This mistake could result in transient errors in queries being - executed in hot standby. - - - - - - Fix several cases where recovery logic improperly ignored WAL records - for COMMIT/ABORT PREPARED (Heikki Linnakangas) - - - - The most notable oversight was - that recovery_target_xid could not be used to stop at - a two-phase commit. - - - - - - Prevent latest WAL file from being archived a second time at completion - of crash recovery (Fujii Masao) - - - - - - Avoid creating unnecessary .ready marker files for - timeline history files (Fujii Masao) - - - - - - Fix possible null pointer dereference when an empty prepared statement - is used and the log_statement setting is mod - or ddl (Fujii Masao) - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - Fix SPARC spinlock implementation to ensure correctness if the CPU is - being run in a non-TSO coherency mode, as some non-Solaris kernels do - (Andres Freund) - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - Fix processing of repeated dbname parameters - in PQconnectdbParams() (Alex Shulgin) - - - - Unexpected behavior ensued if the first occurrence - of dbname contained a connection string or URI to be - expanded. - - - - - - Ensure that libpq reports a suitable error message on - unexpected socket EOF (Marko Tiikkaja, Tom Lane) - - - - Depending on kernel behavior, libpq might return an - empty error string rather than something useful when the server - unexpectedly closed the socket. - - - - - - Clear any old error message during PQreset() - (Heikki Linnakangas) - - - - If PQreset() is called repeatedly, and the connection - cannot be re-established, error messages from the failed connection - attempts kept accumulating in the PGconn's error - string. - - - - - - Properly handle out-of-memory conditions while parsing connection - options in libpq (Alex Shulgin, Heikki Linnakangas) - - - - - - Fix array overrun in ecpg's version - of ParseDateTime() (Michael Paquier) - - - - - - In initdb, give a clearer error message if a password - file is specified but is empty (Mats Erik Andersson) - - - - - - Fix psql's \s command to work nicely with - libedit, and add pager support (Stepan Rutz, Tom Lane) - - - - When using libedit rather than readline, \s printed the - command history in a fairly unreadable encoded format, and on recent - libedit versions might fail altogether. Fix that by printing the - history ourselves rather than having the library do it. A pleasant - side-effect is that the pager is used if appropriate. - - - - This patch also fixes a bug that caused newline encoding to be applied - inconsistently when saving the command history with libedit. - Multiline history entries written by older psql - versions will be read cleanly with this patch, but perhaps not - vice versa, depending on the exact libedit versions involved. - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - Fix psql's expanded-mode display to work - consistently when using border = 3 - and linestyle = ascii or unicode - (Stephen Frost) - - - - - - Improve performance of pg_dump when the database - contains many instances of multiple dependency paths between the same - two objects (Tom Lane) - - - - - - Fix pg_dumpall to restore its ability to dump from - pre-8.1 servers (Gilles Darold) - - - - - - Fix possible deadlock during parallel restore of a schema-only dump - (Robert Haas, Tom Lane) - - - - - - Fix core dump in pg_dump --binary-upgrade on zero-column - composite type (Rushabh Lathia) - - - - - - Prevent WAL files created by pg_basebackup -x/-X from - being archived again when the standby is promoted (Andres Freund) - - - - - - Fix failure of contrib/auto_explain to print per-node - timing information when doing EXPLAIN ANALYZE (Tom Lane) - - - - - - Fix upgrade-from-unpackaged script for contrib/citext - (Tom Lane) - - - - - - Fix block number checking - in contrib/pageinspect's get_raw_page() - (Tom Lane) - - - - The incorrect checking logic could prevent access to some pages in - non-main relation forks. - - - - - - Fix contrib/pgcrypto's pgp_sym_decrypt() - to not fail on messages whose length is 6 less than a power of 2 - (Marko Tiikkaja) - - - - - - Fix file descriptor leak in contrib/pg_test_fsync - (Jeff Janes) - - - - This could cause failure to remove temporary files on Windows. - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - Avoid a possible crash in contrib/xml2's - xslt_process() (Mark Simonetti) - - - - libxslt seems to have an undocumented dependency on - the order in which resources are freed; reorder our calls to avoid a - crash. - - - - - - Mark some contrib I/O functions with correct volatility - properties (Tom Lane) - - - - The previous over-conservative marking was immaterial in normal use, - but could cause optimization problems or rejection of valid index - expression definitions. Since the consequences are not large, we've - just adjusted the function definitions in the extension modules' - scripts, without changing version numbers. - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - Detect incompatible OpenLDAP versions during build (Noah Misch) - - - - With OpenLDAP versions 2.4.24 through 2.4.31, - inclusive, PostgreSQL backends can crash at exit. - Raise a warning during configure based on the - compile-time OpenLDAP version number, and test the crashing scenario - in the contrib/dblink regression test. - - - - - - In non-MSVC Windows builds, ensure libpq.dll is installed - with execute permissions (Noah Misch) - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - Update time zone abbreviations lists (Tom Lane) - - - - Add CST (China Standard Time) to our lists. - Remove references to ADT as Arabia Daylight Time, an - abbreviation that's been out of use since 2007; therefore, claiming - there is a conflict with Atlantic Daylight Time doesn't seem - especially helpful. - Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST - (Fiji); we didn't even have them on the proper side of the date line. - - - - - - Update time zone data files to tzdata release 2015a. - - - - The IANA timezone database has adopted abbreviations of the form - AxST/AxDT - for all Australian time zones, reflecting what they believe to be - current majority practice Down Under. These names do not conflict - with usage elsewhere (other than ACST for Acre Summer Time, which has - been in disuse since 1994). Accordingly, adopt these names into - our Default timezone abbreviation set. - The Australia abbreviation set now contains only CST, EAST, - EST, SAST, SAT, and WST, all of which are thought to be mostly - historical usage. Note that SAST has also been changed to be South - Africa Standard Time in the Default abbreviation set. - - - - Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT - (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were - DST law changes in Chile, Mexico, the Turks & Caicos Islands - (America/Grand_Turk), and Fiji. There is a new zone - Pacific/Bougainville for portions of Papua New Guinea. Also, numerous - corrections for historical (pre-1970) time zone data. - - - - - - - - - - Release 9.2.9 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 9.2.8. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.9 - - - A dump/restore is not required for those running 9.2.X. - - - - However, this release corrects an index corruption problem in some GiST - indexes. See the first changelog entry below to find out whether your - installation has been affected and what steps you should take if so. - - - - Also, if you are upgrading from a version earlier than 9.2.6, - see . - - - - - - Changes - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - Don't clear the right-link of a GiST index page while replaying - updates from WAL (Heikki Linnakangas) - - - - This error could lead to transiently wrong answers from GiST index - scans performed in Hot Standby. - - - - - - Fix corner-case infinite loop during insertion into an SP-GiST text - index (Tom Lane) - - - - - - Fix feedback status when is - turned off on-the-fly (Simon Riggs) - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - Fix planner's mishandling of nested PlaceHolderVars generated in - nested-nestloop plans (Tom Lane) - - - - This oversight could result in variable not found in subplan - target lists errors, or in silently wrong query results. - - - - - - Fix could not find pathkey item to sort planner failures - with UNION ALL over subqueries reading from tables with - inheritance children (Tom Lane) - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - Improve planner to drop constant-NULL inputs - of AND/OR when possible (Tom Lane) - - - - This change fixes some cases where the more aggressive parameter - substitution done by 9.2 and later can lead to a worse plan than - older versions produced. - - - - - - Fix identification of input type category in to_json() - and friends (Tom Lane) - - - - This is known to have led to inadequate quoting of money - fields in the JSON result, and there may have been wrong - results for other data types as well. - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - Prevent foreign tables from being created with OIDS - when is true - (Etsuro Fujita) - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - Fix client host name lookup when processing pg_hba.conf - entries that specify host names instead of IP addresses (Tom Lane) - - - - Ensure that reverse-DNS lookup failures are reported, instead of just - silently not matching such entries. Also ensure that we make only - one reverse-DNS lookup attempt per connection, not one per host name - entry, which is what previously happened if the lookup attempts failed. - - - - - - Allow the root user to use postgres -C variable and - postgres --describe-config (MauMau) - - - - The prohibition on starting the server as root does not need to extend - to these operations, and relaxing it prevents failure - of pg_ctl in some scenarios. - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - Fix tablespace creation WAL replay to work on Windows (MauMau) - - - - - - Fix detection of socket creation failures on Windows (Bruce Momjian) - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - Fix linking of libpython on macOS (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - Fix ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more - than one row, as well as some other array-handling fixes - (Ashutosh Bapat) - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - Fix pg_upgrade for cases where the new server creates - a TOAST table but the old version did not (Bruce Momjian) - - - - This rare situation would manifest as relation OID mismatch - errors. - - - - - - Prevent contrib/auto_explain from changing the output of - a user's EXPLAIN (Tom Lane) - - - - If auto_explain is active, it could cause - an EXPLAIN (ANALYZE, TIMING OFF) command to nonetheless - print timing information. - - - - - - Fix query-lifespan memory leak in contrib/dblink - (MauMau, Joe Conway) - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - Prevent use of already-freed memory in - contrib/pgstattuple's pgstat_heap() - (Noah Misch) - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 9.2.8 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 9.2.7. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.8 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.6, - see . - - - - - - Changes - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - Avoid race condition in checking transaction commit status during - receipt of a NOTIFY message (Marko Tiikkaja) - - - - This prevents a scenario wherein a sufficiently fast client might - respond to a notification before database updates made by the - notifier have become visible to the recipient. - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - Improve performance of index endpoint probes during planning (Tom Lane) - - - - This change fixes a significant performance problem that occurred - when there were many not-yet-committed rows at the end of the index, - which is a common situation for indexes on sequentially-assigned - values such as timestamps or sequence-generated identifiers. - - - - - - Fix walsender's failure to shut down cleanly when client - is pg_receivexlog (Fujii Masao) - - - - - - Check WAL level and hot standby parameters correctly when doing crash - recovery that will be followed by archive recovery (Heikki Linnakangas) - - - - - - Fix test to see if hot standby connections can be allowed immediately - after a crash (Heikki Linnakangas) - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - Fix memory leak in PL/Perl when returning a composite result, including - multiple-OUT-parameter cases (Alex Hunsaker) - - - - - - Fix tracking of psql script line numbers - during \copy from out-of-line data - (Kumar Rajeev Rastogi, Amit Khandekar) - - - - \copy ... from incremented the script file line number - for each data line, even if the data was not coming from the script - file. This mistake resulted in wrong line numbers being reported for - any errors occurring later in the same script file. - - - - - - Prevent intermittent could not reserve shared memory region - failures on recent Windows versions (MauMau) - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 9.2.7 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 9.2.6. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.7 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.6, - see . - - - - - - Changes - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - Fix bug in determining when recovery has reached consistency - (Tomonari Katsumata, Heikki Linnakangas) - - - - In some cases WAL replay would mistakenly conclude that the database - was already consistent at the start of replay, thus possibly allowing - hot-standby queries before the database was really consistent. Other - symptoms such as PANIC: WAL contains references to invalid - pages were also possible. - - - - - - Fix improper locking of btree index pages while replaying - a VACUUM operation in hot-standby mode (Andres Freund, - Heikki Linnakangas, Tom Lane) - - - - This error could result in PANIC: WAL contains references to - invalid pages failures. - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - When pause_at_recovery_target - and recovery_target_inclusive are both set, ensure the - target record is applied before pausing, not after (Heikki - Linnakangas) - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - Fix race conditions in walsender shutdown logic and walreceiver - SIGHUP signal handler (Tom Lane) - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - Allow keywords that are type names to be used in lists of roles - (Stephen Frost) - - - - A previous patch allowed such keywords to be used without quoting - in places such as role identifiers; but it missed cases where a - list of role identifiers was permitted, such as DROP ROLE. - - - - - - Fix parser crash for EXISTS(SELECT * FROM - zero_column_table) (Tom Lane) - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - Fix UPDATE/DELETE of an inherited target table - that has UNION ALL subqueries (Tom Lane) - - - - Without this fix, UNION ALL subqueries aren't correctly - inserted into the update plans for inheritance child tables after the - first one, typically resulting in no update happening for those child - table(s). - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - Properly distinguish numbers from non-numbers when generating JSON - output (Andrew Dunstan) - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - Fix placement of permissions checks in pg_start_backup() - and pg_stop_backup() (Andres Freund, Magnus Hagander) - - - - The previous coding might attempt to do catalog access when it - shouldn't. - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - Fix *-qualification of named parameters in SQL-language - functions (Tom Lane) - - - - Given a composite-type parameter - named foo, $1.* worked fine, - but foo.* not so much. - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - Fix incorrect translation handling in - some psql \d commands - (Peter Eisentraut, Tom Lane) - - - - - - Ensure pg_basebackup's background process is killed - when exiting its foreground process (Magnus Hagander) - - - - - - Fix possible incorrect printing of filenames - in pg_basebackup's verbose mode (Magnus Hagander) - - - - - - Avoid including tablespaces inside PGDATA twice in base backups - (Dimitri Fontaine, Magnus Hagander) - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - Fix contrib/pg_stat_statement's handling - of CURRENT_DATE and related constructs (Kyotaro - Horiguchi) - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - Avoid using the deprecated dllwrap tool in Cygwin builds - (Marco Atzeri) - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 9.2.6 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 9.2.5. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.6 - - - A dump/restore is not required for those running 9.2.X. - - - - However, this release corrects a number of potential data corruption - issues. See the first two changelog entries below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 9.2.4, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. In 9.2.0 - and later, the probability of loss is higher, and it's also possible - to get could not access status of transaction errors as a - consequence of this bug. Users upgrading from releases 9.0.4 or 8.4.8 - or earlier are not affected, but all later versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix initialization of pg_clog and pg_subtrans - during hot standby startup (Andres Freund, Heikki Linnakangas) - - - - This bug can cause data loss on standby servers at the moment they - start to accept hot-standby queries, by marking committed transactions - as uncommitted. The likelihood of such corruption is small unless, at - the time of standby startup, the primary server has executed many - updating transactions since its last checkpoint. Symptoms include - missing rows, rows that should have been deleted being still visible, - and obsolete versions of updated rows being still visible alongside - their newer versions. - - - - This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. - Standby servers that have only been running earlier releases are not - at risk. It's recommended that standby servers that have ever run any - of the buggy releases be re-cloned from the primary (e.g., with a new - base backup) after upgrading. - - - - - - Fix dangling-pointer problem in fast-path locking (Tom Lane) - - - - This could lead to corruption of the lock data structures in shared - memory, causing lock already held and other odd errors. - - - - - - Truncate pg_multixact contents during WAL replay - (Andres Freund) - - - - This avoids ever-increasing disk space consumption in standby servers. - - - - - - Ensure an anti-wraparound VACUUM counts a page as scanned - when it's only verified that no tuples need freezing (Sergey - Burladyan, Jeff Janes) - - - - This bug could result in failing to - advance relfrozenxid, so that the table would still be - thought to need another anti-wraparound vacuum. In the worst case the - database might even shut down to prevent wraparound. - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Fix unexpected spgdoinsert() failure error during SP-GiST - index creation (Teodor Sigaev) - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix incorrect planning in cases where the same non-strict expression - appears in multiple WHERE and outer JOIN - equality clauses (Tom Lane) - - - - - - Fix planner crash with whole-row reference to a subquery (Tom Lane) - - - - - - Fix incorrect generation of optimized MIN()/MAX() plans for - inheritance trees (Tom Lane) - - - - The planner could fail in cases where the MIN()/MAX() argument was an - expression rather than a simple variable. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Prevent intra-transaction memory leak when printing range values - (Tom Lane) - - - - This fix actually cures transient memory leaks in any datatype output - function, but range types are the only ones known to have had a - significant problem. - - - - - - Prevent incorrect display of dropped columns in NOT NULL and CHECK - constraint violation messages (Michael Paquier and Tom Lane) - - - - - - Allow default arguments and named-argument notation for window - functions (Tom Lane) - - - - Previously, these cases were likely to crash. - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Make ecpg search for quoted cursor names - case-sensitively (Zoltán Böszörményi) - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 9.2.5 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 9.2.4. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.5 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.4, - see . - - - - - - Changes - - - - - - Prevent corruption of multi-byte characters when attempting to - case-fold identifiers (Andrew Dunstan) - - - - PostgreSQL case-folds non-ASCII characters only - when using a single-byte server encoding. - - - - - - Fix memory leak when creating B-tree indexes on range columns - (Heikki Linnakangas) - - - - - - Fix checkpoint memory leak in background writer when wal_level = - hot_standby (Naoya Anzai) - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Fix memory overcommit bug when work_mem is using more - than 24GB of memory (Stephen Frost) - - - - - - Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Fix possible SSL state corruption in threaded libpq applications - (Nick Phillips, Stephen Frost) - - - - - - Improve estimate of planner cost when choosing between generic and - custom plans (Tom Lane) - - - - This change will favor generic plans when planning cost is high. - - - - - - Properly compute row estimates for boolean columns containing many NULL - values (Andrew Gierth) - - - - Previously tests like col IS NOT TRUE and col IS - NOT FALSE did not properly factor in NULL values when estimating - plan costs. - - - - - - Fix accounting for qualifier evaluation costs in UNION ALL - and inheritance queries (Tom Lane) - - - - This fixes cases where suboptimal query plans could be chosen if - some WHERE clauses are expensive to calculate. - - - - - - Prevent pushing down WHERE clauses into unsafe - UNION/INTERSECT subqueries (Tom Lane) - - - - Subqueries of a UNION or INTERSECT that - contain set-returning functions or volatile functions in their - SELECT lists could be improperly optimized, leading to - run-time errors or incorrect query results. - - - - - - Fix rare case of failed to locate grouping columns - planner failure (Tom Lane) - - - - - - Fix pg_dump of foreign tables with dropped columns (Andrew Dunstan) - - - - Previously such cases could cause a pg_upgrade error. - - - - - - Reorder pg_dump processing of extension-related - rules and event triggers (Joe Conway) - - - - - - Force dumping of extension tables if specified by pg_dump - -t or -n (Joe Conway) - - - - - - Improve view dumping code's handling of dropped columns in referenced - tables (Tom Lane) - - - - - - Fix pg_restore -l with the directory archive to display - the correct format name (Fujii Masao) - - - - - - Properly record index comments created using UNIQUE - and PRIMARY KEY syntax (Andres Freund) - - - - This fixes a parallel pg_restore failure. - - - - - - Cause pg_basebackup -x with an empty xlog directory - to throw an error rather than crashing (Magnus Hagander, Haruka - Takatsuka) - - - - - - Properly guarantee transmission of WAL files before clean switchover - (Fujii Masao) - - - - Previously, the streaming replication connection might close before all - WAL files had been replayed on the standby. - - - - - - Fix WAL segment timeline handling during recovery (Mitsumasa Kondo, - Heikki Linnakangas) - - - - WAL file recycling during standby recovery could lead to premature - recovery completion, resulting in data loss. - - - - - - Prevent errors in WAL replay due to references to uninitialized empty - pages (Andres Freund) - - - - - - Fix REINDEX TABLE and REINDEX DATABASE - to properly revalidate constraints and mark invalidated indexes as - valid (Noah Misch) - - - - REINDEX INDEX has always worked properly. - - - - - - Avoid deadlocks during insertion into SP-GiST indexes (Teodor Sigaev) - - - - - - Fix possible deadlock during concurrent CREATE INDEX - CONCURRENTLY operations (Tom Lane) - - - - - - Fix GiST index lookup crash (Tom Lane) - - - - - - Fix regexp_matches() handling of zero-length matches - (Jeevan Chalke) - - - - Previously, zero-length matches like '^' could return too many matches. - - - - - - Fix crash for overly-complex regular expressions (Heikki Linnakangas) - - - - - - Fix regular expression match failures for back references combined with - non-greedy quantifiers (Jeevan Chalke) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Allow ALTER DEFAULT PRIVILEGES to operate on schemas - without requiring CREATE permission (Tom Lane) - - - - - - Loosen restriction on keywords used in queries (Tom Lane) - - - - Specifically, lessen keyword restrictions for role names, language - names, EXPLAIN and COPY options, and - SET values. This allows COPY ... (FORMAT - BINARY) to work as expected; previously BINARY needed - to be quoted. - - - - - - Print proper line number during COPY failure (Heikki - Linnakangas) - - - - - - Fix pgp_pub_decrypt() so it works for secret keys with - passwords (Marko Kreen) - - - - - - Make pg_upgrade use pg_dump - --quote-all-identifiers to avoid problems with keyword changes - between releases (Tom Lane) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - Ensure that VACUUM ANALYZE still runs the ANALYZE phase - if its attempt to truncate the file is cancelled due to lock conflicts - (Kevin Grittner) - - - - - - Avoid possible failure when performing transaction control commands (e.g - ROLLBACK) in prepared queries (Tom Lane) - - - - - - Ensure that floating-point data input accepts standard spellings - of infinity on all platforms (Tom Lane) - - - - The C99 standard says that allowable spellings are inf, - +inf, -inf, infinity, - +infinity, and -infinity. Make sure we - recognize these even if the platform's strtod function - doesn't. - - - - - - Avoid unnecessary reporting when track_activities is off - (Tom Lane) - - - - - - Expand ability to compare rows to records and arrays (Rafal Rzepecki, - Tom Lane) - - - - - - Prevent crash when psql's PSQLRC variable - contains a tilde (Bruce Momjian) - - - - - - Add spinlock support for ARM64 (Mark Salter) - - - - - - Update time zone data files to tzdata release 2013d - for DST law changes in Israel, Morocco, Palestine, and Paraguay. - Also, historical zone data corrections for Macquarie Island. - - - - - - - - - - Release 9.2.4 - - - Release date: - 2013-04-04 - - - - This release contains a variety of fixes from 9.2.3. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.4 - - - A dump/restore is not required for those running 9.2.X. - - - - However, this release corrects several errors in management of GiST - indexes. After installing this update, it is advisable to - REINDEX any GiST indexes that meet one or more of the - conditions described below. - - - - Also, if you are upgrading from a version earlier than 9.2.2, - see . - - - - - - Changes - - - - - - Fix insecure parsing of server command-line switches (Mitsumasa - Kondo, Kyotaro Horiguchi) - - - - A connection request containing a database name that begins with - - could be crafted to damage or destroy - files within the server's data directory, even if the request is - eventually rejected. (CVE-2013-1899) - - - - - - Reset OpenSSL randomness state in each postmaster child process - (Marko Kreen) - - - - This avoids a scenario wherein random numbers generated by - contrib/pgcrypto functions might be relatively easy for - another database user to guess. The risk is only significant when - the postmaster is configured with ssl = on - but most connections don't use SSL encryption. (CVE-2013-1900) - - - - - - Make REPLICATION privilege checks test current user not authenticated - user (Noah Misch) - - - - An unprivileged database user could exploit this mistake to call - pg_start_backup() or pg_stop_backup(), - thus possibly interfering with creation of routine backups. - (CVE-2013-1901) - - - - - - Fix GiST indexes to not use fuzzy geometric comparisons when - it's not appropriate to do so (Alexander Korotkov) - - - - The core geometric types perform comparisons using fuzzy - equality, but gist_box_same must do exact comparisons, - else GiST indexes using it might become inconsistent. After installing - this update, users should REINDEX any GiST indexes on - box, polygon, circle, or point - columns, since all of these use gist_box_same. - - - - - - Fix erroneous range-union and penalty logic in GiST indexes that use - contrib/btree_gist for variable-width data types, that is - text, bytea, bit, and numeric - columns (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in useless - index bloat. Users are advised to REINDEX such indexes - after installing this update. - - - - - - Fix bugs in GiST page splitting code for multi-column indexes - (Tom Lane) - - - - These errors could result in inconsistent indexes in which some keys - that are present would not be found by searches, and also in indexes - that are unnecessarily inefficient to search. Users are advised to - REINDEX multi-column GiST indexes after installing this - update. - - - - - - Fix gist_point_consistent - to handle fuzziness consistently (Alexander Korotkov) - - - - Index scans on GiST indexes on point columns would sometimes - yield results different from a sequential scan, because - gist_point_consistent disagreed with the underlying - operator code about whether to do comparisons exactly or fuzzily. - - - - - - Fix buffer leak in WAL replay (Heikki Linnakangas) - - - - This bug could result in incorrect local pin count errors - during replay, making recovery impossible. - - - - - - Ensure we do crash recovery before entering archive recovery, if the - database was not stopped cleanly and a recovery.conf file - is present (Heikki Linnakangas, Kyotaro Horiguchi, Mitsumasa Kondo) - - - - This is needed to ensure that the database is consistent in certain - scenarios, such as initializing a standby server with a filesystem - snapshot from a running server. - - - - - - Avoid deleting not-yet-archived WAL files during crash recovery - (Heikki Linnakangas, Fujii Masao) - - - - - - Fix race condition in DELETE RETURNING (Tom Lane) - - - - Under the right circumstances, DELETE RETURNING could - attempt to fetch data from a shared buffer that the current process - no longer has any pin on. If some other process changed the buffer - meanwhile, this would lead to garbage RETURNING output, or - even a crash. - - - - - - Fix infinite-loop risk in regular expression compilation (Tom Lane, - Don Porter) - - - - - - Fix potential null-pointer dereference in regular expression compilation - (Tom Lane) - - - - - - Fix to_char() to use ASCII-only case-folding rules where - appropriate (Tom Lane) - - - - This fixes misbehavior of some template patterns that should be - locale-independent, but mishandled I and - i in Turkish locales. - - - - - - Fix unwanted rejection of timestamp 1999-12-31 24:00:00 - (Tom Lane) - - - - - - Fix SQL-language functions to be safely usable as support - functions for range types (Tom Lane) - - - - - - Fix logic error when a single transaction does UNLISTEN - then LISTEN (Tom Lane) - - - - The session wound up not listening for notify events at all, though it - surely should listen in this case. - - - - - - Fix possible planner crash after columns have been added to a view - that's depended on by another view (Tom Lane) - - - - - - Fix performance issue in EXPLAIN (ANALYZE, TIMING OFF) - (Pavel Stehule) - - - - - - Remove useless picksplit doesn't support secondary split log - messages (Josh Hansen, Tom Lane) - - - - This message seems to have been added in expectation of code that was - never written, and probably never will be, since GiST's default - handling of secondary splits is actually pretty good. So stop nagging - end users about it. - - - - - - Remove vestigial secondary-split support in - gist_box_picksplit() (Tom Lane) - - - - Not only was this implementation of secondary-split not better than the - default implementation, it's actually worse. So remove it and let the - default code path handle the case. - - - - - - Fix possible failure to send a session's last few transaction - commit/abort counts to the statistics collector (Tom Lane) - - - - - - Eliminate memory leaks in PL/Perl's spi_prepare() function - (Alex Hunsaker, Tom Lane) - - - - - - Fix pg_dumpall to handle database names containing - = correctly (Heikki Linnakangas) - - - - - - Avoid crash in pg_dump when an incorrect connection - string is given (Heikki Linnakangas) - - - - - - Ignore invalid indexes in pg_dump and - pg_upgrade (Michael Paquier, Bruce Momjian) - - - - Dumping invalid indexes can cause problems at restore time, for example - if the reason the index creation failed was because it tried to enforce - a uniqueness condition not satisfied by the table's data. Also, if the - index creation is in fact still in progress, it seems reasonable to - consider it to be an uncommitted DDL change, which - pg_dump wouldn't be expected to dump anyway. - pg_upgrade now also skips invalid indexes rather than - failing. - - - - - - In pg_basebackup, include only the current server - version's subdirectory when backing up a tablespace (Heikki - Linnakangas) - - - - - - Add a server version check in pg_basebackup and - pg_receivexlog, so they fail cleanly with version - combinations that won't work (Heikki Linnakangas) - - - - - - Fix contrib/dblink to handle inconsistent settings of - DateStyle or IntervalStyle safely (Daniel - Farina, Tom Lane) - - - - Previously, if the remote server had different settings of these - parameters, ambiguous dates might be read incorrectly. This fix - ensures that datetime and interval columns fetched by a - dblink query will be interpreted correctly. Note however - that inconsistent settings are still risky, since literal values - appearing in SQL commands sent to the remote server might be - interpreted differently than they would be locally. - - - - - - Fix contrib/pg_trgm's similarity() function - to return zero for trigram-less strings (Tom Lane) - - - - Previously it returned NaN due to internal division by zero. - - - - - - Enable building PostgreSQL with Microsoft Visual - Studio 2012 (Brar Piening, Noah Misch) - - - - - - Update time zone data files to tzdata release 2013b - for DST law changes in Chile, Haiti, Morocco, Paraguay, and some - Russian areas. Also, historical zone data corrections for numerous - places. - - - - Also, update the time zone abbreviation files for recent changes in - Russia and elsewhere: CHOT, GET, - IRKT, KGT, KRAT, MAGT, - MAWT, MSK, NOVT, OMST, - TKT, VLAT, WST, YAKT, - YEKT now follow their current meanings, and - VOLT (Europe/Volgograd) and MIST - (Antarctica/Macquarie) are added to the default abbreviations list. - - - - - - - - - - Release 9.2.3 - - - Release date: - 2013-02-07 - - - - This release contains a variety of fixes from 9.2.2. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.3 - - - A dump/restore is not required for those running 9.2.X. - - - - However, if you are upgrading from a version earlier than 9.2.2, - see . - - - - - - Changes - - - - - - Prevent execution of enum_recv from SQL (Tom Lane) - - - - The function was misdeclared, allowing a simple SQL command to crash the - server. In principle an attacker might be able to use it to examine the - contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) - for reporting this issue. (CVE-2013-0255) - - - - - - Fix multiple problems in detection of when a consistent database - state has been reached during WAL replay (Fujii Masao, Heikki - Linnakangas, Simon Riggs, Andres Freund) - - - - - - Fix detection of end-of-backup point when no actual redo work is - required (Heikki Linnakangas) - - - - This mistake could result in incorrect WAL ends before end of - online backup errors. - - - - - - Update minimum recovery point when truncating a relation file (Heikki - Linnakangas) - - - - Once data has been discarded, it's no longer safe to stop recovery at - an earlier point in the timeline. - - - - - - Fix recycling of WAL segments after changing recovery target timeline - (Heikki Linnakangas) - - - - - - Properly restore timeline history files from archive on cascading - standby servers (Heikki Linnakangas) - - - - - - Fix lock conflict detection on hot-standby servers (Andres Freund, - Robert Haas) - - - - - - Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs) - - - - The need to cancel conflicting hot-standby queries would sometimes be - missed, allowing those queries to see inconsistent data. - - - - - - Prevent recovery pause feature from pausing before users can connect - (Tom Lane) - - - - - - Fix SQL grammar to allow subscripting or field selection from a - sub-SELECT result (Tom Lane) - - - - - - Fix performance problems with autovacuum truncation in busy workloads - (Jan Wieck) - - - - Truncation of empty pages at the end of a table requires exclusive - lock, but autovacuum was coded to fail (and release the table lock) - when there are conflicting lock requests. Under load, it is easily - possible that truncation would never occur, resulting in table bloat. - Fix by performing a partial truncation, releasing the lock, then - attempting to re-acquire the lock and continue. This fix also greatly - reduces the average time before autovacuum releases the lock after a - conflicting request arrives. - - - - - - Improve performance of SPI_execute and related - functions, thereby improving PL/pgSQL's EXECUTE - (Heikki Linnakangas, Tom Lane) - - - - Remove some data-copying overhead that was added in 9.2 as a - consequence of revisions in the plan caching mechanism. This - eliminates a performance regression compared to 9.1, and also saves - memory, especially when the query string to be executed contains many - SQL statements. - - - - A side benefit is that multi-statement query strings are now - processed fully serially, that is we complete execution of earlier - statements before running parse analysis and planning on the - following ones. This eliminates a long-standing issue, in that DDL - that should affect the behavior of a later statement will now behave as - expected. - - - - - - Restore pre-9.2 cost estimates for index usage (Tom Lane) - - - - An ill-considered change of a fudge factor led to undesirably high - cost estimates for use of very large indexes. - - - - - - Fix intermittent crash in DROP INDEX CONCURRENTLY (Tom Lane) - - - - - - Fix potential corruption of shared-memory lock table during - CREATE/DROP INDEX CONCURRENTLY (Tom Lane) - - - - - - Fix COPY's multiple-tuple-insertion code for the case of - a tuple larger than page size minus fillfactor (Heikki Linnakangas) - - - - The previous coding could get into an infinite loop. - - - - - - Protect against race conditions when scanning - pg_tablespace (Stephen Frost, Tom Lane) - - - - CREATE DATABASE and DROP DATABASE could - misbehave if there were concurrent updates of - pg_tablespace entries. - - - - - - Prevent DROP OWNED from trying to drop whole databases or - tablespaces (Álvaro Herrera) - - - - For safety, ownership of these objects must be reassigned, not dropped. - - - - - - Fix error in vacuum_freeze_table_age - implementation (Andres Freund) - - - - In installations that have existed for more than vacuum_freeze_min_age - transactions, this mistake prevented autovacuum from using partial-table - scans, so that a full-table scan would always happen instead. - - - - - - Prevent misbehavior when a RowExpr or XmlExpr - is parse-analyzed twice (Andres Freund, Tom Lane) - - - - This mistake could be user-visible in contexts such as - CREATE TABLE LIKE INCLUDING INDEXES. - - - - - - Improve defenses against integer overflow in hashtable sizing - calculations (Jeff Davis) - - - - - - Fix some bugs associated with privileges on datatypes (Tom Lane) - - - - There were some issues with default privileges for types, and - pg_dump failed to dump such privileges at all. - - - - - - Fix failure to ignore leftover temporary tables after a server crash - (Tom Lane) - - - - - - Fix failure to rotate postmaster log files for size reasons on - Windows (Jeff Janes, Heikki Linnakangas) - - - - - - Reject out-of-range dates in to_date() (Hitoshi Harada) - - - - - - Fix pg_extension_config_dump() to handle - extension-update cases properly (Tom Lane) - - - - This function will now replace any existing entry for the target - table, making it usable in extension update scripts. - - - - - - Fix PL/pgSQL's reporting of plan-time errors in possibly-simple - expressions (Tom Lane) - - - - The previous coding resulted in sometimes omitting the first line in - the CONTEXT traceback for the error. - - - - - - Fix PL/Python's handling of functions used as triggers on multiple - tables (Andres Freund) - - - - - - Ensure that non-ASCII prompt strings are translated to the correct - code page on Windows (Alexander Law, Noah Misch) - - - - This bug affected psql and some other client programs. - - - - - - Fix possible crash in psql's \? command - when not connected to a database (Meng Qingzhong) - - - - - - Fix possible error if a relation file is removed while - pg_basebackup is running (Heikki Linnakangas) - - - - - - Tolerate timeline switches while pg_basebackup -X fetch - is backing up a standby server (Heikki Linnakangas) - - - - - - Make pg_dump exclude data of unlogged tables when - running on a hot-standby server (Magnus Hagander) - - - - This would fail anyway because the data is not available on the standby - server, so it seems most convenient to assume - - - - - - Fix pg_upgrade to deal with invalid indexes safely - (Bruce Momjian) - - - - - - Fix pg_upgrade's -O/-o options (Marti Raudsepp) - - - - - - Fix one-byte buffer overrun in libpq's - PQprintTuples (Xi Wang) - - - - This ancient function is not used anywhere by - PostgreSQL itself, but it might still be used by some - client code. - - - - - - Make ecpglib use translated messages properly - (Chen Huajun) - - - - - - Properly install ecpg_compat and - pgtypes libraries on MSVC (Jiang Guiqing) - - - - - - Include our version of isinf() in - libecpg if it's not provided by the system - (Jiang Guiqing) - - - - - - Rearrange configure's tests for supplied functions so it is not - fooled by bogus exports from libedit/libreadline (Christoph Berg) - - - - - - Ensure Windows build number increases over time (Magnus Hagander) - - - - - - Make pgxs build executables with the right - .exe suffix when cross-compiling for Windows - (Zoltan Boszormenyi) - - - - - - Add new timezone abbreviation FET (Tom Lane) - - - - This is now used in some eastern-European time zones. - - - - - - - - - - Release 9.2.2 - - - Release date: - 2012-12-06 - - - - This release contains a variety of fixes from 9.2.1. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.2 - - - A dump/restore is not required for those running 9.2.X. - - - - However, you may need to perform REINDEX operations to - correct problems in concurrently-built indexes, as described in the first - changelog item below. - - - - Also, if you are upgrading from version 9.2.0, - see . - - - - - - Changes - - - - - - Fix multiple bugs associated with CREATE/DROP INDEX - CONCURRENTLY (Andres Freund, Tom Lane, Simon Riggs, Pavan Deolasee) - - - - An error introduced while adding DROP INDEX CONCURRENTLY - allowed incorrect indexing decisions to be made during the initial - phase of CREATE INDEX CONCURRENTLY; so that indexes built - by that command could be corrupt. It is recommended that indexes - built in 9.2.X with CREATE INDEX CONCURRENTLY be rebuilt - after applying this update. - - - - In addition, fix CREATE/DROP INDEX CONCURRENTLY to use - in-place updates when changing the state of an index's - pg_index row. This prevents race conditions that could - cause concurrent sessions to miss updating the target index, thus - again resulting in corrupt concurrently-created indexes. - - - - Also, fix various other operations to ensure that they ignore - invalid indexes resulting from a failed CREATE INDEX - CONCURRENTLY command. The most important of these is - VACUUM, because an auto-vacuum could easily be launched - on the table before corrective action can be taken to fix or remove - the invalid index. - - - - Also fix DROP INDEX CONCURRENTLY to not disable - insertions into the target index until all queries using it are done. - - - - Also fix misbehavior if DROP INDEX CONCURRENTLY is - canceled: the previous coding could leave an un-droppable index behind. - - - - - - Correct predicate locking for DROP INDEX CONCURRENTLY - (Kevin Grittner) - - - - Previously, SSI predicate locks were processed at the wrong time, - possibly leading to incorrect behavior of serializable transactions - executing in parallel with the DROP. - - - - - - Fix buffer locking during WAL replay (Tom Lane) - - - - The WAL replay code was insufficiently careful about locking buffers - when replaying WAL records that affect more than one page. This could - result in hot standby queries transiently seeing inconsistent states, - resulting in wrong answers or unexpected failures. - - - - - - Fix an error in WAL generation logic for GIN indexes (Tom Lane) - - - - This could result in index corruption, if a torn-page failure occurred. - - - - - - Fix an error in WAL replay logic for SP-GiST indexes (Tom Lane) - - - - This could result in index corruption after a crash, or on a standby - server. - - - - - - Fix incorrect detection of end-of-base-backup location during WAL - recovery (Heikki Linnakangas) - - - - This mistake allowed hot standby mode to start up before the database - reaches a consistent state. - - - - - - Properly remove startup process's virtual XID lock when promoting a - hot standby server to normal running (Simon Riggs) - - - - This oversight could prevent subsequent execution of certain - operations such as CREATE INDEX CONCURRENTLY. - - - - - - Avoid bogus out-of-sequence timeline ID errors in standby - mode (Heikki Linnakangas) - - - - - - Prevent the postmaster from launching new child processes after it's - received a shutdown signal (Tom Lane) - - - - This mistake could result in shutdown taking longer than it should, or - even never completing at all without additional user action. - - - - - - Fix the syslogger process to not fail when - log_rotation_age exceeds 2^31 milliseconds (about 25 days) - (Tom Lane) - - - - - - Fix WaitLatch() to return promptly when the requested - timeout expires (Jeff Janes, Tom Lane) - - - - With the previous coding, a steady stream of non-wait-terminating - interrupts could delay return from WaitLatch() - indefinitely. This has been shown to be a problem for the autovacuum - launcher process, and might cause trouble elsewhere as well. - - - - - - Avoid corruption of internal hash tables when out of memory - (Hitoshi Harada) - - - - - - Prevent file descriptors for dropped tables from being held open past - transaction end (Tom Lane) - - - - This should reduce problems with long-since-dropped tables continuing - to occupy disk space. - - - - - - Prevent database-wide crash and restart when a new child process is - unable to create a pipe for its latch (Tom Lane) - - - - Although the new process must fail, there is no good reason to force a - database-wide restart, so avoid that. This improves robustness when - the kernel is nearly out of file descriptors. - - - - - - Avoid planner crash with joins to unflattened subqueries (Tom Lane) - - - - - - Fix planning of non-strict equivalence clauses above outer joins - (Tom Lane) - - - - The planner could derive incorrect constraints from a clause equating - a non-strict construct to something else, for example - WHERE COALESCE(foo, 0) = 0 - when foo is coming from the nullable side of an outer join. - 9.2 showed this type of error in more cases than previous releases, - but the basic bug has been there for a long time. - - - - - - Fix SELECT DISTINCT with index-optimized - MIN/MAX on an inheritance tree (Tom Lane) - - - - The planner would fail with failed to re-find MinMaxAggInfo - record given this combination of factors. - - - - - - Make sure the planner sees implicit and explicit casts as equivalent - for all purposes, except in the minority of cases where there's - actually a semantic difference (Tom Lane) - - - - - - Include join clauses when considering whether partial indexes can be - used for a query (Tom Lane) - - - - A strict join clause can be sufficient to establish an - x IS NOT NULL predicate, for example. - This fixes a planner regression in 9.2, since previous versions could - make comparable deductions. - - - - - - Limit growth of planning time when there are many indexable join - clauses for the same index (Tom Lane) - - - - - - Improve planner's ability to prove exclusion constraints from - equivalence classes (Tom Lane) - - - - - - Fix partial-row matching in hashed subplans to handle cross-type cases - correctly (Tom Lane) - - - - This affects multicolumn NOT IN subplans, such as - WHERE (a, b) NOT IN (SELECT x, y FROM ...) - when for instance b and y are int4 - and int8 respectively. This mistake led to wrong answers - or crashes depending on the specific datatypes involved. - - - - - - Fix btree mark/restore functions to handle array keys (Tom Lane) - - - - This oversight could result in wrong answers from merge joins whose - inner side is an index scan using an - indexed_column = - ANY(array) condition. - - - - - - Revert patch for taking fewer snapshots (Tom Lane) - - - - The 9.2 change to reduce the number of snapshots taken during query - execution led to some anomalous behaviors not seen in previous - releases, because execution would proceed with a snapshot acquired - before locking the tables used by the query. Thus, for example, - a query would not be guaranteed to see updates committed by a - preceding transaction even if that transaction had exclusive lock. - We'll probably revisit this in future releases, but meanwhile put it - back the way it was before 9.2. - - - - - - Acquire buffer lock when re-fetching the old tuple for an - AFTER ROW UPDATE/DELETE trigger (Andres Freund) - - - - In very unusual circumstances, this oversight could result in passing - incorrect data to a trigger WHEN condition, or to the - precheck logic for a foreign-key enforcement trigger. That could - result in a crash, or in an incorrect decision about whether to - fire the trigger. - - - - - - Fix ALTER COLUMN TYPE to handle inherited check - constraints properly (Pavan Deolasee) - - - - This worked correctly in pre-8.4 releases, and now works correctly - in 8.4 and later. - - - - - - Fix ALTER EXTENSION SET SCHEMA's failure to move some - subsidiary objects into the new schema (Álvaro Herrera, Dimitri - Fontaine) - - - - - - Handle CREATE TABLE AS EXECUTE correctly in extended query - protocol (Tom Lane) - - - - - - Don't modify the input parse tree in DROP RULE IF NOT - EXISTS and DROP TRIGGER IF NOT EXISTS (Tom Lane) - - - - This mistake would cause errors if a cached statement of one of these - types was re-executed. - - - - - - Fix REASSIGN OWNED to handle grants on tablespaces - (Álvaro Herrera) - - - - - - Ignore incorrect pg_attribute entries for system - columns for views (Tom Lane) - - - - Views do not have any system columns. However, we forgot to - remove such entries when converting a table to a view. That's fixed - properly for 9.3 and later, but in previous branches we need to defend - against existing mis-converted views. - - - - - - Fix rule printing to dump INSERT INTO table - DEFAULT VALUES correctly (Tom Lane) - - - - - - Guard against stack overflow when there are too many - UNION/INTERSECT/EXCEPT clauses - in a query (Tom Lane) - - - - - - Prevent platform-dependent failures when dividing the minimum possible - integer value by -1 (Xi Wang, Tom Lane) - - - - - - Fix possible access past end of string in date parsing - (Hitoshi Harada) - - - - - - Fix failure to advance XID epoch if XID wraparound happens during a - checkpoint and wal_level is hot_standby - (Tom Lane, Andres Freund) - - - - While this mistake had no particular impact on - PostgreSQL itself, it was bad for - applications that rely on txid_current() and related - functions: the TXID value would appear to go backwards. - - - - - - Fix pg_terminate_backend() and - pg_cancel_backend() to not throw error for a non-existent - target process (Josh Kupershmidt) - - - - This case already worked as intended when called by a superuser, - but not so much when called by ordinary users. - - - - - - Fix display of - pg_stat_replication.sync_state at a - page boundary (Kyotaro Horiguchi) - - - - - - Produce an understandable error message if the length of the path name - for a Unix-domain socket exceeds the platform-specific limit - (Tom Lane, Andrew Dunstan) - - - - Formerly, this would result in something quite unhelpful, such as - Non-recoverable failure in name resolution. - - - - - - Fix memory leaks when sending composite column values to the client - (Tom Lane) - - - - - - Save some cycles by not searching for subtransaction locks at commit - (Simon Riggs) - - - - In a transaction holding many exclusive locks, this useless activity - could be quite costly. - - - - - - Make pg_ctl more robust about reading the - postmaster.pid file (Heikki Linnakangas) - - - - This fixes race conditions and possible file descriptor leakage. - - - - - - Fix possible crash in psql if incorrectly-encoded data - is presented and the client_encoding setting is a - client-only encoding, such as SJIS (Jiang Guiqing) - - - - - - Make pg_dump dump SEQUENCE SET items in - the data not pre-data section of the archive (Tom Lane) - - - - This fixes an undesirable inconsistency between the meanings of - - - - - - Fix pg_dump's handling of DROP DATABASE - commands in - - - Beginning in 9.2.0, pg_dump --clean would issue a - DROP DATABASE command, which was either useless or - dangerous depending on the usage scenario. It no longer does that. - This change also fixes the combination of - - - - - Fix pg_dump for views with circular dependencies and - no relation options (Tom Lane) - - - - The previous fix to dump relation options when a view is - involved in a circular dependency didn't work right for the case - that the view has no options; it emitted ALTER VIEW foo - SET () which is invalid syntax. - - - - - - Fix bugs in the restore.sql script emitted by - pg_dump in tar output format (Tom Lane) - - - - The script would fail outright on tables whose names include - upper-case characters. Also, make the script capable of restoring - data in - - - - - Fix pg_restore to accept POSIX-conformant - tar files (Brian Weaver, Tom Lane) - - - - The original coding of pg_dump's tar - output mode produced files that are not fully conformant with the - POSIX standard. This has been corrected for version 9.3. This - patch updates previous branches so that they will accept both the - incorrect and the corrected formats, in hopes of avoiding - compatibility problems when 9.3 comes out. - - - - - - Fix tar files emitted by pg_basebackup to - be POSIX conformant (Brian Weaver, Tom Lane) - - - - - - Fix pg_resetxlog to locate postmaster.pid - correctly when given a relative path to the data directory (Tom Lane) - - - - This mistake could lead to pg_resetxlog not noticing - that there is an active postmaster using the data directory. - - - - - - Fix libpq's lo_import() and - lo_export() functions to report file I/O errors properly - (Tom Lane) - - - - - - Fix ecpg's processing of nested structure pointer - variables (Muhammad Usama) - - - - - - Fix ecpg's ecpg_get_data function to - handle arrays properly (Michael Meskes) - - - - - - Prevent pg_upgrade from trying to process TOAST tables - for system catalogs (Bruce Momjian) - - - - This fixes an error seen when the information_schema has - been dropped and recreated. Other failures were also possible. - - - - - - Improve pg_upgrade performance by setting - synchronous_commit to off in the new cluster - (Bruce Momjian) - - - - - - Make contrib/pageinspect's btree page inspection - functions take buffer locks while examining pages (Tom Lane) - - - - - - Work around unportable behavior of malloc(0) and - realloc(NULL, 0) (Tom Lane) - - - - On platforms where these calls return NULL, some code - mistakenly thought that meant out-of-memory. - This is known to have broken pg_dump for databases - containing no user-defined aggregates. There might be other cases - as well. - - - - - - Ensure that make install for an extension creates the - extension installation directory (Cédric Villemain) - - - - Previously, this step was missed if MODULEDIR was set in - the extension's Makefile. - - - - - - Fix pgxs support for building loadable modules on AIX - (Tom Lane) - - - - Building modules outside the original source tree didn't work on AIX. - - - - - - Update time zone data files to tzdata release 2012j - for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western - Samoa, and portions of Brazil. - - - - - - - - - - Release 9.2.1 - - - Release date: - 2012-09-24 - - - - This release contains a variety of fixes from 9.2.0. - For information about new features in the 9.2 major release, see - . - - - - Migration to Version 9.2.1 - - - A dump/restore is not required for those running 9.2.X. - - - - However, you may need to perform REINDEX and/or - VACUUM operations to recover from the effects of the data - corruption bug described in the first changelog item below. - - - - - - Changes - - - - - - Fix persistence marking of shared buffers during WAL replay - (Jeff Davis) - - - - This mistake can result in buffers not being written out during - checkpoints, resulting in data corruption if the server later crashes - without ever having written those buffers. Corruption can occur on - any server following crash recovery, but it is significantly more - likely to occur on standby slave servers since those perform much - more WAL replay. There is a low probability of corruption of btree - and GIN indexes. There is a much higher probability of corruption - of table visibility maps, which might lead to wrong answers - from index-only scans. Table data proper cannot be corrupted by this - bug. - - - - While no index corruption due to this bug is known to have occurred - in the field, as a precautionary measure it is recommended that - production installations REINDEX all btree and GIN - indexes at a convenient time after upgrading to 9.2.1. - - - - Also, it is recommended to perform a VACUUM of all tables - while having vacuum_freeze_table_age - set to zero. This will fix any incorrect visibility map data. vacuum_cost_delay - can be adjusted to reduce the performance impact of vacuuming, while - causing it to take longer to finish. - - - - - - Fix possible incorrect sorting of output from queries involving - WHERE indexed_column IN - (list_of_values) (Tom Lane) - - - - - - Fix planner failure for queries involving GROUP BY - expressions along with window functions and aggregates (Tom Lane) - - - - - - Fix planner's assignment of executor parameters (Tom Lane) - - - - This error could result in wrong answers from queries that scan the - same WITH subquery multiple times. - - - - - - Improve planner's handling of join conditions in index scans (Tom Lane) - - - - - - Improve selectivity estimation for text search queries involving - prefixes, i.e. word:* patterns (Tom Lane) - - - - - - Fix delayed recognition of permissions changes (Tom Lane) - - - - A command that needed no locks other than ones its transaction already - had might fail to notice a concurrent GRANT or - REVOKE that committed since the start of its transaction. - - - - - - Fix ANALYZE to not fail when a column is a domain over an - array type (Tom Lane) - - - - - - Prevent PL/Perl from crashing if a recursive PL/Perl function is - redefined while being executed (Tom Lane) - - - - - - Work around possible misoptimization in PL/Perl (Tom Lane) - - - - Some Linux distributions contain an incorrect version of - pthread.h that results in incorrect compiled code in - PL/Perl, leading to crashes if a PL/Perl function calls another one - that throws an error. - - - - - - Remove unnecessary dependency on pg_config from - pg_upgrade (Peter Eisentraut) - - - - - - Update time zone data files to tzdata release 2012f - for DST law changes in Fiji - - - - - - - - - - Release 9.2 - - - Release date: - 2012-09-10 - - - - Overview - - - This release has been largely focused on performance improvements, though - new SQL features are not lacking. Work also continues in the area of - replication support. Major enhancements include: - - - - - - - - - Allow queries to retrieve data only from indexes, avoiding heap - access (index-only scans) - - - - - - Allow the planner to generate custom plans for specific parameter - values even when using prepared statements - - - - - - Improve the planner's ability to use nested loops with inner - index scans - - - - - - Allow streaming replication slaves to forward data to other slaves - (cascading - replication) - - - - - - Allow pg_basebackup - to make base backups from standby servers - - - - - - Add a pg_receivexlog - tool to archive WAL file changes as they are written - - - - - - Add the SP-GiST (Space-Partitioned - GiST) index access method - - - - - - Add support for range data types - - - - - - Add a JSON - data type - - - - - - Add a security_barrier - option for views - - - - - - Allow libpq connection strings to have the format of a - URI - - - - - - Add a single-row processing - mode to libpq for better handling of large - result sets - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.2 - - - A dump/restore using pg_dump, or use of - pg_upgrade, is required for those wishing - to migrate data from any previous release. - - - - Version 9.2 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - System Catalogs - - - - - - Remove the spclocation field from pg_tablespace - (Magnus Hagander) - - - - This field was duplicative of the symbolic links that actually define - tablespace locations, and thus risked errors of omission when moving - a tablespace. This change allows tablespace directories to be moved - while the server is down, by manually adjusting the symbolic links. - To replace this field, we have added pg_tablespace_location() - to allow querying of the symbolic links. - - - - - - Move tsvector most-common-element statistics to new - pg_stats columns - (Alexander Korotkov) - - - - Consult most_common_elems - and most_common_elem_freqs for the data formerly - available in most_common_vals - and most_common_freqs for a tsvector column. - - - - - - - - - Functions - - - - - - Remove hstore's => - operator (Robert Haas) - - - - Users should now use hstore(text, text). Since - PostgreSQL 9.0, a warning message has been - emitted when an operator named => is created because - the SQL standard reserves that token for - another use. - - - - - - Ensure that xpath() - escapes special characters in string values (Florian Pflug) - - - - Without this it is possible for the result not to be valid - XML. - - - - - - Make pg_relation_size() - and friends return NULL if the object does not exist (Phil Sorber) - - - - This prevents queries that call these functions from returning - errors immediately after a concurrent DROP. - - - - - - Make EXTRACT(EPOCH FROM - timestamp without time zone) - measure the epoch from local midnight, not UTC - midnight (Tom Lane) - - - - This change reverts an ill-considered change made in release 7.3. - Measuring from UTC midnight was inconsistent - because it made the result dependent on the timezone setting, which - computations for timestamp without time zone should not be. - The previous behavior remains available by casting the input value - to timestamp with time zone. - - - - - - Properly parse time strings with trailing yesterday, - today, and tomorrow (Dean Rasheed) - - - - Previously, SELECT '04:00:00 yesterday'::timestamp - returned yesterday's date at midnight. - - - - - - Fix to_date() and - to_timestamp() to wrap incomplete dates toward 2020 - (Bruce Momjian) - - - - Previously, supplied years and year masks of less than four digits - wrapped inconsistently. - - - - - - - - - Object Modification - - - - - - Prevent ALTER - DOMAIN from working on non-domain types (Peter - Eisentraut) - - - - Owner and schema changes were previously possible on non-domain - types. - - - - - - No longer forcibly lowercase procedural language names in CREATE FUNCTION - (Robert Haas) - - - - While unquoted language identifiers are still lowercased, strings - and quoted identifiers are no longer forcibly down-cased. - Thus for example CREATE FUNCTION ... LANGUAGE 'C' - will no longer work; it must be spelled 'c', or better - omit the quotes. - - - - - - Change system-generated names of foreign key enforcement triggers - (Tom Lane) - - - - This change ensures that the triggers fire in the correct order in - some corner cases involving self-referential foreign key constraints. - - - - - - - - - Command-Line Tools - - - - - - Provide consistent backquote, variable - expansion, and quoted substring behavior in psql meta-command - arguments (Tom Lane) - - - - Previously, such references were treated oddly when not separated by - whitespace from adjacent text. For example 'FOO'BAR was - output as FOO BAR (unexpected insertion of a space) and - FOO'BAR'BAZ was output unchanged (not removing the quotes - as most would expect). - - - - - - No longer treat clusterdb - table names as double-quoted; no longer treat reindexdb table - and index names as double-quoted (Bruce Momjian) - - - - Users must now include double-quotes in the command arguments if - quoting is wanted. - - - - - - createuser - no longer prompts for option settings by default (Peter Eisentraut) - - - - Use - - - - - Disable prompting for the user name in dropuser unless - - - - - - - - - Server Settings - - - - - - Add server parameters for specifying the locations of server-side - SSL files (Peter Eisentraut) - - - - This allows changing the names and locations of the files that were - previously hard-coded as server.crt, - server.key, root.crt, and - root.crl in the data directory. - The server will no longer examine root.crt or - root.crl by default; to load these files, the - associated parameters must be set to non-default values. - - - - - - Remove the silent_mode parameter (Heikki Linnakangas) - - - - Similar behavior can be obtained with pg_ctl start - -l postmaster.log. - - - - - - Remove the wal_sender_delay parameter, - as it is no longer needed (Tom Lane) - - - - - - Remove the custom_variable_classes parameter (Tom Lane) - - - - The checking provided by this setting was dubious. Now any - setting can be prefixed by any class name. - - - - - - - - Monitoring - - - - - - Rename pg_stat_activity.procpid - to pid, to match other system tables (Magnus Hagander) - - - - - - Create a separate pg_stat_activity column to - report process state (Scott Mead, Magnus Hagander) - - - - The previous query and query_start - values now remain available for an idle session, allowing enhanced - analysis. - - - - - - Rename pg_stat_activity.current_query to - query because it is not cleared when the query - completes (Magnus Hagander) - - - - - - Change all SQL-level statistics timing values - to be float8 columns measured in milliseconds (Tom Lane) - - - - This change eliminates the designed-in assumption that the values - are accurate to microseconds and no more (since the float8 - values can be fractional). - The columns affected are - pg_stat_user_functions.total_time, - pg_stat_user_functions.self_time, - pg_stat_xact_user_functions.total_time, - and - pg_stat_xact_user_functions.self_time. - The statistics functions underlying these columns now also return - float8 milliseconds, rather than bigint - microseconds. - contrib/pg_stat_statements' - total_time column is now also measured in - milliseconds. - - - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.2 and the previous major - release. - - - - Server - - - Performance - - - - - Allow queries to retrieve data only from indexes, avoiding heap - access (Robert Haas, Ibrar Ahmed, Heikki Linnakangas, Tom Lane) - - - - This feature is often called index-only scans. - Heap access can be skipped for heap pages containing only tuples that - are visible to all sessions, as reported by the visibility map; so - the benefit applies mainly to mostly-static data. The visibility map - was made crash-safe as a necessary part of implementing this feature. - - - - - - Add the SP-GiST (Space-Partitioned - GiST) index access method (Teodor Sigaev, Oleg Bartunov, Tom - Lane) - - - - SP-GiST is comparable to GiST in flexibility, but supports - unbalanced partitioned search structures rather than balanced - trees. For suitable problems, SP-GiST can be faster than GiST in both - index build time and search time. - - - - - - Allow group commit to work effectively under heavy load (Peter - Geoghegan, Simon Riggs, Heikki Linnakangas) - - - - Previously, batching of commits became ineffective as the write - workload increased, because of internal lock contention. - - - - - - Allow uncontended locks to be managed using a new - fast-path lock mechanism (Robert Haas) - - - - - - Reduce overhead of creating virtual transaction ID locks (Robert - Haas) - - - - - - Reduce the overhead of serializable isolation level locks (Dan - Ports) - - - - - - Improve PowerPC and Itanium spinlock performance (Manabu Ori, - Robert Haas, Tom Lane) - - - - - - Reduce overhead for shared invalidation cache messages (Robert - Haas) - - - - - - Move the frequently accessed members of the PGPROC - shared memory array to a separate array (Pavan - Deolasee, Heikki Linnakangas, Robert Haas) - - - - - - Improve COPY performance by adding tuples to - the heap in batches (Heikki Linnakangas) - - - - - - Improve GiST index performance for geometric data types by producing - better trees with less memory allocation overhead (Alexander Korotkov) - - - - - - Improve GiST index build times (Alexander Korotkov, Heikki - Linnakangas) - - - - - - Allow hint bits to be set sooner for temporary and unlogged tables - (Robert Haas) - - - - - - Allow sorting to be performed by inlined, - non-SQL-callable comparison functions (Peter - Geoghegan, Robert Haas, Tom Lane) - - - - - - Make the number of CLOG buffers scale based on shared_buffers - (Robert Haas, Simon Riggs, Tom Lane) - - - - - - Improve performance of buffer pool scans that occur when tables or - databases are dropped (Jeff Janes, Simon Riggs) - - - - - - Improve performance of checkpointer's fsync-request queue - when many tables are being dropped or truncated (Tom Lane) - - - - - - Pass the safe number of file descriptors to child processes on Windows - (Heikki Linnakangas) - - - - This allows Windows sessions to use more open file descriptors than - before. - - - - - - - - - Process Management - - - - - - Create a dedicated background process to perform checkpoints (Simon - Riggs) - - - - Formerly the background writer did both dirty-page writing and - checkpointing. Separating this into two processes allows each goal - to be accomplished more predictably. - - - - - - Improve asynchronous commit behavior by waking the walwriter sooner - (Simon Riggs) - - - - Previously, only wal_writer_delay - triggered WAL flushing to disk; now filling a - WAL buffer also triggers WAL - writes. - - - - - - Allow the bgwriter, walwriter, checkpointer, statistics collector, - log collector, and archiver background processes to sleep more - efficiently during periods of inactivity (Peter Geoghegan, Tom Lane) - - - - This series of changes reduces the frequency of process wake-ups when - there is nothing to do, dramatically reducing power consumption on - idle servers. - - - - - - - - - Optimizer - - - - - - Allow the planner to generate custom plans for specific parameter - values even when using prepared statements - (Tom Lane) - - - - In the past, a prepared statement always had a single - generic plan that was used for all parameter values, which - was frequently much inferior to the plans used for non-prepared - statements containing explicit constant values. Now, the planner - attempts to generate custom plans for specific parameter values. - A generic plan will only be used after custom plans have repeatedly - proven to provide no benefit. This change should eliminate the - performance penalties formerly seen from use of prepared statements - (including non-dynamic statements in PL/pgSQL). - - - - - - Improve the planner's ability to use nested loops with inner - index scans (Tom Lane) - - - - The new parameterized path mechanism allows inner - index scans to use values from relations that are more than one join - level up from the scan. This can greatly improve performance in - situations where semantic restrictions (such as outer joins) limit - the allowed join orderings. - - - - - - Improve the planning API for foreign data wrappers - (Etsuro Fujita, Shigeru Hanada, Tom Lane) - - - - Wrappers can now provide multiple access paths for their - tables, allowing more flexibility in join planning. - - - - - - Recognize self-contradictory restriction clauses for non-table - relations (Tom Lane) - - - - This check is only performed when constraint_exclusion - is on. - - - - - - Allow indexed_col op ANY(ARRAY[...]) conditions to be - used in plain index scans and index-only scans (Tom Lane) - - - - Formerly such conditions could only be used in bitmap index scans. - - - - - - Support MIN/MAX index optimizations on - boolean columns (Marti Raudsepp) - - - - - - Account for set-returning functions in SELECT target - lists when setting row count estimates (Tom Lane) - - - - - - Fix planner to handle indexes with duplicated columns more reliably - (Tom Lane) - - - - - - Collect and use element-frequency statistics for arrays (Alexander - Korotkov, Tom Lane) - - - - This change improves selectivity estimation for the array - <@, &&, and - @> operators (array containment and overlaps). - - - - - - Allow statistics to be collected for foreign tables - (Etsuro Fujita) - - - - - - Improve cost estimates for use of partial indexes (Tom Lane) - - - - - - Improve the planner's ability to use statistics for columns - referenced in subqueries (Tom Lane) - - - - - - Improve statistical estimates for subqueries using - DISTINCT (Tom Lane) - - - - - - - - - Authentication - - - - - - Do not treat role names and samerole specified in pg_hba.conf - as automatically including superusers (Andrew Dunstan) - - - - This makes it easier to use reject lines with group roles. - - - - - - Adjust pg_hba.conf processing to handle token - parsing more consistently (Brendan Jurd, Álvaro Herrera) - - - - - - Disallow empty pg_hba.conf files (Tom Lane) - - - - This was done to more quickly detect misconfiguration. - - - - - - Make superuser privilege imply replication privilege (Noah Misch) - - - - This avoids the need to explicitly assign such privileges. - - - - - - - - - Monitoring - - - - - - Attempt to log the current query string during a backend crash - (Marti Raudsepp) - - - - - - Make logging of autovacuum I/O activity more verbose (Greg - Smith, Noah Misch) - - - - This logging is triggered by log_autovacuum_min_duration. - - - - - - Make WAL replay report failures sooner - (Fujii Masao) - - - - There were some cases where failures were only reported once the - server went into master mode. - - - - - - Add pg_xlog_location_diff() - to simplify WAL location comparisons (Euler Taveira de Oliveira) - - - - This is useful for computing replication lag. - - - - - - Support configurable event log application names on Windows - (MauMau, Magnus Hagander) - - - - This allows different instances to use the event log - with different identifiers, by setting the event_source - server parameter, which is similar to how syslog_ident works. - - - - - - Change unexpected EOF messages to DEBUG1 level, - except when there is an open transaction (Magnus Hagander) - - - - This change reduces log chatter caused by applications that close - database connections ungracefully. - - - - - - - - - Statistical Views - - - - - - Track temporary file sizes and file counts in the pg_stat_database - system view (Tomas Vondra) - - - - - - Add a deadlock counter to the pg_stat_database - system view (Magnus Hagander) - - - - - - Add a server parameter track_io_timing - to track I/O timings (Ants Aasma, Robert Haas) - - - - - - Report checkpoint timing information in pg_stat_bgwriter - (Greg Smith, Peter Geoghegan) - - - - - - - - - Server Settings - - - - - - Silently ignore nonexistent schemas specified in search_path (Tom Lane) - - - - This makes it more convenient to use generic path settings, which - might include some schemas that don't exist in all databases. - - - - - - Allow superusers to set deadlock_timeout - per-session, not just per-cluster (Noah Misch) - - - - This allows deadlock_timeout to be reduced for - transactions that are likely to be involved in a deadlock, thus - detecting the failure more quickly. Alternatively, increasing the - value can be used to reduce the chances of a session being chosen for - cancellation due to a deadlock. - - - - - - Add a server parameter temp_file_limit - to constrain temporary file space usage per session (Mark Kirkwood) - - - - - - Allow a superuser to SET an extension's - superuser-only custom variable before loading the associated - extension (Tom Lane) - - - - The system now remembers whether a SET was - performed by a superuser, so that proper privilege checking can be - done when the extension is loaded. - - - - - - Add postmaster - - - This allows pg_ctl to better handle cases where - PGDATA or - - - - - Replace an empty locale name with the implied value in - CREATE DATABASE - (Tom Lane) - - - - This prevents cases where - pg_database.datcollate or - datctype could be interpreted differently after a - server restart. - - - - - - - <filename>postgresql.conf</filename> - - - - - - Allow multiple errors in postgresql.conf - to be reported, rather than just the first one (Alexey Klyukin, - Tom Lane) - - - - - - Allow a reload of postgresql.conf to be - processed by all sessions, even if there are some settings that - are invalid for particular sessions (Alexey Klyukin) - - - - Previously, such not-valid-within-session values would cause all - setting changes to be ignored by that session. - - - - - - Add an include_if_exists facility for configuration - files (Greg Smith) - - - - This works the same as include, except that an error - is not thrown if the file is missing. - - - - - - Identify the server time zone during initdb, and set - postgresql.conf entries - timezone and - log_timezone - accordingly (Tom Lane) - - - - This avoids expensive time zone probes during server start. - - - - - - Fix pg_settings to - report postgresql.conf line numbers on Windows - (Tom Lane) - - - - - - - - - - - - - Replication and Recovery - - - - - - Allow streaming replication slaves to forward data to other slaves - (cascading - replication) (Fujii Masao) - - - - Previously, only the master server could supply streaming - replication log files to standby servers. - - - - - - Add new synchronous_commit - mode remote_write (Fujii Masao, Simon Riggs) - - - - This mode waits for the standby server to write transaction data to - its own operating system, but does not wait for the data to be - flushed to the standby's disk. - - - - - - Add a pg_receivexlog - tool to archive WAL file changes as they are written, rather - than waiting for completed WAL files (Magnus Hagander) - - - - - - Allow pg_basebackup - to make base backups from standby servers (Jun Ishizuka, Fujii Masao) - - - - This feature lets the work of making new base backups be off-loaded - from the primary server. - - - - - - Allow streaming of WAL files while pg_basebackup - is performing a backup (Magnus Hagander) - - - - This allows passing of WAL files to the standby before they are - discarded on the primary. - - - - - - - - - Queries - - - - - - Cancel the running query if the client gets disconnected - (Florian Pflug) - - - - If the backend detects loss of client connection during a query, it - will now cancel the query rather than attempting to finish it. - - - - - - Retain column names at run time for row expressions - (Andrew Dunstan, Tom Lane) - - - - This change allows better results when a row value is converted to - hstore or json type: the fields of the resulting - value will now have the expected names. - - - - - - Improve column labels used for sub-SELECT results - (Marti Raudsepp) - - - - Previously, the generic label ?column? was used. - - - - - - Improve heuristics for determining the types of unknown values - (Tom Lane) - - - - The longstanding rule that an unknown constant might have the - same type as the value on the other side of the operator using it - is now applied when considering polymorphic operators, not only - for simple operator matches. - - - - - - Warn about creating casts to or from domain types (Robert Haas) - - - - Such casts have no effect. - - - - - - When a row fails a CHECK or NOT NULL - constraint, show the row's contents as error detail (Jan - Kundrát) - - - - This should make it easier to identify which row is problematic - when an insert or update is processing many rows. - - - - - - - - - Object Manipulation - - - - - - Provide more reliable operation during concurrent - DDL (Robert Haas, Noah Misch) - - - - This change adds locking that should eliminate cache lookup - failed errors in many scenarios. Also, it is no longer possible - to add relations to a schema that is being concurrently dropped, a - scenario that formerly led to inconsistent system catalog contents. - - - - - - Add CONCURRENTLY option to DROP INDEX - (Simon Riggs) - - - - This allows index removal without blocking other sessions. - - - - - - Allow foreign data wrappers to have per-column options (Shigeru Hanada) - - - - - - Improve pretty-printing of view definitions (Andrew Dunstan) - - - - - - - Constraints - - - - - - Allow CHECK - constraints to be declared NOT VALID (Álvaro - Herrera) - - - - Adding a NOT VALID constraint does not cause the table to - be scanned to verify that existing rows meet the constraint. - Subsequently, newly added or updated rows are checked. - Such constraints are ignored by the planner when considering - constraint_exclusion, since it is not certain that all - rows meet the constraint. - - - - The new ALTER TABLE VALIDATE command allows NOT - VALID constraints to be checked for existing rows, after which - they are converted into ordinary constraints. - - - - - - Allow CHECK constraints to be declared NO - INHERIT (Nikhil Sontakke, Alex Hunsaker, Álvaro Herrera) - - - - This makes them enforceable only on the parent table, not on - child tables. - - - - - - Add the ability to rename - constraints (Peter Eisentraut) - - - - - - - - <command>ALTER</> - - - - - - Reduce need to rebuild tables and indexes for certain ALTER TABLE - ... ALTER COLUMN TYPE operations (Noah Misch) - - - - Increasing the length limit for a varchar or varbit - column, or removing the limit altogether, no longer requires a table - rewrite. Similarly, increasing the allowable precision of a - numeric column, or changing a column from constrained - numeric to unconstrained numeric, no longer - requires a table rewrite. Table rewrites are also avoided in similar - cases involving the interval, timestamp, and - timestamptz types. - - - - - - Avoid having ALTER - TABLE revalidate foreign key constraints in some - cases where it is not necessary (Noah Misch) - - - - - - Add IF EXISTS options to some ALTER - commands (Pavel Stehule) - - - - For example, ALTER FOREIGN TABLE IF EXISTS foo RENAME - TO bar. - - - - - - Add ALTER - FOREIGN DATA WRAPPER ... RENAME - and ALTER - SERVER ... RENAME (Peter Eisentraut) - - - - - - Add ALTER - DOMAIN ... RENAME (Peter Eisentraut) - - - - You could already rename domains using ALTER - TYPE. - - - - - - Throw an error for ALTER DOMAIN ... DROP - CONSTRAINT on a nonexistent constraint (Peter Eisentraut) - - - - An IF EXISTS option has been added to provide the - previous behavior. - - - - - - - - - <link linkend="SQL-CREATETABLE"><command>CREATE TABLE</></link> - - - - - - Allow CREATE TABLE (LIKE ...) from foreign - tables, views, and composite types (Peter Eisentraut) - - - - For example, this allows a table to be created whose schema matches a - view. - - - - - - Fix CREATE TABLE (LIKE ...) to avoid index name - conflicts when copying index comments (Tom Lane) - - - - - - Fix CREATE TABLE ... AS EXECUTE - to handle WITH NO DATA and column name specifications - (Tom Lane) - - - - - - - - - Object Permissions - - - - - - Add a security_barrier - option for views (KaiGai Kohei, Robert Haas) - - - - This option prevents optimizations that might allow view-protected - data to be exposed to users, for example pushing a clause involving - an insecure function into the WHERE clause of the view. - Such views can be expected to perform more poorly than ordinary - views. - - - - - - Add a new LEAKPROOF function - attribute to mark functions that can safely be pushed down - into security_barrier views (KaiGai Kohei) - - - - - - Add support for privileges on data types (Peter Eisentraut) - - - - This adds support for the SQL-conforming - USAGE privilege on types and domains. The intent is - to be able to restrict which users can create dependencies on types, - since such dependencies limit the owner's ability to alter the type. - - - - - - Check for INSERT privileges in SELECT - INTO / CREATE TABLE AS (KaiGai Kohei) - - - - Because the object is being created by SELECT INTO - or CREATE TABLE AS, the creator would ordinarily - have insert permissions; but there are corner cases where this is not - true, such as when ALTER DEFAULT PRIVILEGES has removed - such permissions. - - - - - - - - - - - Utility Operations - - - - - - Allow VACUUM to more - easily skip pages that cannot be locked (Simon Riggs, Robert Haas) - - - - This change should greatly reduce the incidence of VACUUM - getting stuck waiting for other sessions. - - - - - - Make EXPLAIN - (BUFFERS) count blocks dirtied and written (Robert Haas) - - - - - - Make EXPLAIN ANALYZE report the number of rows - rejected by filter steps (Marko Tiikkaja) - - - - - - Allow EXPLAIN ANALYZE to avoid timing overhead when - time values are not wanted (Tomas Vondra) - - - - This is accomplished by setting the new TIMING option to - FALSE. - - - - - - - - - Data Types - - - - - - Add support for range data types - (Jeff Davis, Tom Lane, Alexander Korotkov) - - - - A range data type stores a lower and upper bound belonging to its - base data type. It supports operations like contains, overlaps, and - intersection. - - - - - - Add a JSON - data type (Robert Haas) - - - - This type stores JSON (JavaScript Object Notation) - data with proper validation. - - - - - - Add array_to_json() - and row_to_json() (Andrew Dunstan) - - - - - - Add a SMALLSERIAL - data type (Mike Pultz) - - - - This is like SERIAL, except it stores the sequence in - a two-byte integer column (int2). - - - - - - Allow domains to be - declared NOT VALID (Álvaro Herrera) - - - - This option can be set at domain creation time, or via ALTER - DOMAIN ... ADD CONSTRAINT ... NOT - VALID. ALTER DOMAIN ... VALIDATE - CONSTRAINT fully validates the constraint. - - - - - - Support more locale-specific formatting options for the money data type (Tom Lane) - - - - Specifically, honor all the POSIX options for ordering of the value, - sign, and currency symbol in monetary output. Also, make sure that - the thousands separator is only inserted to the left of the decimal - point, as required by POSIX. - - - - - - Add bitwise and, or, and not - operators for the macaddr data type (Brendan Jurd) - - - - - - Allow xpath() to - return a single-element XML array when supplied a - scalar value (Florian Pflug) - - - - Previously, it returned an empty array. This change will also - cause xpath_exists() to return true, not false, - for such expressions. - - - - - - Improve XML error handling to be more robust - (Florian Pflug) - - - - - - - - - Functions - - - - - - Allow non-superusers to use pg_cancel_backend() - and pg_terminate_backend() - on other sessions belonging to the same user - (Magnus Hagander, Josh Kupershmidt, Dan Farina) - - - - Previously only superusers were allowed to use these functions. - - - - - - Allow importing and exporting of transaction snapshots (Joachim - Wieland, Tom Lane) - - - - This allows multiple transactions to share identical views of the - database state. - Snapshots are exported via pg_export_snapshot() - and imported via SET - TRANSACTION SNAPSHOT. Only snapshots from - currently-running transactions can be imported. - - - - - - Support COLLATION - FOR on expressions (Peter Eisentraut) - - - - This returns a string representing the collation of the expression. - - - - - - Add pg_opfamily_is_visible() - (Josh Kupershmidt) - - - - - - Add a numeric variant of pg_size_pretty() - for use with pg_xlog_location_diff() (Fujii Masao) - - - - - - Add a pg_trigger_depth() - function (Kevin Grittner) - - - - This reports the current trigger call depth. - - - - - - Allow string_agg() - to process bytea values (Pavel Stehule) - - - - - - Fix regular expressions in which a back-reference occurs within - a larger quantified subexpression (Tom Lane) - - - - For example, ^(\w+)( \1)+$. Previous releases did not - check that the back-reference actually matched the first occurrence. - - - - - - - - - <link linkend="information-schema">Information Schema</link> - - - - - - Add information schema views - role_udt_grants, udt_privileges, - and user_defined_types (Peter Eisentraut) - - - - - - Add composite-type attributes to the - information schema element_types view - (Peter Eisentraut) - - - - - - Implement interval_type columns in the information - schema (Peter Eisentraut) - - - - Formerly these columns read as nulls. - - - - - - Implement collation-related columns in the information schema - attributes, columns, - domains, and element_types - views (Peter Eisentraut) - - - - - - Implement the with_hierarchy column in the - information schema table_privileges view (Peter - Eisentraut) - - - - - - Add display of sequence USAGE privileges to information - schema (Peter Eisentraut) - - - - - - Make the information schema show default privileges (Peter - Eisentraut) - - - - Previously, non-empty default permissions were not represented in the - views. - - - - - - - - - Server-Side Languages - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Allow the PL/pgSQL OPEN cursor command to supply - parameters by name (Yeb Havinga) - - - - - - Add a GET STACKED DIAGNOSTICS PL/pgSQL command - to retrieve exception info (Pavel Stehule) - - - - - - Speed up PL/pgSQL array assignment by caching type information - (Pavel Stehule) - - - - - - Improve performance and memory consumption for long chains of - ELSIF clauses (Tom Lane) - - - - - - Output the function signature, not just the name, in PL/pgSQL - error messages (Pavel Stehule) - - - - - - - - - <link linkend="plpython">PL/Python</link> Server-Side Language - - - - - - Add PL/Python SPI cursor support (Jan - Urbanski) - - - - This allows PL/Python to read partial result sets. - - - - - - Add result metadata functions to PL/Python (Peter Eisentraut) - - - - Specifically, this adds result object functions - .colnames, .coltypes, and - .coltypmods. - - - - - - Remove support for Python 2.2 (Peter Eisentraut) - - - - - - - - - <link linkend="xfunc-sql">SQL</link> Server-Side Language - - - - - Allow SQL-language functions to reference - parameters by name (Matthew Draper) - - - - To use this, simply name the function arguments and then reference - the argument names in the SQL function body. - - - - - - - - - - Client Applications - - - - - - Add initdb - options - - - This allows separate control of local and - host pg_hba.conf authentication - settings. - - - - - Add - - - - - Add the - - - - - Give command-line tools the ability to specify the name of the - database to connect to, and fall back to template1 - if a postgres database connection fails (Robert Haas) - - - - - - - <link linkend="APP-PSQL"><application>psql</></link> - - - - - - Add a display mode to auto-expand output based on the - display width (Peter Eisentraut) - - - - This adds the auto option to the \x - command, which switches to the expanded mode when the normal - output would be wider than the screen. - - - - - - Allow inclusion of a script file that is named relative to the - directory of the file from which it was invoked (Gurjeet Singh) - - - - This is done with a new command \ir. - - - - - - Add support for non-ASCII characters in - psql variable names (Tom Lane) - - - - - - Add support for major-version-specific .psqlrc files - (Bruce Momjian) - - - - psql already supported minor-version-specific - .psqlrc files. - - - - - - Provide environment variable overrides for psql - history and startup file locations (Andrew Dunstan) - - - - PSQL_HISTORY and PSQLRC now - determine these file names if set. - - - - - - Add a \setenv command to modify - the environment variables passed to child processes (Andrew Dunstan) - - - - - - Name psql's temporary editor files with a - .sql extension (Peter Eisentraut) - - - - This allows extension-sensitive editors to select the right mode. - - - - - - Allow psql to use zero-byte field and record - separators (Peter Eisentraut) - - - - Various shell tools use zero-byte (NUL) separators, - e.g. find. - - - - - - Make the \timing option report times for - failed queries (Magnus Hagander) - - - - Previously times were reported only for successful queries. - - - - - - Unify and tighten psql's treatment of \copy - and SQL COPY (Noah Misch) - - - - This fix makes failure behavior more predictable and honors - \set ON_ERROR_ROLLBACK. - - - - - - - - - Informational Commands - - - - - Make \d on a sequence show the - table/column name owning it (Magnus Hagander) - - - - - - Show statistics target for columns in \d+ (Magnus - Hagander) - - - - - - Show role password expiration dates in \du - (Fabrízio de Royes Mello) - - - - - - Display comments for casts, conversions, domains, and languages - (Josh Kupershmidt) - - - - These are included in the output of \dC+, - \dc+, \dD+, and \dL respectively. - - - - - - Display comments for SQL/MED - objects (Josh Kupershmidt) - - - - These are included in the output of \des+, - \det+, and \dew+ for foreign servers, foreign - tables, and foreign data wrappers respectively. - - - - - - Change \dd to display comments only for object types - without their own backslash command (Josh Kupershmidt) - - - - - - - - - Tab Completion - - - - - - In psql tab completion, complete SQL - keywords in either upper or lower case according to the new COMP_KEYWORD_CASE - setting (Peter Eisentraut) - - - - - - Add tab completion support for - EXECUTE (Andreas Karlsson) - - - - - - Allow tab completion of role references in - GRANT/REVOKE (Peter - Eisentraut) - - - - - - Allow tab completion of file names to supply quotes, when necessary - (Noah Misch) - - - - - - Change tab completion support for - TABLE to also include views (Magnus Hagander) - - - - - - - - - <link linkend="APP-PGDUMP"><application>pg_dump</></link> - - - - - - Add an - - - This allows dumping of a table's definition but not its data, - on a per-table basis. - - - - - - Add a - - - Valid values are pre-data, data, - and post-data. The option can be - given more than once to select two or more sections. - - - - - - Make pg_dumpall dump all - roles first, then all configuration settings on roles (Phil Sorber) - - - - This allows a role's configuration settings to mention other - roles without generating an error. - - - - - - Allow pg_dumpall to avoid errors if the - postgres database is missing in the new cluster - (Robert Haas) - - - - - - Dump foreign server user mappings in user name order (Peter - Eisentraut) - - - - This helps produce deterministic dump files. - - - - - - Dump operators in a predictable order (Peter Eisentraut) - - - - - - Tighten rules for when extension configuration tables are dumped - by pg_dump (Tom Lane) - - - - - - Make pg_dump emit more useful dependency - information (Tom Lane) - - - - The dependency links included in archive-format dumps were formerly - of very limited use, because they frequently referenced objects that - appeared nowhere in the dump. Now they represent actual dependencies - (possibly indirect) among the dumped objects. - - - - - - Improve pg_dump's performance when dumping many - database objects (Tom Lane) - - - - - - - - - - - <link linkend="libpq"><application>libpq</></link> - - - - - - Allow libpq connection strings to have the format of a - URI - (Alexander Shulgin) - - - - The syntax begins with postgres://. This can allow - applications to avoid implementing their own parser for URIs - representing database connections. - - - - - - Add a connection - option to disable SSL compression - (Laurenz Albe) - - - - This can be used to remove the overhead of SSL - compression on fast networks. - - - - - - Add a single-row processing - mode for better handling of large result sets - (Kyotaro Horiguchi, Marko Kreen) - - - - Previously, libpq always collected the entire query - result in memory before passing it back to the application. - - - - - - Add const qualifiers to the declarations of the functions - PQconnectdbParams, PQconnectStartParams, - and PQpingParams (Lionel Elie Mamane) - - - - - - Allow the .pgpass file to include escaped characters - in the password field (Robert Haas) - - - - - - Make library functions use abort() instead of - exit() when it is necessary to terminate the process - (Peter Eisentraut) - - - - This choice does not interfere with the normal exit codes used by the - program, and generates a signal that can be caught by the caller. - - - - - - - - - Source Code - - - - - - Remove dead ports (Peter Eisentraut) - - - - The following platforms are no longer supported: dgux, - nextstep, sunos4, svr4, ultrix4, univel, bsdi. - - - - - - Add support for building with MS - Visual Studio 2010 (Brar Piening) - - - - - - Enable compiling with the MinGW-w64 32-bit compiler (Lars Kanis) - - - - - - Install plpgsql.h into include/server during installation - (Heikki Linnakangas) - - - - - - Improve the latch facility to include detection of postmaster death - (Peter Geoghegan, Heikki Linnakangas, Tom Lane) - - - - This eliminates one of the main reasons that background processes - formerly had to wake up to poll for events. - - - - - - Use C flexible array members, where supported (Peter Eisentraut) - - - - - - Improve the concurrent transaction regression tests - (isolationtester) (Noah Misch) - - - - - - Modify thread_test to create its test files in - the current directory, rather than /tmp (Bruce Momjian) - - - - - - Improve flex and bison warning and error reporting (Tom Lane) - - - - - - Add memory barrier support (Robert Haas) - - - - This is currently unused. - - - - - - Modify pgindent to use a typedef file (Bruce Momjian) - - - - - - Add a hook for processing messages due to be sent to the server - log (Martin Pihlak) - - - - - - Add object access hooks for DROP commands - (KaiGai Kohei) - - - - - - Centralize DROP handling for some object types - (KaiGai Kohei) - - - - - - Add a pg_upgrade test suite (Peter Eisentraut) - - - - - - Sync regular expression code with TCL 8.5.11 - and improve internal processing (Tom Lane) - - - - - - Move CRC tables to libpgport, and provide them - in a separate include file (Daniel Farina) - - - - - - Add options to git_changelog for use in major - release note creation (Bruce Momjian) - - - - - - Support Linux's /proc/self/oom_score_adj API (Tom Lane) - - - - - - - - - Additional Modules - - - - - - Improve efficiency of dblink by using - libpq's new single-row processing mode (Kyotaro Horiguchi, Marko - Kreen) - - - - This improvement does not apply to - dblink_send_query()/dblink_get_result(). - - - - - - Support force_not_null option in file_fdw (Shigeru Hanada) - - - - - - Implement dry-run mode for pg_archivecleanup - (Gabriele Bartolini) - - - - This only outputs the names of files to be deleted. - - - - - - Add new pgbench switches - - - - - - Change pg_test_fsync to test - for a fixed amount of time, rather than a fixed number of cycles - (Bruce Momjian) - - - - The - - - - - Add a pg_test_timing - utility to measure clock monotonicity and timing overhead (Ants - Aasma, Greg Smith) - - - - - - Add a tcn (triggered change notification) - module to generate NOTIFY events on table changes - (Kevin Grittner) - - - - - - - <link linkend="pgupgrade"><application>pg_upgrade</></link> - - - - - - Adjust pg_upgrade environment variables (Bruce - Momjian) - - - - Rename data, bin, and port environment - variables to begin with PG, and support - PGPORTOLD/PGPORTNEW, to replace - PGPORT. - - - - - - Overhaul pg_upgrade logging and failure reporting - (Bruce Momjian) - - - - Create four append-only log files, and delete them on success. - Add - - - - - Make pg_upgrade create a script to incrementally - generate more accurate optimizer statistics (Bruce Momjian) - - - - This reduces the time needed to generate minimal cluster statistics - after an upgrade. - - - - - - Allow pg_upgrade to upgrade an old cluster that - does not have a postgres database (Bruce Momjian) - - - - - - Allow pg_upgrade to handle cases where some - old or new databases are missing, as long as they are empty - (Bruce Momjian) - - - - - - Allow pg_upgrade to handle configuration-only - directory installations (Bruce Momjian) - - - - - - In pg_upgrade, add - - - This is useful for configuration-only directory installs. - - - - - - Change pg_upgrade to use port 50432 by default - (Bruce Momjian) - - - - This helps avoid unintended client connections during the upgrade. - - - - - - Reduce cluster locking in pg_upgrade (Bruce - Momjian) - - - - Specifically, only lock the old cluster if link mode is used, - and do it right after the schema is restored. - - - - - - - - - <link linkend="pgstatstatements"><application>pg_stat_statements</></link> - - - - - - Allow pg_stat_statements to aggregate similar - queries via SQL text normalization (Peter Geoghegan, Tom Lane) - - - - Users with applications that use non-parameterized SQL will now - be able to monitor query performance without detailed log analysis. - - - - - - Add dirtied and written block counts and read/write times to - pg_stat_statements (Robert Haas, Ants Aasma) - - - - - - Prevent pg_stat_statements from double-counting - PREPARE and EXECUTE commands - (Tom Lane) - - - - - - - - - <link linkend="sepgsql">sepgsql</link> - - - - - Support SECURITY LABEL on global objects (KaiGai - Kohei, Robert Haas) - - - - Specifically, add security labels to databases, - tablespaces, and roles. - - - - - - Allow sepgsql to honor database labels (KaiGai Kohei) - - - - - - Perform sepgsql permission checks during the creation of various - objects (KaiGai Kohei) - - - - - - Add sepgsql_setcon() and related functions to control - the sepgsql security domain (KaiGai Kohei) - - - - - - Add a user space access cache to sepgsql to improve performance - (KaiGai Kohei) - - - - - - - - - - Documentation - - - - - - Add a rule to optionally build HTML documentation using the - stylesheet from the website (Magnus Hagander) - - - - Use gmake STYLE=website draft. - - - - - - Improve EXPLAIN documentation (Tom Lane) - - - - - - Document that user/database names are preserved with double-quoting - by command-line tools like vacuumdb (Bruce - Momjian) - - - - - - Document the actual string returned by the client for MD5 - authentication (Cyan Ogilvie) - - - - - - Deprecate use of GLOBAL and LOCAL in - CREATE TEMP TABLE (Noah Misch) - - - - PostgreSQL has long treated these keyword as no-ops, - and continues to do so; but in future they might mean what the SQL - standard says they mean, so applications should avoid using them. - - - - - - - - - diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml deleted file mode 100644 index 1b770447da..0000000000 --- a/doc/src/sgml/release-9.3.sgml +++ /dev/null @@ -1,14551 +0,0 @@ - - - - - Release 9.3.25 - - - Release date: - 2018-11-08 - - - - This release contains a variety of fixes from 9.3.24. - For information about new features in the 9.3 major release, see - . - - - - This is expected to be the last PostgreSQL - release in the 9.3.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 9.3.25 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.23, - see . - - - - - Changes - - - - - - Fix corner-case failures - in has_foo_privilege() - family of functions (Tom Lane) - - - - Return NULL rather than throwing an error when an invalid object OID - is provided. Some of these functions got that right already, but not - all. has_column_privilege() was additionally - capable of crashing on some platforms. - - - - - - Avoid O(N^2) slowdown in regular expression match/split functions on - long strings (Andrew Gierth) - - - - - - Avoid O(N^3) slowdown in lexer for long strings - of + or - characters - (Andrew Gierth) - - - - - - Fix mis-execution of SubPlans when the outer query is being scanned - backwards (Andrew Gierth) - - - - - - Fix failure of UPDATE/DELETE ... WHERE CURRENT OF ... - after rewinding the referenced cursor (Tom Lane) - - - - A cursor that scans multiple relations (particularly an inheritance - tree) could produce wrong behavior if rewound to an earlier relation. - - - - - - Fix EvalPlanQual to handle conditionally-executed - InitPlans properly (Andrew Gierth, Tom Lane) - - - - This resulted in hard-to-reproduce crashes or wrong answers in - concurrent updates, if they contained code such as an uncorrelated - sub-SELECT inside a CASE - construct. - - - - - - Fix character-class checks to not fail on Windows for Unicode - characters above U+FFFF (Tom Lane, Kenji Uno) - - - - This bug affected full-text-search operations, as well - as contrib/ltree - and contrib/pg_trgm. - - - - - - Ensure that sequences owned by a foreign table are processed - by ALTER OWNER on the table (Peter Eisentraut) - - - - The ownership change should propagate to such sequences as well, but - this was missed for foreign tables. - - - - - - Fix over-allocation of space for array_out()'s - result string (Keiichi Hirobe) - - - - - - Fix memory leak in repeated SP-GiST index scans (Tom Lane) - - - - This is only known to amount to anything significant in cases where - an exclusion constraint using SP-GiST receives many new index entries - in a single command. - - - - - - Avoid crash if a utility command causes infinite recursion (Tom Lane) - - - - - - When initializing a hot standby, cope with duplicate XIDs caused by - two-phase transactions on the master - (Michael Paquier, Konstantin Knizhnik) - - - - - - Randomize the random() seed in bootstrap and - standalone backends, and in initdb - (Noah Misch) - - - - The main practical effect of this change is that it avoids a scenario - where initdb might mistakenly conclude that - POSIX shared memory is not available, due to name collisions caused by - always using the same random seed. - - - - - - Ensure that hot standby processes use the correct WAL consistency - point (Alexander Kukushkin, Michael Paquier) - - - - This prevents possible misbehavior just after a standby server has - reached a consistent database state during WAL replay. - - - - - - Don't run atexit callbacks when servicing SIGQUIT - (Heikki Linnakangas) - - - - - - Don't record foreign-server user mappings as members of extensions - (Tom Lane) - - - - If CREATE USER MAPPING is executed in an extension - script, an extension dependency was created for the user mapping, - which is unexpected. Roles can't be extension members, so user - mappings shouldn't be either. - - - - - - Make syslogger more robust against failures in opening CSV log files - (Tom Lane) - - - - - - Fix possible inconsistency in pg_dump's - sorting of dissimilar object names (Jacob Champion) - - - - - - Ensure that pg_restore will schema-qualify - the table name when - emitting DISABLE/ENABLE TRIGGER - commands (Tom Lane) - - - - This avoids failures due to the new policy of running restores with - restrictive search path. - - - - - - Fix pg_upgrade to handle event triggers in - extensions correctly (Haribabu Kommi) - - - - pg_upgrade failed to preserve an event - trigger's extension-membership status. - - - - - - Fix pg_upgrade's cluster state check to - work correctly on a standby server (Bruce Momjian) - - - - - - Enforce type cube's dimension limit in - all contrib/cube functions (Andrey Borodin) - - - - Previously, some cube-related functions could construct values that - would be rejected by cube_in(), leading to - dump/reload failures. - - - - - - Fix contrib/unaccent's - unaccent() function to use - the unaccent text search dictionary that is in the - same schema as the function (Tom Lane) - - - - Previously it tried to look up the dictionary using the search path, - which could fail if the search path has a restrictive value. - - - - - - Fix build problems on macOS 10.14 (Mojave) (Tom Lane) - - - - Adjust configure to add - an switch to CPPFLAGS; - without this, PL/Perl and PL/Tcl fail to configure or build on macOS - 10.14. The specific sysroot used can be overridden at configure time - or build time by setting the PG_SYSROOT variable in - the arguments of configure - or make. - - - - It is now recommended that Perl-related extensions - write $(perl_includespec) rather - than -I$(perl_archlibexp)/CORE in their compiler - flags. The latter continues to work on most platforms, but not recent - macOS. - - - - Also, it should no longer be necessary to - specify manually to get PL/Tcl to - build on recent macOS releases. - - - - - - Fix MSVC build and regression-test scripts to work on recent Perl - versions (Andrew Dunstan) - - - - Perl no longer includes the current directory in its search path - by default; work around that. - - - - - - Support building on Windows with Visual Studio 2015 or Visual Studio 2017 - (Michael Paquier, Haribabu Kommi) - - - - - - Allow btree comparison functions to return INT_MIN - (Tom Lane) - - - - Up to now, we've forbidden datatype-specific comparison functions from - returning INT_MIN, which allows callers to invert - the sort order just by negating the comparison result. However, this - was never safe for comparison functions that directly return the - result of memcmp(), strcmp(), - etc, as POSIX doesn't place any such restriction on those functions. - At least some recent versions of memcmp() can - return INT_MIN, causing incorrect sort ordering. - Hence, we've removed this restriction. Callers must now use - the INVERT_COMPARE_RESULT() macro if they wish to - invert the sort order. - - - - - - Fix recursion hazard in shared-invalidation message processing - (Tom Lane) - - - - This error could, for example, result in failure to access a system - catalog or index that had just been processed by VACUUM - FULL. - - - - This change adds a new result code - for LockAcquire, which might possibly affect - external callers of that function, though only very unusual usage - patterns would have an issue with it. The API - of LockAcquireExtended is also changed. - - - - - - Save and restore SPI's global variables - during SPI_connect() - and SPI_finish() (Chapman Flack, Tom Lane) - - - - This prevents possible interference when one SPI-using function calls - another. - - - - - - Provide ALLOCSET_DEFAULT_SIZES and sibling macros - in back branches (Tom Lane) - - - - These macros have existed since 9.6, but there were requests to add - them to older branches to allow extensions to rely on them without - branch-specific coding. - - - - - - Avoid using potentially-under-aligned page buffers (Tom Lane) - - - - Invent new union types PGAlignedBlock - and PGAlignedXLogBlock, and use these in place of plain - char arrays, ensuring that the compiler can't place the buffer at a - misaligned start address. This fixes potential core dumps on - alignment-picky platforms, and may improve performance even on - platforms that allow misalignment. - - - - - - Make src/port/snprintf.c follow the C99 - standard's definition of snprintf()'s result - value (Tom Lane) - - - - On platforms where this code is used (mostly Windows), its pre-C99 - behavior could lead to failure to detect buffer overrun, if the - calling code assumed C99 semantics. - - - - - - When building on i386 with the clang - compiler, require to be used (Andres Freund) - - - - This avoids problems with missed floating point overflow checks. - - - - - - Fix configure's detection of the result - type of strerror_r() (Tom Lane) - - - - The previous coding got the wrong answer when building - with icc on Linux (and perhaps in other - cases), leading to libpq not returning - useful error messages for system-reported errors. - - - - - - Update time zone data files to tzdata - release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia - (Volgograd), plus historical corrections for China, Hawaii, Japan, - Macau, and North Korea. - - - - - - - - - - Release 9.3.24 - - - Release date: - 2018-08-09 - - - - This release contains a variety of fixes from 9.3.23. - For information about new features in the 9.3 major release, see - . - - - - The PostgreSQL community will stop releasing - updates for the 9.3.X release series shortly after September 2018. - Users are encouraged to update to a newer release branch soon. - - - - Migration to Version 9.3.24 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.23, - see . - - - - - Changes - - - - - - Fix failure to reset libpq's state fully - between connection attempts (Tom Lane) - - - - An unprivileged user of dblink - or postgres_fdw could bypass the checks intended - to prevent use of server-side credentials, such as - a ~/.pgpass file owned by the operating-system - user running the server. Servers allowing peer authentication on - local connections are particularly vulnerable. Other attacks such - as SQL injection into a postgres_fdw session - are also possible. - Attacking postgres_fdw in this way requires the - ability to create a foreign server object with selected connection - parameters, but any user with access to dblink - could exploit the problem. - In general, an attacker with the ability to select the connection - parameters for a libpq-using application - could cause mischief, though other plausible attack scenarios are - harder to think of. - Our thanks to Andrew Krasichkov for reporting this issue. - (CVE-2018-10915) - - - - - - Ensure that updates to the relfrozenxid - and relminmxid values - for nailed system catalogs are processed in a timely - fashion (Andres Freund) - - - - Overoptimistic caching rules could prevent these updates from being - seen by other sessions, leading to spurious errors and/or data - corruption. The problem was significantly worse for shared catalogs, - such as pg_authid, because the stale cache - data could persist into new sessions as well as existing ones. - - - - - - Fix case where a freshly-promoted standby crashes before having - completed its first post-recovery checkpoint (Michael Paquier, Kyotaro - Horiguchi, Pavan Deolasee, Álvaro Herrera) - - - - This led to a situation where the server did not think it had reached - a consistent database state during subsequent WAL replay, preventing - restart. - - - - - - Avoid emitting a bogus WAL record when recycling an all-zero btree - page (Amit Kapila) - - - - This mistake has been seen to cause assertion failures, and - potentially it could result in unnecessary query cancellations on hot - standby servers. - - - - - - Improve performance of WAL replay for transactions that drop many - relations (Fujii Masao) - - - - This change reduces the number of times that shared buffers are - scanned, so that it is of most benefit when that setting is large. - - - - - - Improve performance of lock releasing in standby server WAL replay - (Thomas Munro) - - - - - - Ensure a table's cached index list is correctly rebuilt after an index - creation fails partway through (Peter Geoghegan) - - - - Previously, the failed index's OID could remain in the list, causing - problems later in the same session. - - - - - - Fix misoptimization of equivalence classes involving composite-type - columns (Tom Lane) - - - - This resulted in failure to recognize that an index on a composite - column could provide the sort order needed for a mergejoin on that - column. - - - - - - Fix SQL-standard FETCH FIRST syntax to allow - parameters ($n), as the - standard expects (Andrew Gierth) - - - - - - Fix failure to schema-qualify some object names - in getObjectDescription output - (Kyotaro Horiguchi, Tom Lane) - - - - Names of collations, conversions, and text search objects - were not schema-qualified when they should be. - - - - - - Widen COPY FROM's current-line-number counter - from 32 to 64 bits (David Rowley) - - - - This avoids two problems with input exceeding 4G lines: COPY - FROM WITH HEADER would drop a line every 4G lines, not only - the first line, and error reports could show a wrong line number. - - - - - - Add a string freeing function - to ecpg's pgtypes - library, so that cross-module memory management problems can be - avoided on Windows (Takayuki Tsunakawa) - - - - On Windows, crashes can ensue if the free call - for a given chunk of memory is not made from the same DLL - that malloc'ed the memory. - The pgtypes library sometimes returns strings - that it expects the caller to free, making it impossible to follow - this rule. Add a PGTYPESchar_free() function - that just wraps free, allowing applications - to follow this rule. - - - - - - Fix ecpg's support for long - long variables on Windows, as well as other platforms that - declare strtoll/strtoull - nonstandardly or not at all (Dang Minh Huong, Tom Lane) - - - - - - Fix misidentification of SQL statement type in PL/pgSQL, when a rule - change causes a change in the semantics of a statement intra-session - (Tom Lane) - - - - This error led to assertion failures, or in rare cases, failure to - enforce the INTO STRICT option as expected. - - - - - - Fix password prompting in client programs so that echo is properly - disabled on Windows when stdin is not the - terminal (Matthew Stickney) - - - - - - Further fix mis-quoting of values for list-valued GUC variables in - dumps (Tom Lane) - - - - The previous fix for quoting of search_path and - other list-valued variables in pg_dump - output turned out to misbehave for empty-string list elements, and it - risked truncation of long file paths. - - - - - - Make pg_upgrade check that the old server - was shut down cleanly (Bruce Momjian) - - - - The previous check could be fooled by an immediate-mode shutdown. - - - - - - Fix crash in contrib/ltree's - lca() function when the input array is empty - (Pierre Ducroquet) - - - - - - Fix various error-handling code paths in which an incorrect error code - might be reported (Michael Paquier, Tom Lane, Magnus Hagander) - - - - - - Rearrange makefiles to ensure that programs link to freshly-built - libraries (such as libpq.so) rather than ones - that might exist in the system library directories (Tom Lane) - - - - This avoids problems when building on platforms that supply old copies - of PostgreSQL libraries. - - - - - - Update time zone data files to tzdata - release 2018e for DST law changes in North Korea, plus historical - corrections for Czechoslovakia. - - - - This update includes a redefinition of daylight savings - in Ireland, as well as for some past years in Namibia and - Czechoslovakia. In those jurisdictions, legally standard time is - observed in summer, and daylight savings time in winter, so that the - daylight savings offset is one hour behind standard time not one hour - ahead. This does not affect either the actual UTC offset or the - timezone abbreviations in use; the only known effect is that - the is_dst column in - the pg_timezone_names view will now be true - in winter and false in summer in these cases. - - - - - - - - - - Release 9.3.23 - - - Release date: - 2018-05-10 - - - - This release contains a variety of fixes from 9.3.22. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.23 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if the function marking mistakes mentioned in the first - changelog entry below affect you, you will want to take steps to - correct your database catalogs. - - - - Also, if you are upgrading from a version earlier than 9.3.22, - see . - - - - - Changes - - - - - - Fix incorrect volatility markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - query_to_xml, - cursor_to_xml, - cursor_to_xmlschema, - query_to_xmlschema, and - query_to_xml_and_xmlschema - should be marked volatile because they execute user-supplied queries - that might contain volatile operations. They were not, leading to a - risk of incorrect query optimization. This has been repaired for new - installations by correcting the initial catalog data, but existing - installations will continue to contain the incorrect markings. - Practical use of these functions seems to pose little hazard, but in - case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, - boolean, text) VOLATILE. (Note that that will need to be - done in each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed - TOAST entries (Pavan Deolasee) - - - - Once the OID counter has wrapped around, it's possible to assign a - TOAST value whose OID matches a previously deleted entry in the same - TOAST table. If that entry were not yet vacuumed away, this resulted - in unexpected chunk number 0 (expected 1) for toast - value nnnnn errors, which would - persist until the dead entry was removed - by VACUUM. Fix by not selecting such OIDs when - creating a new TOAST entry. - - - - - - Change ANALYZE's algorithm for updating - pg_class.reltuples - (David Gould) - - - - Previously, pages not actually scanned by ANALYZE - were assumed to retain their old tuple density. In a large table - where ANALYZE samples only a small fraction of the - pages, this meant that the overall tuple density estimate could not - change very much, so that reltuples would - change nearly proportionally to changes in the table's physical size - (relpages) regardless of what was actually - happening in the table. This has been observed to result - in reltuples becoming so much larger than - reality as to effectively shut off autovacuuming. To fix, assume - that ANALYZE's sample is a statistically unbiased - sample of the table (as it should be), and just extrapolate the - density observed within those pages to the whole table. - - - - - - Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail - when the referenced cursor uses an index-only-scan plan (Yugo Nagata, - Tom Lane) - - - - - - Fix incorrect planning of join clauses pushed into parameterized - paths (Andrew Gierth, Tom Lane) - - - - This error could result in misclassifying a condition as - a join filter for an outer join when it should be a - plain filter condition, leading to incorrect join - output. - - - - - - Fix misoptimization of CHECK constraints having - provably-NULL subclauses of - top-level AND/OR conditions - (Tom Lane, Dean Rasheed) - - - - This could, for example, allow constraint exclusion to exclude a - child table that should not be excluded from a query. - - - - - - Avoid failure if a query-cancel or session-termination interrupt - occurs while committing a prepared transaction (Stas Kelvich) - - - - - - Fix query-lifespan memory leakage in repeatedly executed hash joins - (Tom Lane) - - - - - - Fix overly strict sanity check - in heap_prepare_freeze_tuple - (Álvaro Herrera) - - - - This could result in incorrect cannot freeze committed - xmax failures in databases that have - been pg_upgrade'd from 9.2 or earlier. - - - - - - Prevent dangling-pointer dereference when a C-coded before-update row - trigger returns the old tuple (Rushabh Lathia) - - - - - - Reduce locking during autovacuum worker scheduling (Jeff Janes) - - - - The previous behavior caused drastic loss of potential worker - concurrency in databases with many tables. - - - - - - Ensure client hostname is copied while copying - pg_stat_activity data to local memory - (Edmund Horner) - - - - Previously the supposedly-local snapshot contained a pointer into - shared memory, allowing the client hostname column to change - unexpectedly if any existing session disconnected. - - - - - - Fix incorrect processing of multiple compound affixes - in ispell dictionaries (Arthur Zakirov) - - - - - - Fix collation-aware searches (that is, indexscans using inequality - operators) in SP-GiST indexes on text columns (Tom Lane) - - - - Such searches would return the wrong set of rows in most non-C - locales. - - - - - - Count the number of index tuples correctly during initial build of an - SP-GiST index (Tomas Vondra) - - - - Previously, the tuple count was reported to be the same as that of - the underlying table, which is wrong if the index is partial. - - - - - - Count the number of index tuples correctly during vacuuming of a - GiST index (Andrey Borodin) - - - - Previously it reported the estimated number of heap tuples, - which might be inaccurate, and is certainly wrong if the - index is partial. - - - - - - Allow scalarltsel - and scalargtsel to be used on non-core datatypes - (Tomas Vondra) - - - - - - Reduce libpq's memory consumption when a - server error is reported after a large amount of query output has - been collected (Tom Lane) - - - - Discard the previous output before, not after, processing the error - message. On some platforms, notably Linux, this can make a - difference in the application's subsequent memory footprint. - - - - - - Fix double-free crashes in ecpg - (Patrick Krecker, Jeevan Ladhe) - - - - - - Fix ecpg to handle long long - int variables correctly in MSVC builds (Michael Meskes, - Andrew Gierth) - - - - - - Fix mis-quoting of values for list-valued GUC variables in dumps - (Michael Paquier, Tom Lane) - - - - The local_preload_libraries, - session_preload_libraries, - shared_preload_libraries, - and temp_tablespaces variables were not correctly - quoted in pg_dump output. This would - cause problems if settings for these variables appeared in - CREATE FUNCTION ... SET or ALTER - DATABASE/ROLE ... SET clauses. - - - - - - Fix overflow handling in PL/pgSQL - integer FOR loops (Tom Lane) - - - - The previous coding failed to detect overflow of the loop variable - on some non-gcc compilers, leading to an infinite loop. - - - - - - Adjust PL/Python regression tests to pass - under Python 3.7 (Peter Eisentraut) - - - - - - Support testing PL/Python and related - modules when building with Python 3 and MSVC (Andrew Dunstan) - - - - - - Rename internal b64_encode - and b64_decode functions to avoid conflict with - Solaris 11.4 built-in functions (Rainer Orth) - - - - - - Sync our copy of the timezone library with IANA tzcode release 2018e - (Tom Lane) - - - - This fixes the zic timezone data compiler - to cope with negative daylight-savings offsets. While - the PostgreSQL project will not - immediately ship such timezone data, zic - might be used with timezone data obtained directly from IANA, so it - seems prudent to update zic now. - - - - - - Update time zone data files to tzdata - release 2018d for DST law changes in Palestine and Antarctica (Casey - Station), plus historical corrections for Portugal and its colonies, - as well as Enderbury, Jamaica, Turks & Caicos Islands, and - Uruguay. - - - - - - - - - - Release 9.3.22 - - - Release date: - 2018-03-01 - - - - This release contains a variety of fixes from 9.3.21. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.22 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you run an installation in which not all users are mutually - trusting, or if you maintain an application or extension that is - intended for use in arbitrary situations, it is strongly recommended - that you read the documentation changes described in the first changelog - entry below, and take suitable steps to ensure that your installation or - code is secure. - - - - Also, the changes described in the second changelog entry below may - cause functions used in index expressions or materialized views to fail - during auto-analyze, or when reloading from a dump. After upgrading, - monitor the server logs for such problems, and fix affected functions. - - - - Also, if you are upgrading from a version earlier than 9.3.18, - see . - - - - - Changes - - - - - - Document how to configure installations and applications to guard - against search-path-dependent trojan-horse attacks from other users - (Noah Misch) - - - - Using a search_path setting that includes any - schemas writable by a hostile user enables that user to capture - control of queries and then run arbitrary SQL code with the - permissions of the attacked user. While it is possible to write - queries that are proof against such hijacking, it is notationally - tedious, and it's very easy to overlook holes. Therefore, we now - recommend configurations in which no untrusted schemas appear in - one's search path. Relevant documentation appears in - (for database administrators and users), - (for application authors), - (for extension authors), and - (for authors - of SECURITY DEFINER functions). - (CVE-2018-1058) - - - - - - Avoid use of insecure search_path settings - in pg_dump and other client programs - (Noah Misch, Tom Lane) - - - - pg_dump, - pg_upgrade, - vacuumdb and - other PostgreSQL-provided applications were - themselves vulnerable to the type of hijacking described in the previous - changelog entry; since these applications are commonly run by - superusers, they present particularly attractive targets. To make them - secure whether or not the installation as a whole has been secured, - modify them to include only the pg_catalog - schema in their search_path settings. - Autovacuum worker processes now do the same, as well. - - - - In cases where user-provided functions are indirectly executed by - these programs — for example, user-provided functions in index - expressions — the tighter search_path may - result in errors, which will need to be corrected by adjusting those - user-provided functions to not assume anything about what search path - they are invoked under. That has always been good practice, but now - it will be necessary for correct behavior. - (CVE-2018-1058) - - - - - - Fix misbehavior of concurrent-update rechecks with CTE references - appearing in subplans (Tom Lane) - - - - If a CTE (WITH clause reference) is used in an - InitPlan or SubPlan, and the query requires a recheck due to trying - to update or lock a concurrently-updated row, incorrect results could - be obtained. - - - - - - Fix planner failures with overlapping mergejoin clauses in an outer - join (Tom Lane) - - - - These mistakes led to left and right pathkeys do not match in - mergejoin or outer pathkeys do not match - mergeclauses planner errors in corner cases. - - - - - - Repair pg_upgrade's failure to - preserve relfrozenxid for materialized - views (Tom Lane, Andres Freund) - - - - This oversight could lead to data corruption in materialized views - after an upgrade, manifesting as could not access status of - transaction or found xmin from before - relfrozenxid errors. The problem would be more likely to - occur in seldom-refreshed materialized views, or ones that were - maintained only with REFRESH MATERIALIZED VIEW - CONCURRENTLY. - - - - If such corruption is observed, it can be repaired by refreshing the - materialized view (without CONCURRENTLY). - - - - - - Fix incorrect reporting of PL/Python function names in - error CONTEXT stacks (Tom Lane) - - - - An error occurring within a nested PL/Python function call (that is, - one reached via a SPI query from another PL/Python function) would - result in a stack trace showing the inner function's name twice, - rather than the expected results. Also, an error in a nested - PL/Python DO block could result in a null pointer - dereference crash on some platforms. - - - - - - Allow contrib/auto_explain's - log_min_duration setting to range up - to INT_MAX, or about 24 days instead of 35 minutes - (Tom Lane) - - - - - - - - - - Release 9.3.21 - - - Release date: - 2018-02-08 - - - - This release contains a variety of fixes from 9.3.20. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.21 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.18, - see . - - - - - Changes - - - - - - Ensure that all temporary files made - by pg_upgrade are non-world-readable - (Tom Lane, Noah Misch) - - - - pg_upgrade normally restricts its - temporary files to be readable and writable only by the calling user. - But the temporary file containing pg_dumpall -g - output would be group- or world-readable, or even writable, if the - user's umask setting allows. In typical usage on - multi-user machines, the umask and/or the working - directory's permissions would be tight enough to prevent problems; - but there may be people using pg_upgrade - in scenarios where this oversight would permit disclosure of database - passwords to unfriendly eyes. - (CVE-2018-1053) - - - - - - Fix vacuuming of tuples that were updated while key-share locked - (Andres Freund, Álvaro Herrera) - - - - In some cases VACUUM would fail to remove such - tuples even though they are now dead, leading to assorted data - corruption scenarios. - - - - - - Fix inadequate buffer locking in some LSN fetches (Jacob Champion, - Asim Praveen, Ashwin Agrawal) - - - - These errors could result in misbehavior under concurrent load. - The potential consequences have not been characterized fully. - - - - - - Avoid unnecessary failure in a query on an inheritance tree that - occurs concurrently with some child table being removed from the tree - by ALTER TABLE NO INHERIT (Tom Lane) - - - - - - Repair failure with correlated sub-SELECT - inside VALUES inside a LATERAL - subquery (Tom Lane) - - - - - - Fix could not devise a query plan for the given query - planner failure for some cases involving nested UNION - ALL inside a lateral subquery (Tom Lane) - - - - - - Fix has_sequence_privilege() to - support WITH GRANT OPTION tests, - as other privilege-testing functions do (Joe Conway) - - - - - - In databases using UTF8 encoding, ignore any XML declaration that - asserts a different encoding (Pavel Stehule, Noah Misch) - - - - We always store XML strings in the database encoding, so allowing - libxml to act on a declaration of another encoding gave wrong results. - In encodings other than UTF8, we don't promise to support non-ASCII - XML data anyway, so retain the previous behavior for bug compatibility. - This change affects only xpath() and related - functions; other XML code paths already acted this way. - - - - - - Provide for forward compatibility with future minor protocol versions - (Robert Haas, Badrul Chowdhury) - - - - Up to now, PostgreSQL servers simply - rejected requests to use protocol versions newer than 3.0, so that - there was no functional difference between the major and minor parts - of the protocol version number. Allow clients to request versions 3.x - without failing, sending back a message showing that the server only - understands 3.0. This makes no difference at the moment, but - back-patching this change should allow speedier introduction of future - minor protocol upgrades. - - - - - - Prevent stack-overflow crashes when planning extremely deeply - nested set operations - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Fix null-pointer crashes for some types of LDAP URLs appearing - in pg_hba.conf (Thomas Munro) - - - - - - Fix sample INSTR() functions in the PL/pgSQL - documentation (Yugo Nagata, Tom Lane) - - - - These functions are stated to - be Oracle compatible, but - they weren't exactly. In particular, there was a discrepancy in the - interpretation of a negative third parameter: Oracle thinks that a - negative value indicates the last place where the target substring can - begin, whereas our functions took it as the last place where the - target can end. Also, Oracle throws an error for a zero or negative - fourth parameter, whereas our functions returned zero. - - - - The sample code has been adjusted to match Oracle's behavior more - precisely. Users who have copied this code into their applications - may wish to update their copies. - - - - - - Fix pg_dump to make ACL (permissions), - comment, and security label entries reliably identifiable in archive - output formats (Tom Lane) - - - - The tag portion of an ACL archive entry was usually - just the name of the associated object. Make it start with the object - type instead, bringing ACLs into line with the convention already used - for comment and security label archive entries. Also, fix the - comment and security label entries for the whole database, if present, - to make their tags start with DATABASE so that they - also follow this convention. This prevents false matches in code that - tries to identify large-object-related entries by seeing if the tag - starts with LARGE OBJECT. That could have resulted - in misclassifying entries as data rather than schema, with undesirable - results in a schema-only or data-only dump. - - - - Note that this change has user-visible results in the output - of pg_restore --list. - - - - - - In ecpg, detect indicator arrays that do - not have the correct length and report an error (David Rader) - - - - - - Avoid triggering a libc assertion - in contrib/hstore, due to use - of memcpy() with equal source and destination - pointers (Tomas Vondra) - - - - - - Provide modern examples of how to auto-start Postgres on macOS - (Tom Lane) - - - - The scripts in contrib/start-scripts/osx use - infrastructure that's been deprecated for over a decade, and which no - longer works at all in macOS releases of the last couple of years. - Add a new subdirectory contrib/start-scripts/macos - containing scripts that use the newer launchd - infrastructure. - - - - - - Fix incorrect selection of configuration-specific libraries for - OpenSSL on Windows (Andrew Dunstan) - - - - - - Support linking to MinGW-built versions of libperl (Noah Misch) - - - - This allows building PL/Perl with some common Perl distributions for - Windows. - - - - - - Fix MSVC build to test whether 32-bit libperl - needs -D_USE_32BIT_TIME_T (Noah Misch) - - - - Available Perl distributions are inconsistent about what they expect, - and lack any reliable means of reporting it, so resort to a build-time - test on what the library being used actually does. - - - - - - On Windows, install the crash dump handler earlier in postmaster - startup (Takayuki Tsunakawa) - - - - This may allow collection of a core dump for some early-startup - failures that did not produce a dump before. - - - - - - On Windows, avoid encoding-conversion-related crashes when emitting - messages very early in postmaster startup (Takayuki Tsunakawa) - - - - - - Use our existing Motorola 68K spinlock code on OpenBSD as - well as NetBSD (David Carlier) - - - - - - Add support for spinlocks on Motorola 88K (David Carlier) - - - - - - Update time zone data files to tzdata - release 2018c for DST law changes in Brazil, Sao Tome and Principe, - plus historical corrections for Bolivia, Japan, and South Sudan. - The US/Pacific-New zone has been removed (it was - only an alias for America/Los_Angeles anyway). - - - - - - - - - - Release 9.3.20 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.3.19. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.20 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.18, - see . - - - - - - Changes - - - - - - Fix crash due to rowtype mismatch - in json{b}_populate_recordset() - (Michael Paquier, Tom Lane) - - - - These functions used the result rowtype specified in the FROM - ... AS clause without checking that it matched the actual - rowtype of the supplied tuple value. If it didn't, that would usually - result in a crash, though disclosure of server memory contents seems - possible as well. - (CVE-2017-15098) - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - Fix mis-parsing of the last line in a - non-newline-terminated pg_hba.conf file - (Tom Lane) - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - Fix ecpg's handling of out-of-scope cursor - declarations with pointer or array variables (Michael Meskes) - - - - - - Make ecpglib's Informix-compatibility mode ignore fractional digits in - integer input strings, as expected (Gao Zengqi, Michael Meskes) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.3.19 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.3.18. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.19 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.18, - see . - - - - - - Changes - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - Fix crash in pg_restore when using parallel mode and - using a list file to select a subset of items to restore - (Fabrízio de Royes Mello) - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - - - - - Release 9.3.18 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.3.17. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.18 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.3.16, - see . - - - - - - Changes - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - Fix concurrent locking of tuple update chains (Álvaro Herrera) - - - - If several sessions concurrently lock a tuple update chain with - nonconflicting lock modes using an old snapshot, and they all - succeed, it was possible for some of them to nonetheless fail (and - conclude there is no live tuple version) due to a race condition. - This had consequences such as foreign-key checks failing to see a - tuple that definitely exists but is being updated concurrently. - - - - - - Fix potential data corruption when freezing a tuple whose XMAX is a - multixact with exactly one still-interesting member (Teodor Sigaev) - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - Allow window functions to be used in sub-SELECTs that - are within the arguments of an aggregate function (Tom Lane) - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - In libpq, reset GSS/SASL and SSPI authentication - state properly after a failed connection attempt (Michael Paquier) - - - - Failure to do this meant that when falling back from SSL to non-SSL - connections, a GSS/SASL failure in the SSL attempt would always cause - the non-SSL attempt to fail. SSPI did not fail, but it leaked memory. - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - Fix pg_dump and pg_restore to - emit REFRESH MATERIALIZED VIEW commands last (Tom Lane) - - - - This prevents errors during dump/restore when a materialized view - refers to tables owned by a different user. - - - - - - Fix pg_dump with the - - - It also now correctly assigns ownership of event triggers; before, - they were restored as being owned by the superuser running the - restore script. - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - Fix dumping of outer joins with empty constraints, such as the result - of a NATURAL LEFT JOIN with no common columns (Tom Lane) - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - In postgres_fdw, re-establish connections to remote - servers after ALTER SERVER or ALTER USER - MAPPING commands (Kyotaro Horiguchi) - - - - This ensures that option changes affecting connection parameters will - be applied promptly. - - - - - - In postgres_fdw, allow cancellation of remote - transaction control commands (Robert Haas, Rafia Sabih) - - - - This change allows us to quickly escape a wait for an unresponsive - remote server in many more cases than previously. - - - - - - Always use - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - Fix unescaped-braces issue in our build scripts for Microsoft MSVC, - to avoid a warning or error from recent Perl versions (Andrew - Dunstan) - - - - - - In MSVC builds, handle the case where the openssl - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - - - - - Release 9.3.17 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.3.16. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.17 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.3.16, - see . - - - - - - Changes - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - Restore libpq's recognition of - the PGREQUIRESSL environment variable (Daniel Gustafsson) - - - - Processing of this environment variable was unintentionally dropped - in PostgreSQL 9.3, but its documentation remained. - This creates a security hazard, since users might be relying on the - environment variable to force SSL-encrypted connections, but that - would no longer be guaranteed. Restore handling of the variable, - but give it lower priority than PGSSLMODE, to avoid - breaking configurations that work correctly with post-9.3 code. - (CVE-2017-7485) - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - Fix contrib/pg_trgm's extraction of trigrams from regular - expressions (Tom Lane) - - - - In some cases it would produce a broken data structure that could never - match anything, leading to GIN or GiST indexscans that use a trigram - index not finding any matches to the regular expression. - - - - - - In contrib/postgres_fdw, - transmit query cancellation requests to the remote server - (Michael Paquier, Etsuro Fujita) - - - - Previously, a local query cancellation request did not cause an - already-sent remote query to terminate early. This is a back-patch - of work originally done for 9.6. - - - - - - Support OpenSSL 1.1.0 (Heikki Linnakangas, Andreas Karlsson, Tom Lane) - - - - This is a back-patch of work previously done in newer branches; - it's needed since many platforms are adopting newer OpenSSL versions. - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.3.16 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.3.15. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.16 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.3.15, - see . - - - - - - Changes - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - Ensure that hot standby feedback works correctly when it's enabled at - standby server start (Ants Aasma, Craig Ringer) - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - Report correct object identity during ALTER TEXT SEARCH - CONFIGURATION (Artur Zakirov) - - - - The wrong catalog OID was reported to extensions such as logical - decoding. - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - Prevent multicolumn expansion of foo.* in - an UPDATE source expression (Tom Lane) - - - - This led to UPDATE target count mismatch --- internal - error. Now the syntax is understood as a whole-row variable, - as it would be in other contexts. - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - Ensure that cached plans are invalidated by changes in foreign-table - options (Amit Langote, Etsuro Fujita, Ashutosh Bapat) - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - Teach contrib/dblink to ignore irrelevant server options - when it uses a contrib/postgres_fdw foreign server as - the source of connection options (Corey Huinker) - - - - Previously, if the foreign server object had options that were not - also libpq connection options, an error occurred. - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.3.15 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.3.14. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.15 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted free space maps. - - - - Also, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Fix WAL-logging of truncation of relation free space maps and - visibility maps (Pavan Deolasee, Heikki Linnakangas) - - - - It was possible for these files to not be correctly restored during - crash recovery, or to be written incorrectly on a standby server. - Bogus entries in a free space map could lead to attempts to access - pages that have been truncated away from the relation itself, typically - producing errors like could not read block XXX: - read only 0 of 8192 bytes. Checksum failures in the - visibility map are also possible, if checksumming is enabled. - - - - Procedures for determining whether there is a problem and repairing it - if so are discussed at - . - - - - - - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that - have been updated by a subsequently-aborted transaction - (Álvaro Herrera) - - - - In 9.5 and later, the SELECT would sometimes fail to - return such tuples at all. A failure has not been proven to occur in - earlier releases, but might be possible with concurrent updates. - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - Suppress printing of zeroes for unmeasured times - in EXPLAIN (Maksim Milyutin) - - - - Certain option combinations resulted in printing zero values for times - that actually aren't ever measured in that combination. Our general - policy in EXPLAIN is not to print such fields at all, so - do that consistently in all cases. - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - Make ecpg's - - - - - In pg_dump, never dump range constructor functions - (Tom Lane) - - - - This oversight led to pg_upgrade failures with - extensions containing range types, due to duplicate creation of the - constructor functions. - - - - - - In pg_xlogdump, retry opening new WAL segments when - using - - - This allows for a possible delay in the server's creation of the next - segment. - - - - - - Fix pg_xlogdump to cope with a WAL file that begins - with a continuation record spanning more than one page (Pavan - Deolasee) - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the - - - - - Update Windows time zone mapping to recognize some time zone names - added in recent Windows versions (Michael Paquier) - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.3.14 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.3.13. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.14 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - Avoid possible crash in pg_get_expr() when inconsistent - values are passed to it (Michael Paquier, Thomas Munro) - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - Do not run the planner on the query contained in CREATE - MATERIALIZED VIEW or CREATE TABLE AS - when WITH NO DATA is specified (Michael Paquier, - Tom Lane) - - - - This avoids some unnecessary failure conditions, for example if a - stable function invoked by the materialized view depends on a table - that doesn't exist yet. - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - Fix hint bit update during WAL replay of row locking operations - (Andres Freund) - - - - The only known consequence of this problem is that row locks held by - a prepared, but uncommitted, transaction might fail to be enforced - after a crash and restart. - - - - - - Avoid unnecessary could not serialize access errors when - acquiring FOR KEY SHARE row locks in serializable mode - (Álvaro Herrera) - - - - - - Avoid crash in postgres -C when the specified variable - has a null string value (Michael Paquier) - - - - - - Ensure that backends see up-to-date statistics for shared catalogs - (Tom Lane) - - - - The statistics collector failed to update the statistics file for - shared catalogs after a request from a regular backend. This problem - was partially masked because the autovacuum launcher regularly makes - requests that did cause such updates; however, it became obvious with - autovacuum disabled. - - - - - - Avoid redundant writes of the statistics files when multiple - backends request updates close together (Tom Lane, Tomas Vondra) - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - Avoid canceling hot-standby queries during VACUUM FREEZE - (Simon Riggs, Álvaro Herrera) - - - - VACUUM FREEZE on an otherwise-idle master server could - result in unnecessary cancellations of queries on its standby - servers. - - - - - - Prevent possible failure when vacuuming multixact IDs in an - installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth, - Álvaro Herrera) - - - - The usual symptom of this bug is errors - like MultiXactId NNN has not been created - yet -- apparent wraparound. - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - Prevent infinite loop in GiST index build for geometric columns - containing NaN component values (Tom Lane) - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - In pg_dump with both - - - - - Improve handling of SIGTERM/control-C in - parallel pg_dump and pg_restore (Tom - Lane) - - - - Make sure that the worker processes will exit promptly, and also arrange - to send query-cancel requests to the connected backends, in case they - are doing something long-running such as a CREATE INDEX. - - - - - - Fix error reporting in parallel pg_dump - and pg_restore (Tom Lane) - - - - Previously, errors reported by pg_dump - or pg_restore worker processes might never make it to - the user's console, because the messages went through the master - process, and there were various deadlock scenarios that would prevent - the master process from passing on the messages. Instead, just print - everything to stderr. In some cases this will result in - duplicate messages (for instance, if all the workers report a server - shutdown), but that seems better than no message. - - - - - - Ensure that parallel pg_dump - or pg_restore on Windows will shut down properly - after an error (Kyotaro Horiguchi) - - - - Previously, it would report the error, but then just sit until - manually stopped by the user. - - - - - - Make pg_dump behave better when built without zlib - support (Kyotaro Horiguchi) - - - - It didn't work right for parallel dumps, and emitted some rather - pointless warnings in other cases. - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - Be more predictable about reporting statement timeout - versus lock timeout (Tom Lane) - - - - On heavily loaded machines, the regression tests sometimes failed due - to reporting lock timeout even though the statement timeout - should have occurred first. - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.3.13 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.3.12. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.13 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - Fix incorrect handling of equivalence-class tests in multilevel - nestloop plans (Tom Lane) - - - - Given a three-or-more-way equivalence class of variables, such - as X.X = Y.Y = Z.Z, it was possible for the planner to omit - some of the tests needed to enforce that all the variables are actually - equal, leading to join rows being output that didn't satisfy - the WHERE clauses. For various reasons, erroneous plans - were seldom selected in practice, so that this bug has gone undetected - for a long time. - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - Fix pg_upgrade to not fail when new-cluster TOAST rules - differ from old (Tom Lane) - - - - pg_upgrade had special-case code to handle the - situation where the new PostgreSQL version thinks that - a table should have a TOAST table while the old version did not. That - code was broken, so remove it, and instead do nothing in such cases; - there seems no reason to believe that we can't get along fine without - a TOAST table if that was okay according to the old version's rules. - - - - - - - Back-port 9.4-era memory-barrier code changes into 9.2 and 9.3 (Tom Lane) - - - - These changes were not originally needed in pre-9.4 branches, but we - recently back-patched a fix that expected the barrier code to work - properly. Only IA64 (when using icc), HPPA, and Alpha platforms are - affected. - - - - - - Reduce the number of SysV semaphores used by a build configured with - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - Fix putenv() to work properly with Visual Studio 2013 - (Michael Paquier) - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.3.12 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.3.11. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.12 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - In pg_upgrade, skip creating a deletion script when - the new data directory is inside the old data directory (Bruce - Momjian) - - - - Blind application of the script in such cases would result in loss of - the new data directory. - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.3.11 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.3.10. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.11 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - Perform an immediate shutdown if the postmaster.pid file - is removed (Tom Lane) - - - - The postmaster now checks every minute or so - that postmaster.pid is still there and still contains its - own PID. If not, it performs an immediate shutdown, as though it had - received SIGQUIT. The main motivation for this change - is to ensure that failed buildfarm runs will get cleaned up without - manual intervention; but it also serves to limit the bad effects if a - DBA forcibly removes postmaster.pid and then starts a new - postmaster. - - - - - - In SERIALIZABLE transaction isolation mode, serialization - anomalies could be missed due to race conditions during insertions - (Kevin Grittner, Thomas Munro) - - - - - - Fix failure to emit appropriate WAL records when doing ALTER - TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier, - Andres Freund) - - - - Even though the relation's data is unlogged, the move must be logged or - the relation will be inaccessible after a standby is promoted to master. - - - - - - Fix possible misinitialization of unlogged relations at the end of - crash recovery (Andres Freund, Michael Paquier) - - - - - - Ensure walsender slots are fully re-initialized when being re-used - (Magnus Hagander) - - - - - - Fix ALTER COLUMN TYPE to reconstruct inherited check - constraints properly (Tom Lane) - - - - - - Fix REASSIGN OWNED to change ownership of composite types - properly (Álvaro Herrera) - - - - - - Fix REASSIGN OWNED and ALTER OWNER to correctly - update granted-permissions lists when changing owners of data types, - foreign data wrappers, or foreign servers (Bruce Momjian, - Álvaro Herrera) - - - - - - Fix REASSIGN OWNED to ignore foreign user mappings, - rather than fail (Álvaro Herrera) - - - - - - Fix possible crash after doing query rewrite for an updatable view - (Stephen Frost) - - - - - - Fix planner's handling of LATERAL references (Tom - Lane) - - - - This fixes some corner cases that led to failed to build any - N-way joins or could not devise a query plan planner - failures. - - - - - - Add more defenses against bad planner cost estimates for GIN index - scans when the index's internal statistics are very out-of-date - (Tom Lane) - - - - - - Make planner cope with hypothetical GIN indexes suggested by an index - advisor plug-in (Julien Rouhaud) - - - - - - Speed up generation of unique table aliases in EXPLAIN and - rule dumping, and ensure that generated aliases do not - exceed NAMEDATALEN (Tom Lane) - - - - - - Fix dumping of whole-row Vars in ROW() - and VALUES() lists (Tom Lane) - - - - - - Fix possible internal overflow in numeric division - (Dean Rasheed) - - - - - - Fix enforcement of restrictions inside parentheses within regular - expression lookahead constraints (Tom Lane) - - - - Lookahead constraints aren't allowed to contain backrefs, and - parentheses within them are always considered non-capturing, according - to the manual. However, the code failed to handle these cases properly - inside a parenthesized subexpression, and would give unexpected - results. - - - - - - Conversion of regular expressions to indexscan bounds could produce - incorrect bounds from regexps containing lookahead constraints - (Tom Lane) - - - - - - Fix regular-expression compiler to handle loops of constraint arcs - (Tom Lane) - - - - The code added for CVE-2007-4772 was both incomplete, in that it didn't - handle loops involving more than one state, and incorrect, in that it - could cause assertion failures (though there seem to be no bad - consequences of that in a non-assert build). Multi-state loops would - cause the compiler to run until the query was canceled or it reached - the too-many-states error condition. - - - - - - Improve memory-usage accounting in regular-expression compiler - (Tom Lane) - - - - This causes the code to emit regular expression is too - complex errors in some cases that previously used unreasonable - amounts of time and memory. - - - - - - Improve performance of regular-expression compiler (Tom Lane) - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - On Windows, ensure the shared-memory mapping handle gets closed in - child processes that don't need it (Tom Lane, Amit Kapila) - - - - This oversight resulted in failure to recover from crashes - whenever logging_collector is turned on. - - - - - - Fix possible failure to detect socket EOF in non-blocking mode on - Windows (Tom Lane) - - - - It's not entirely clear whether this problem can happen in pre-9.5 - branches, but if it did, the symptom would be that a walsender process - would wait indefinitely rather than noticing a loss of connection. - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - In psql, ensure that libreadline's idea - of the screen size is updated when the terminal window size changes - (Merlin Moncure) - - - - Previously, libreadline did not notice if the window - was resized during query output, leading to strange behavior during - later input of multiline queries. - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - Avoid possible crash in psql's \c command - when previous connection was via Unix socket and command specifies a - new hostname and same username (Tom Lane) - - - - - - In pg_ctl start -w, test child process status directly - rather than relying on heuristics (Tom Lane, Michael Paquier) - - - - Previously, pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five - seconds. But that can fail on heavily-loaded systems, - causing pg_ctl to report incorrectly that the - postmaster failed to start. - - - - Except on Windows, this change also means that a pg_ctl start - -w done immediately after another such command will now reliably - fail, whereas previously it would report success if done within two - seconds of the first command. - - - - - - In pg_ctl start -w, don't attempt to use a wildcard listen - address to connect to the postmaster (Kondo Yuta) - - - - On Windows, pg_ctl would fail to detect postmaster - startup if listen_addresses is set to 0.0.0.0 - or ::, because it would try to use that value verbatim as - the address to connect to, which doesn't work. Instead assume - that 127.0.0.1 or ::1, respectively, is the - right thing to use. - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - In pg_dump and pg_basebackup, adopt - the GNU convention for handling tar-archive members exceeding 8GB - (Tom Lane) - - - - The POSIX standard for tar file format does not allow - archive member files to exceed 8GB, but most modern implementations - of tar support an extension that fixes that. Adopt - this extension so that pg_dump with - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - Ensure that relation option values are properly quoted - in pg_dump (Kouhei Sutou, Tom Lane) - - - - A reloption value that isn't a simple identifier or number could lead - to dump/reload failures due to syntax errors in CREATE statements - issued by pg_dump. This is not an issue with any - reloption currently supported by core PostgreSQL, but - extensions could allow reloptions that cause the problem. - - - - - - Avoid repeated password prompts during parallel pg_dump - (Zeus Kronion) - - - - - - Fix pg_upgrade's file-copying code to handle errors - properly on Windows (Bruce Momjian) - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - Fix failure to localize messages emitted - by pg_receivexlog and pg_recvlogical - (Ioseph Kim) - - - - - - Avoid dump/reload problems when using both plpython2 - and plpython3 (Tom Lane) - - - - In principle, both versions of PL/Python can be used in - the same database, though not in the same session (because the two - versions of libpython cannot safely be used concurrently). - However, pg_restore and pg_upgrade both - do things that can fall foul of the same-session restriction. Work - around that by changing the timing of the check. - - - - - - Fix PL/Python regression tests to pass with Python 3.5 - (Peter Eisentraut) - - - - - - Fix premature clearing of libpq's input buffer when - socket EOF is seen (Tom Lane) - - - - This mistake caused libpq to sometimes not report the - backend's final error message before reporting server closed the - connection unexpectedly. - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - Improve libpq's handling of out-of-memory situations - (Michael Paquier, Amit Kapila, Heikki Linnakangas) - - - - - - Fix order of arguments - in ecpg-generated typedef statements - (Michael Meskes) - - - - - - Use %g not %f format - in ecpg's PGTYPESnumeric_from_double() - (Tom Lane) - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - Fix hstore_to_json_loose()'s test for whether - an hstore value can be converted to a JSON number (Tom Lane) - - - - Previously this function could be fooled by non-alphanumeric trailing - characters, leading to emitting syntactically-invalid JSON. - - - - - - Ensure that contrib/pgcrypto's crypt() - function can be interrupted by query cancel (Andreas Karlsson) - - - - - - Accept flex versions later than 2.5.x - (Tom Lane, Michael Paquier) - - - - Now that flex 2.6.0 has been released, the version checks in our build - scripts needed to be adjusted. - - - - - - Improve reproducibility of build output by ensuring filenames are given - to the linker in a fixed order (Christoph Berg) - - - - This avoids possible bitwise differences in the produced executable - files from one build to the next. - - - - - - Install our missing script where PGXS builds can find it - (Jim Nasby) - - - - This allows sane behavior in a PGXS build done on a machine where build - tools such as bison are missing. - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - Add variant regression test expected-output file to match behavior of - current libxml2 (Tom Lane) - - - - The fix for libxml2's CVE-2015-7499 causes it not to - output error context reports in some cases where it used to do so. - This seems to be a bug, but we'll probably have to live with it for - some time, so work around it. - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.3.10 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.3.9. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.10 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.9, - see . - - - - - - Changes - - - - - - Guard against stack overflows in json parsing - (Oskari Saarenmaa) - - - - If an application constructs PostgreSQL json - or jsonb values from arbitrary user input, the application's - users can reliably crash the PostgreSQL server, causing momentary - denial of service. (CVE-2015-5289) - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - Ensure all relations referred to by an updatable view are properly - locked during an update statement (Dean Rasheed) - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - Fix performance problem when a session alters large numbers of foreign - key constraints (Jan Wieck, Tom Lane) - - - - This was seen primarily when restoring pg_dump output - for databases with many thousands of tables. - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - Avoid logging complaints when a parameter that can only be set at - server start appears multiple times in postgresql.conf, - and fix counting of line numbers after an include_dir - directive (Tom Lane) - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - In regular expression execution, correctly record match data for - capturing parentheses within a quantifier even when the match is - zero-length (Tom Lane) - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - Improve planner's performance for UPDATE/DELETE - on large inheritance sets (Tom Lane, Dean Rasheed) - - - - - - Ensure standby promotion trigger files are removed at postmaster - startup (Michael Paquier, Fujii Masao) - - - - This prevents unwanted promotion from occurring if these files appear - in a database backup that is used to initialize a new standby server. - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - Make emergency autovacuuming for multixact wraparound more robust - (Andres Freund) - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - Fix handling of all-zeroes pages in SP-GiST indexes (Heikki - Linnakangas) - - - - VACUUM attempted to recycle such pages, but did so in a - way that wasn't crash-safe. - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - Fix PL/Perl to handle non-ASCII error - message texts correctly (Alex Hunsaker) - - - - - - Fix PL/Python crash when returning the string - representation of a record result (Tom Lane) - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - In contrib/isn, fix output of ISBN-13 numbers that begin - with 979 (Fabien Coelho) - - - - EANs beginning with 979 (but not 9790) are considered ISBNs, but they - must be printed in the new 13-digit format, not the 10-digit format. - - - - - - Improve contrib/postgres_fdw's handling of - collation-related decisions (Tom Lane) - - - - The main user-visible effect is expected to be that comparisons - involving varchar columns will be sent to the remote server - for execution in more cases than before. - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - Make pg_dump handle inherited NOT VALID - check constraints correctly (Tom Lane) - - - - - - Fix selection of default zlib compression level - in pg_dump's directory output format (Andrew Dunstan) - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping data types from pre-9.2 servers, and when dumping - functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - Fix assorted minor memory leaks in pg_dump and other - client-side programs (Michael Paquier) - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.3.9 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.3.8. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.9 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading an installation that was previously - upgraded using a pg_upgrade version between 9.3.0 and - 9.3.4 inclusive, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.3.7, - see . - - - - - - Changes - - - - - - Fix possible failure to recover from an inconsistent database state - (Robert Haas) - - - - Recent PostgreSQL releases introduced mechanisms to - protect against multixact wraparound, but some of that code did not - account for the possibility that it would need to run during crash - recovery, when the database may not be in a consistent state. This - could result in failure to restart after a crash, or failure to start - up a secondary server. The lingering effects of a previously-fixed - bug in pg_upgrade could also cause such a failure, in - installations that had used pg_upgrade versions - between 9.3.0 and 9.3.4. - - - - The pg_upgrade bug in question was that it would - set oldestMultiXid to 1 in pg_control even - if the true value should be higher. With the fixes introduced in - this release, such a situation will result in immediate emergency - autovacuuming until a correct oldestMultiXid value can be - determined. If that would pose a hardship, users can avoid it by - doing manual vacuuming before upgrading to this release. - In detail: - - - - - Check whether pg_controldata reports Latest - checkpoint's oldestMultiXid to be 1. If not, there's nothing - to do. - - - - - Look in PGDATA/pg_multixact/offsets to see if there's a - file named 0000. If there is, there's nothing to do. - - - - - Otherwise, for each table that has - pg_class.relminmxid equal to 1, - VACUUM that table with - both - and set to - zero. (You can use the vacuum cost delay parameters described - in to reduce - the performance consequences for concurrent sessions.) You must - use PostgreSQL 9.3.5 or later to perform this step. - - - - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - Improve planner's cost estimates for semi-joins and anti-joins with - inner indexscans (Tom Lane, Tomas Vondra) - - - - This type of plan is quite cheap when all the join clauses are used - as index scan conditions, even if the inner scan would nominally - fetch many rows, because the executor will stop after obtaining one - row. The planner only partially accounted for that effect, and would - therefore overestimate the cost, leading it to possibly choose some - other much less efficient plan type. - - - - - - - - - - Release 9.3.8 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.3.7. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.8 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are upgrading from a version earlier than 9.3.7, - see . - - - - - - Changes - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - Also apply the same rules in initdb --sync-only. - This case is less critical but it should act similarly. - - - - - - Fix pg_get_functiondef() to show - functions' LEAKPROOF property, if set (Jeevan Chalke) - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - - - Allow libpq to use TLS protocol versions beyond v1 - (Noah Misch) - - - - For a long time, libpq was coded so that the only SSL - protocol it would allow was TLS v1. Now that newer TLS versions are - becoming popular, allow it to negotiate the highest commonly-supported - TLS version with the server. (PostgreSQL servers were - already capable of such negotiation, so no change is needed on the - server side.) This is a back-patch of a change already released in - 9.4.0. - - - - - - - - - - Release 9.3.7 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.3.6. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.7 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you use contrib/citext's - regexp_matches() functions, see the changelog entry below - about that. - - - - Also, if you are upgrading from a version earlier than 9.3.6, - see . - - - - - - Changes - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - Protect against wraparound of multixact member IDs - (Álvaro Herrera, Robert Haas, Thomas Munro) - - - - Under certain usage patterns, the existing defenses against this might - be insufficient, allowing pg_multixact/members files to be - removed too early, resulting in data loss. - The fix for this includes modifying the server to fail transactions - that would result in overwriting old multixact member ID data, and - improving autovacuum to ensure it will act proactively to prevent - multixact member ID wraparound, as it does for transaction ID - wraparound. - - - - - - Fix incorrect declaration of contrib/citext's - regexp_matches() functions (Tom Lane) - - - - These functions should return setof text[], like the core - functions they are wrappers for; but they were incorrectly declared as - returning just text[]. This mistake had two results: first, - if there was no match you got a scalar null result, whereas what you - should get is an empty set (zero rows). Second, the g flag - was effectively ignored, since you would get only one result array even - if there were multiple matches. - - - - While the latter behavior is clearly a bug, there might be applications - depending on the former behavior; therefore the function declarations - will not be changed by default until PostgreSQL 9.5. - In pre-9.5 branches, the old behavior exists in version 1.0 of - the citext extension, while we have provided corrected - declarations in version 1.1 (which is not installed by - default). To adopt the fix in pre-9.5 branches, execute - ALTER EXTENSION citext UPDATE TO '1.1' in each database in - which citext is installed. (You can also update - back to 1.0 if you need to undo that.) Be aware that either update - direction will require dropping and recreating any views or rules that - use citext's regexp_matches() functions. - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - Fix planning of star-schema-style queries (Tom Lane) - - - - Sometimes, efficient scanning of a large table requires that index - parameters be provided from more than one other table (commonly, - dimension tables whose keys are needed to index a large fact table). - The planner should be able to find such plans, but an overly - restrictive search heuristic prevented it. - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - Fix crash when doing COPY IN to a table with check - constraints that contain whole-row references (Tom Lane) - - - - The known failure case only crashes in 9.4 and up, but there is very - similar code in 9.3 and 9.2, so back-patch those branches as well. - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - Ensure tableoid of a foreign table is reported - correctly when a READ COMMITTED recheck occurs after - locking rows in SELECT FOR UPDATE, UPDATE, - or DELETE (Etsuro Fujita) - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - Include the schema name in object identity strings for conversions - (Álvaro Herrera) - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - Report WAL flush, not insert, position in IDENTIFY_SYSTEM - replication command (Heikki Linnakangas) - - - - This avoids a possible startup failure - in pg_receivexlog. - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - In libpq, fix misparsing of empty values in URI - connection strings (Thomas Fanghaenel) - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - In pg_dump, fix failure to honor -Z - compression level option together with -Fd - (Michael Paquier) - - - - - - Make pg_dump consider foreign key relationships - between extension configuration tables while choosing dump order - (Gilles Darold, Michael Paquier, Stephen Frost) - - - - This oversight could result in producing dumps that fail to reload - because foreign key constraints are transiently violated. - - - - - - Avoid possible pg_dump failure when concurrent sessions - are creating and dropping temporary functions (Tom Lane) - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - Improve handling of readdir() failures when scanning - directories in initdb and pg_basebackup - (Marco Nenciarini) - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - Silence some build warnings on macOS (Tom Lane) - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.3.6 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.3.5. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.6 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you are a Windows user and are using the Norwegian - (Bokmål) locale, manual action is needed after the upgrade to - replace any Norwegian (Bokmål)_Norway locale names stored - in PostgreSQL system catalogs with the plain-ASCII - alias Norwegian_Norway. For details see - - - - - Also, if you are upgrading from a version earlier than 9.3.5, - see . - - - - - - Changes - - - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - - - Cope with the Windows locale named Norwegian (Bokmål) - (Heikki Linnakangas) - - - - Non-ASCII locale names are problematic since it's not clear what - encoding they should be represented in. Map the troublesome locale - name to a plain-ASCII alias, Norwegian_Norway. - - - - - - - - Avoid possible data corruption if ALTER DATABASE SET - TABLESPACE is used to move a database to a new tablespace and then - shortly later move it back to its original tablespace (Tom Lane) - - - - - - - - Avoid corrupting tables when ANALYZE inside a transaction - is rolled back (Andres Freund, Tom Lane, Michael Paquier) - - - - If the failing transaction had earlier removed the last index, rule, or - trigger from the table, the table would be left in a corrupted state - with the relevant pg_class flags not set though they - should be. - - - - - - - - Ensure that unlogged tables are copied correctly - during CREATE DATABASE or ALTER DATABASE SET - TABLESPACE (Pavan Deolasee, Andres Freund) - - - - - - - - Fix incorrect processing - of CreateEventTrigStmt.eventname (Petr - Jelinek) - - - - This could result in misbehavior if CREATE EVENT TRIGGER - were executed as a prepared query, or via extended query protocol. - - - - - - - - Fix DROP's dependency searching to correctly handle the - case where a table column is recursively visited before its table - (Petr Jelinek, Tom Lane) - - - - This case is only known to arise when an extension creates both a - datatype and a table using that datatype. The faulty code might - refuse a DROP EXTENSION unless CASCADE is - specified, which should not be required. - - - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - - - Avoid possible deadlock while trying to acquire tuple locks - in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood) - - - - - - - - Fix failure to wait when a transaction tries to acquire a FOR - NO KEY EXCLUSIVE tuple lock, while multiple other transactions - currently hold FOR SHARE locks (Álvaro Herrera) - - - - - - - - Fix planning of SELECT FOR UPDATE when using a partial - index on a child table (Kyotaro Horiguchi) - - - - In READ COMMITTED mode, SELECT FOR UPDATE must - also recheck the partial index's WHERE condition when - rechecking a recently-updated row to see if it still satisfies the - query's WHERE condition. This requirement was missed if the - index belonged to an inheritance child table, so that it was possible - to incorrectly return rows that no longer satisfy the query condition. - - - - - - - - Fix corner case wherein SELECT FOR UPDATE could return a row - twice, and possibly miss returning other rows (Tom Lane) - - - - In READ COMMITTED mode, a SELECT FOR UPDATE - that is scanning an inheritance tree could incorrectly return a row - from a prior child table instead of the one it should return from a - later child table. - - - - - - - - Improve performance of EXPLAIN with large range tables - (Tom Lane) - - - - - - - - Reject duplicate column names in the referenced-columns list of - a FOREIGN KEY declaration (David Rowley) - - - - This restriction is per SQL standard. Previously we did not reject - the case explicitly, but later on the code would fail with - bizarre-looking errors. - - - - - - - - Re-enable error for SELECT ... OFFSET -1 (Tom Lane) - - - - A negative offset value has been an error since 8.4, but an - optimization added in 9.3 accidentally turned the case into a no-op. - Restore the expected behavior. - - - - - - - - Restore previous behavior of conversion of domains to JSON - (Tom Lane) - - - - This change causes domains over numeric and boolean to be treated - like their base types for purposes of conversion to JSON. It worked - like that before 9.3.5 and 9.2.9, but was unintentionally changed - while fixing a related problem. - - - - - - - - Fix json_agg() to not return extra trailing right - brackets in its result (Tom Lane) - - - - - - - - Fix bugs in raising a numeric value to a large integral power - (Tom Lane) - - - - The previous code could get a wrong answer, or consume excessive - amounts of time and memory before realizing that the answer must - overflow. - - - - - - - - In numeric_recv(), truncate away any fractional digits - that would be hidden according to the value's dscale field - (Tom Lane) - - - - A numeric value's display scale (dscale) should - never be less than the number of nonzero fractional digits; but - apparently there's at least one broken client application that - transmits binary numeric values in which that's true. - This leads to strange behavior since the extra digits are taken into - account by arithmetic operations even though they aren't printed. - The least risky fix seems to be to truncate away such hidden - digits on receipt, so that the value is indeed what it prints as. - - - - - - - - Fix incorrect search for shortest-first regular expression matches - (Tom Lane) - - - - Matching would often fail when the number of allowed iterations is - limited by a ? quantifier or a bound expression. - - - - - - - - Reject out-of-range numeric timezone specifications (Tom Lane) - - - - Simple numeric timezone specifications exceeding +/- 168 hours (one - week) would be accepted, but could then cause null-pointer dereference - crashes in certain operations. There's no use-case for such large UTC - offsets, so reject them. - - - - - - - - Fix bugs in tsquery @> tsquery - operator (Heikki Linnakangas) - - - - Two different terms would be considered to match if they had the same - CRC. Also, if the second operand had more terms than the first, it - would be assumed not to be contained in the first; which is wrong - since it might contain duplicate terms. - - - - - - - - Improve ispell dictionary's defenses against bad affix files (Tom Lane) - - - - - - - - Allow more than 64K phrases in a thesaurus dictionary (David Boutin) - - - - The previous coding could crash on an oversize dictionary, so this was - deemed a back-patchable bug fix rather than a feature addition. - - - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - - - Ensure that whole-row variables expose nonempty column names - to functions that pay attention to column names within composite - arguments (Tom Lane) - - - - In some contexts, constructs like row_to_json(tab.*) may - not produce the expected column names. This is fixed properly as of - 9.4; in older branches, just ensure that we produce some nonempty - name. (In some cases this will be the underlying table's column name - rather than the query-assigned alias that should theoretically be - visible.) - - - - - - - - Fix mishandling of system columns, - particularly tableoid, in FDW queries (Etsuro Fujita) - - - - - - - - Fix assorted oversights in range-operator selectivity estimation - (Emre Hasegeli) - - - - This patch fixes corner-case unexpected operator NNNN planner - errors, and improves the selectivity estimates for some other cases. - - - - - - - - Avoid doing indexed_column = ANY - (array) as an index qualifier if that leads - to an inferior plan (Andrew Gierth) - - - - In some cases, = ANY conditions applied to non-first index - columns would be done as index conditions even though it would be - better to use them as simple filter conditions. - - - - - - - - Fix variable not found in subplan target list planner - failure when an inline-able SQL function taking a composite argument - is used in a LATERAL subselect and the composite argument - is a lateral reference (Tom Lane) - - - - - - - - Fix planner problems with nested append relations, such as inherited - tables within UNION ALL subqueries (Tom Lane) - - - - - - - - Fail cleanly when a GiST index tuple doesn't fit on a page, rather - than going into infinite recursion (Andrew Gierth) - - - - - - - - Exempt tables that have per-table cost_limit - and/or cost_delay settings from autovacuum's global cost - balancing rules (Álvaro Herrera) - - - - The previous behavior resulted in basically ignoring these per-table - settings, which was unintended. Now, a table having such settings - will be vacuumed using those settings, independently of what is going - on in other autovacuum workers. This may result in heavier total I/O - load than before, so such settings should be re-examined for sanity. - - - - - - - - Avoid wholesale autovacuuming when autovacuum is nominally off - (Tom Lane) - - - - Even when autovacuum is nominally off, we will still launch autovacuum - worker processes to vacuum tables that are at risk of XID wraparound. - However, such a worker process then proceeded to vacuum all tables in - the target database, if they met the usual thresholds for - autovacuuming. This is at best pretty unexpected; at worst it delays - response to the wraparound threat. Fix it so that if autovacuum is - turned off, workers only do anti-wraparound vacuums and - not any other work. - - - - - - - - During crash recovery, ensure that unlogged relations are rewritten as - empty and are synced to disk before recovery is considered complete - (Abhijit Menon-Sen, Andres Freund) - - - - This prevents scenarios in which unlogged relations might contain - garbage data following database crash recovery. - - - - - - - - Fix race condition between hot standby queries and replaying a - full-page image (Heikki Linnakangas) - - - - This mistake could result in transient errors in queries being - executed in hot standby. - - - - - - - - Fix several cases where recovery logic improperly ignored WAL records - for COMMIT/ABORT PREPARED (Heikki Linnakangas) - - - - The most notable oversight was - that recovery_target_xid could not be used to stop at - a two-phase commit. - - - - - - - - Prevent latest WAL file from being archived a second time at completion - of crash recovery (Fujii Masao) - - - - - - - - Avoid creating unnecessary .ready marker files for - timeline history files (Fujii Masao) - - - - - - - - Fix possible null pointer dereference when an empty prepared statement - is used and the log_statement setting is mod - or ddl (Fujii Masao) - - - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - - - Fix possible corruption of postmaster's list of dynamic background - workers (Andres Freund) - - - - - - - - Fix SPARC spinlock implementation to ensure correctness if the CPU is - being run in a non-TSO coherency mode, as some non-Solaris kernels do - (Andres Freund) - - - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - - - Fix processing of repeated dbname parameters - in PQconnectdbParams() (Alex Shulgin) - - - - Unexpected behavior ensued if the first occurrence - of dbname contained a connection string or URI to be - expanded. - - - - - - - - Ensure that libpq reports a suitable error message on - unexpected socket EOF (Marko Tiikkaja, Tom Lane) - - - - Depending on kernel behavior, libpq might return an - empty error string rather than something useful when the server - unexpectedly closed the socket. - - - - - - - - Clear any old error message during PQreset() - (Heikki Linnakangas) - - - - If PQreset() is called repeatedly, and the connection - cannot be re-established, error messages from the failed connection - attempts kept accumulating in the PGconn's error - string. - - - - - - - - Properly handle out-of-memory conditions while parsing connection - options in libpq (Alex Shulgin, Heikki Linnakangas) - - - - - - - - Fix array overrun in ecpg's version - of ParseDateTime() (Michael Paquier) - - - - - - - - In initdb, give a clearer error message if a password - file is specified but is empty (Mats Erik Andersson) - - - - - - - - Fix psql's \s command to work nicely with - libedit, and add pager support (Stepan Rutz, Tom Lane) - - - - When using libedit rather than readline, \s printed the - command history in a fairly unreadable encoded format, and on recent - libedit versions might fail altogether. Fix that by printing the - history ourselves rather than having the library do it. A pleasant - side-effect is that the pager is used if appropriate. - - - - This patch also fixes a bug that caused newline encoding to be applied - inconsistently when saving the command history with libedit. - Multiline history entries written by older psql - versions will be read cleanly with this patch, but perhaps not - vice versa, depending on the exact libedit versions involved. - - - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - - - Make psql's \watch command display - nulls as specified by \pset null (Fujii Masao) - - - - - - - - Fix psql's expanded-mode display to work - consistently when using border = 3 - and linestyle = ascii or unicode - (Stephen Frost) - - - - - - - - Fix pg_dump to handle comments on event triggers - without failing (Tom Lane) - - - - - - - - Allow parallel pg_dump to - use - - - - - - - Improve performance of pg_dump when the database - contains many instances of multiple dependency paths between the same - two objects (Tom Lane) - - - - - - - - Fix pg_dumpall to restore its ability to dump from - pre-8.1 servers (Gilles Darold) - - - - - - - - Fix possible deadlock during parallel restore of a schema-only dump - (Robert Haas, Tom Lane) - - - - - - - - Fix core dump in pg_dump --binary-upgrade on zero-column - composite type (Rushabh Lathia) - - - - - - - - Fix failure to fsync tables in nondefault tablespaces - during pg_upgrade (Abhijit Menon-Sen, Andres Freund) - - - - With an operating system crash and some bad luck, this could result in - data loss during an upgrade. - - - - - - - - In pg_upgrade, cope with cases where the new cluster - creates a TOAST table for a table that didn't previously have one - (Bruce Momjian) - - - - Previously this could result in failures due to OID conflicts. - - - - - - - - In pg_upgrade, don't try to - set autovacuum_multixact_freeze_max_age for the old cluster - (Bruce Momjian) - - - - This could result in failure because not all 9.3.X versions have that - parameter. Fortunately, we don't actually need to set it at all. - - - - - - - - In pg_upgrade, preserve the transaction ID epoch - (Bruce Momjian) - - - - This oversight did not bother PostgreSQL proper, - but could confuse some external replication tools. - - - - - - - - Prevent WAL files created by pg_basebackup -x/-X from - being archived again when the standby is promoted (Andres Freund) - - - - - - - - Fix memory leak in pg_receivexlog (Fujii Masao) - - - - - - - - Fix unintended suppression of pg_receivexlog verbose - messages (Fujii Masao) - - - - - - - - Fix failure of contrib/auto_explain to print per-node - timing information when doing EXPLAIN ANALYZE (Tom Lane) - - - - - - - - Fix upgrade-from-unpackaged script for contrib/citext - (Tom Lane) - - - - - - - - Avoid integer overflow and buffer overrun - in contrib/hstore's hstore_to_json() - (Heikki Linnakangas) - - - - - - - - Fix recognition of numbers in hstore_to_json_loose(), - so that JSON numbers and strings are correctly distinguished - (Andrew Dunstan) - - - - - - - - Fix block number checking - in contrib/pageinspect's get_raw_page() - (Tom Lane) - - - - The incorrect checking logic could prevent access to some pages in - non-main relation forks. - - - - - - - - Fix contrib/pgcrypto's pgp_sym_decrypt() - to not fail on messages whose length is 6 less than a power of 2 - (Marko Tiikkaja) - - - - - - - - Fix file descriptor leak in contrib/pg_test_fsync - (Jeff Janes) - - - - This could cause failure to remove temporary files on Windows. - - - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - - - Avoid a possible crash in contrib/xml2's - xslt_process() (Mark Simonetti) - - - - libxslt seems to have an undocumented dependency on - the order in which resources are freed; reorder our calls to avoid a - crash. - - - - - - - - Mark some contrib I/O functions with correct volatility - properties (Tom Lane) - - - - The previous over-conservative marking was immaterial in normal use, - but could cause optimization problems or rejection of valid index - expression definitions. Since the consequences are not large, we've - just adjusted the function definitions in the extension modules' - scripts, without changing version numbers. - - - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - - - Fix setup of background workers in EXEC_BACKEND builds, eg Windows - (Robert Haas) - - - - - - - - Detect incompatible OpenLDAP versions during build (Noah Misch) - - - - With OpenLDAP versions 2.4.24 through 2.4.31, - inclusive, PostgreSQL backends can crash at exit. - Raise a warning during configure based on the - compile-time OpenLDAP version number, and test the crashing scenario - in the contrib/dblink regression test. - - - - - - - - In non-MSVC Windows builds, ensure libpq.dll is installed - with execute permissions (Noah Misch) - - - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - - - Update time zone abbreviations lists (Tom Lane) - - - - Add CST (China Standard Time) to our lists. - Remove references to ADT as Arabia Daylight Time, an - abbreviation that's been out of use since 2007; therefore, claiming - there is a conflict with Atlantic Daylight Time doesn't seem - especially helpful. - Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST - (Fiji); we didn't even have them on the proper side of the date line. - - - - - - - - Update time zone data files to tzdata release 2015a. - - - - The IANA timezone database has adopted abbreviations of the form - AxST/AxDT - for all Australian time zones, reflecting what they believe to be - current majority practice Down Under. These names do not conflict - with usage elsewhere (other than ACST for Acre Summer Time, which has - been in disuse since 1994). Accordingly, adopt these names into - our Default timezone abbreviation set. - The Australia abbreviation set now contains only CST, EAST, - EST, SAST, SAT, and WST, all of which are thought to be mostly - historical usage. Note that SAST has also been changed to be South - Africa Standard Time in the Default abbreviation set. - - - - Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT - (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were - DST law changes in Chile, Mexico, the Turks & Caicos Islands - (America/Grand_Turk), and Fiji. There is a new zone - Pacific/Bougainville for portions of Papua New Guinea. Also, numerous - corrections for historical (pre-1970) time zone data. - - - - - - - - - - Release 9.3.5 - - - Release date: - 2014-07-24 - - - - This release contains a variety of fixes from 9.3.4. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.5 - - - A dump/restore is not required for those running 9.3.X. - - - - However, this release corrects a logic error - in pg_upgrade, as well as an index corruption problem in - some GiST indexes. See the first two changelog entries below to find out - whether your installation has been affected and what steps you should take - if so. - - - - Also, if you are upgrading from a version earlier than 9.3.4, - see . - - - - - - Changes - - - - - - - - In pg_upgrade, remove pg_multixact files - left behind by initdb (Bruce Momjian) - - - - If you used a pre-9.3.5 version of pg_upgrade to - upgrade a database cluster to 9.3, it might have left behind a file - $PGDATA/pg_multixact/offsets/0000 that should not be - there and will eventually cause problems in VACUUM. - However, in common cases this file is actually valid and - must not be removed. - To determine whether your installation has this problem, run this - query as superuser, in any database of the cluster: - -WITH list(file) AS (SELECT * FROM pg_ls_dir('pg_multixact/offsets')) -SELECT EXISTS (SELECT * FROM list WHERE file = '0000') AND - NOT EXISTS (SELECT * FROM list WHERE file = '0001') AND - NOT EXISTS (SELECT * FROM list WHERE file = 'FFFF') AND - EXISTS (SELECT * FROM list WHERE file != '0000') - AS file_0000_removal_required; - - If this query returns t, manually remove the file - $PGDATA/pg_multixact/offsets/0000. - Do nothing if the query returns f. - - - - - - - - Correctly initialize padding bytes in contrib/btree_gist - indexes on bit columns (Heikki Linnakangas) - - - - This error could result in incorrect query results due to values that - should compare equal not being seen as equal. - Users with GiST indexes on bit or bit varying - columns should REINDEX those indexes after installing this - update. - - - - - - - - Protect against torn pages when deleting GIN list pages (Heikki - Linnakangas) - - - - This fix prevents possible index corruption if a system crash occurs - while the page update is being written to disk. - - - - - - - - Don't clear the right-link of a GiST index page while replaying - updates from WAL (Heikki Linnakangas) - - - - This error could lead to transiently wrong answers from GiST index - scans performed in Hot Standby. - - - - - - - - Fix corner-case infinite loop during insertion into an SP-GiST text - index (Tom Lane) - - - - - - - - Fix incorrect answers from SP-GiST index searches - with -|- (range adjacency) operator - (Heikki Linnakangas) - - - - - - - - Fix wraparound handling for pg_multixact/members - (Álvaro Herrera) - - - - - - - - Truncate pg_multixact during checkpoints, not - during VACUUM (Álvaro Herrera) - - - - This change ensures that pg_multixact segments can't be - removed if they'd still be needed during WAL replay after a crash. - - - - - - - - Fix possible inconsistency of all-visible flags after WAL recovery - (Heikki Linnakangas) - - - - - - - - Fix possibly-incorrect cache invalidation during nested calls - to ReceiveSharedInvalidMessages (Andres Freund) - - - - - - - - Fix race condition when updating a tuple concurrently locked by - another process (Andres Freund, Álvaro Herrera) - - - - - - - - Fix could not find pathkey item to sort planner failures - with UNION ALL over subqueries reading from tables with - inheritance children (Tom Lane) - - - - - - - - Don't assume a subquery's output is unique if there's a set-returning - function in its targetlist (David Rowley) - - - - This oversight could lead to misoptimization of constructs - like WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP - BY y). - - - - - - - - Improve planner to drop constant-NULL inputs - of AND/OR when possible (Tom Lane) - - - - This change fixes some cases where the more aggressive parameter - substitution done by 9.2 and later can lead to a worse plan than - older versions produced. - - - - - - - - Ensure that the planner sees equivalent VARIADIC and - non-VARIADIC function calls as equivalent (Tom Lane) - - - - This bug could for example result in failure to use expression indexes - involving variadic functions. It might be necessary to re-create such - indexes, and/or re-create views including variadic function calls that - should match the indexes, for the fix to be effective for existing 9.3 - installations. - - - - - - - - Fix handling of nested JSON objects - in json_populate_recordset() and friends - (Michael Paquier, Tom Lane) - - - - A nested JSON object could result in previous fields of the - parent object not being shown in the output. - - - - - - - - Fix identification of input type category in to_json() - and friends (Tom Lane) - - - - This is known to have led to inadequate quoting of money - fields in the JSON result, and there may have been wrong - results for other data types as well. - - - - - - - - Fix failure to detoast fields in composite elements of structured - types (Tom Lane) - - - - This corrects cases where TOAST pointers could be copied into other - tables without being dereferenced. If the original data is later - deleted, it would lead to errors like missing chunk number 0 - for toast value ... when the now-dangling pointer is used. - - - - - - - - Fix record type has not been registered failures with - whole-row references to the output of Append plan nodes (Tom Lane) - - - - - - - - Fix possible crash when invoking a user-defined function while - rewinding a cursor (Tom Lane) - - - - - - - - Fix query-lifespan memory leak while evaluating the arguments for a - function in FROM (Tom Lane) - - - - - - - - Fix session-lifespan memory leaks in regular-expression processing - (Tom Lane, Arthur O'Dwyer, Greg Stark) - - - - - - - - Fix data encoding error in hungarian.stop (Tom Lane) - - - - - - - - Prevent foreign tables from being created with OIDS - when is true - (Etsuro Fujita) - - - - - - - - Fix liveness checks for rows that were inserted in the current - transaction and then deleted by a now-rolled-back subtransaction - (Andres Freund) - - - - This could cause problems (at least spurious warnings, and at worst an - infinite loop) if CREATE INDEX or CLUSTER were - done later in the same transaction. - - - - - - - - Clear pg_stat_activity.xact_start - during PREPARE TRANSACTION (Andres Freund) - - - - After the PREPARE, the originating session is no longer in - a transaction, so it should not continue to display a transaction - start time. - - - - - - - - Fix REASSIGN OWNED to not fail for text search objects - (Álvaro Herrera) - - - - - - - - Prevent pg_class.relminmxid values from - going backwards during VACUUM FULL (Álvaro Herrera) - - - - - - - - Reduce indentation in rule/view dumps to improve readability and avoid - excessive whitespace (Greg Stark, Tom Lane) - - - - This change reduces the amount of indentation applied to nested - constructs, including some cases that the user probably doesn't think - of as nested, such as UNION lists. Previously, deeply nested - constructs were printed with an amount of whitespace growing as - O(N^2), which created a performance problem and even risk of - out-of-memory failures. Now the indentation is reduced modulo 40, - which is initially odd to look at but seems to preserve readability - better than simply limiting the indentation would do. - Redundant parenthesization of UNION lists has been reduced as well. - - - - - - - - Fix dumping of rules/views when subsequent addition of a column has - resulted in multiple input columns matching a USING - specification (Tom Lane) - - - - - - - - Repair view printing for some cases involving functions - in FROM that return a composite type containing dropped - columns (Tom Lane) - - - - - - - - Block signals during postmaster startup (Tom Lane) - - - - This ensures that the postmaster will properly clean up after itself - if, for example, it receives SIGINT while still - starting up. - - - - - - - - Fix client host name lookup when processing pg_hba.conf - entries that specify host names instead of IP addresses (Tom Lane) - - - - Ensure that reverse-DNS lookup failures are reported, instead of just - silently not matching such entries. Also ensure that we make only - one reverse-DNS lookup attempt per connection, not one per host name - entry, which is what previously happened if the lookup attempts failed. - - - - - - - - Allow the root user to use postgres -C variable and - postgres --describe-config (MauMau) - - - - The prohibition on starting the server as root does not need to extend - to these operations, and relaxing it prevents failure - of pg_ctl in some scenarios. - - - - - - - - Secure Unix-domain sockets of temporary postmasters started during - make check (Noah Misch) - - - - Any local user able to access the socket file could connect as the - server's bootstrap superuser, then proceed to execute arbitrary code as - the operating-system user running the test, as we previously noted in - CVE-2014-0067. This change defends against that risk by placing the - server's socket in a temporary, mode 0700 subdirectory - of /tmp. The hazard remains however on platforms where - Unix sockets are not supported, notably Windows, because then the - temporary postmaster must accept local TCP connections. - - - - A useful side effect of this change is to simplify - make check testing in builds that - override DEFAULT_PGSOCKET_DIR. Popular non-default values - like /var/run/postgresql are often not writable by the - build user, requiring workarounds that will no longer be necessary. - - - - - - - - Fix tablespace creation WAL replay to work on Windows (MauMau) - - - - - - - - Fix detection of socket creation failures on Windows (Bruce Momjian) - - - - - - - - On Windows, allow new sessions to absorb values of PGC_BACKEND - parameters (such as ) from the - configuration file (Amit Kapila) - - - - Previously, if such a parameter were changed in the file post-startup, - the change would have no effect. - - - - - - - - Properly quote executable path names on Windows (Nikhil Deshpande) - - - - This oversight could cause initdb - and pg_upgrade to fail on Windows, if the installation - path contained both spaces and @ signs. - - - - - - - - Fix linking of libpython on macOS (Tom Lane) - - - - The method we previously used can fail with the Python library - supplied by Xcode 5.0 and later. - - - - - - - - Avoid buffer bloat in libpq when the server - consistently sends data faster than the client can absorb it - (Shin-ichi Morita, Tom Lane) - - - - libpq could be coerced into enlarging its input buffer - until it runs out of memory (which would be reported misleadingly - as lost synchronization with server). Under ordinary - circumstances it's quite far-fetched that data could be continuously - transmitted more quickly than the recv() loop can - absorb it, but this has been observed when the client is artificially - slowed by scheduler constraints. - - - - - - - - Ensure that LDAP lookup attempts in libpq time out as - intended (Laurenz Albe) - - - - - - - - Fix ecpg to do the right thing when an array - of char * is the target for a FETCH statement returning more - than one row, as well as some other array-handling fixes - (Ashutosh Bapat) - - - - - - - - Fix pg_dump to cope with a materialized view that - depends on a table's primary key (Tom Lane) - - - - This occurs if the view's query relies on functional dependency to - abbreviate a GROUP BY list. pg_dump got - sufficiently confused that it dumped the materialized view as a - regular view. - - - - - - - - Fix parsing of pg_dumpall's - - - - - - - Fix pg_restore's processing of old-style large object - comments (Tom Lane) - - - - A direct-to-database restore from an archive file generated by a - pre-9.0 version of pg_dump would usually fail if the - archive contained more than a few comments for large objects. - - - - - - - - Fix pg_upgrade for cases where the new server creates - a TOAST table but the old version did not (Bruce Momjian) - - - - This rare situation would manifest as relation OID mismatch - errors. - - - - - - - - In pg_upgrade, - preserve pg_database.datminmxid - and pg_class.relminmxid values from the - old cluster, or insert reasonable values when upgrading from pre-9.3; - also defend against unreasonable values in the core server - (Bruce Momjian, Álvaro Herrera, Tom Lane) - - - - These changes prevent scenarios in which autovacuum might insist on - scanning the entire cluster's contents immediately upon starting the - new cluster, or in which tracking of unfrozen MXID values might be - disabled completely. - - - - - - - - Prevent contrib/auto_explain from changing the output of - a user's EXPLAIN (Tom Lane) - - - - If auto_explain is active, it could cause - an EXPLAIN (ANALYZE, TIMING OFF) command to nonetheless - print timing information. - - - - - - - - Fix query-lifespan memory leak in contrib/dblink - (MauMau, Joe Conway) - - - - - - - - In contrib/pgcrypto functions, ensure sensitive - information is cleared from stack variables before returning - (Marko Kreen) - - - - - - - - Prevent use of already-freed memory in - contrib/pgstattuple's pgstat_heap() - (Noah Misch) - - - - - - - - In contrib/uuid-ossp, cache the state of the OSSP UUID - library across calls (Tom Lane) - - - - This improves the efficiency of UUID generation and reduces the amount - of entropy drawn from /dev/urandom, on platforms that - have that. - - - - - - - - Update time zone data files to tzdata release 2014e - for DST law changes in Crimea, Egypt, and Morocco. - - - - - - - - - - Release 9.3.4 - - - Release date: - 2014-03-20 - - - - This release contains a variety of fixes from 9.3.3. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.4 - - - A dump/restore is not required for those running 9.3.X. - - - - However, the error fixed in the first changelog entry below could have - resulted in corrupt data on standby servers. It may be prudent to - reinitialize standby servers from fresh base backups after installing - this update. - - - - Also, if you are upgrading from a version earlier than 9.3.3, - see . - - - - - - Changes - - - - - - - - Fix WAL replay of locking an already-updated tuple (Andres Freund, - Álvaro Herrera) - - - - This error caused updated rows to not be found by index scans, resulting - in inconsistent query results depending on whether an index scan was - used. Subsequent processing could result in constraint violations, - since the previously updated row would not be found by later index - searches, thus possibly allowing conflicting rows to be inserted. - Since this error is in WAL replay, it would only manifest during crash - recovery or on standby servers. The improperly-replayed case most - commonly arises when a table row that is referenced by a foreign-key - constraint is updated concurrently with creation of a referencing row. - - - - - - - - Restore GIN metapages unconditionally to avoid torn-page risk - (Heikki Linnakangas) - - - - Although this oversight could theoretically result in a corrupted - index, it is unlikely to have caused any problems in practice, since - the active part of a GIN metapage is smaller than a standard 512-byte - disk sector. - - - - - - - - Avoid race condition in checking transaction commit status during - receipt of a NOTIFY message (Marko Tiikkaja) - - - - This prevents a scenario wherein a sufficiently fast client might - respond to a notification before database updates made by the - notifier have become visible to the recipient. - - - - - - - - Allow materialized views to be referenced in UPDATE - and DELETE commands (Michael Paquier) - - - - Previously such queries failed with a complaint about not being able - to lock rows in the materialized view. - - - - - - - - Allow regular-expression operators to be terminated early by query - cancel requests (Tom Lane) - - - - This prevents scenarios wherein a pathological regular expression - could lock up a server process uninterruptibly for a long time. - - - - - - - - Remove incorrect code that tried to allow OVERLAPS with - single-element row arguments (Joshua Yanovski) - - - - This code never worked correctly, and since the case is neither - specified by the SQL standard nor documented, it seemed better to - remove it than fix it. - - - - - - - - Avoid getting more than AccessShareLock when de-parsing a - rule or view (Dean Rasheed) - - - - This oversight resulted in pg_dump unexpectedly - acquiring RowExclusiveLock locks on tables mentioned as - the targets of INSERT/UPDATE/DELETE - commands in rules. While usually harmless, that could interfere with - concurrent transactions that tried to acquire, for example, - ShareLock on those tables. - - - - - - - - Improve performance of index endpoint probes during planning (Tom Lane) - - - - This change fixes a significant performance problem that occurred - when there were many not-yet-committed rows at the end of the index, - which is a common situation for indexes on sequentially-assigned - values such as timestamps or sequence-generated identifiers. - - - - - - - - Use non-default selectivity estimates for - value IN (list) and - value operator ANY - (array) - expressions when the righthand side is a stable expression (Tom Lane) - - - - - - - - Remove the correct per-database statistics file during DROP - DATABASE (Tomas Vondra) - - - - This fix prevents a permanent leak of statistics file space. - Users who have done many DROP DATABASE commands since - upgrading to PostgreSQL 9.3 may wish to check their - statistics directory and delete statistics files that do not - correspond to any existing database. Please note - that db_0.stat should not be removed. - - - - - - - - Fix walsender ping logic to avoid inappropriate - disconnects under continuous load (Andres Freund, Heikki Linnakangas) - - - - walsender failed to send ping messages to the client - if it was constantly busy sending WAL data; but it expected to see - ping responses despite that, and would therefore disconnect - once elapsed. - - - - - - - - Fix walsender's failure to shut down cleanly when client - is pg_receivexlog (Fujii Masao) - - - - - - - - Check WAL level and hot standby parameters correctly when doing crash - recovery that will be followed by archive recovery (Heikki Linnakangas) - - - - - - - - Fix test to see if hot standby connections can be allowed immediately - after a crash (Heikki Linnakangas) - - - - - - - - Add read-only parameter to - display whether page checksums are enabled (Heikki Linnakangas) - - - - Without this parameter, determining the state of checksum - processing was difficult. - - - - - - - - Prevent interrupts while reporting non-ERROR messages - (Tom Lane) - - - - This guards against rare server-process freezeups due to recursive - entry to syslog(), and perhaps other related problems. - - - - - - - - Fix memory leak in PL/Perl when returning a composite result, including - multiple-OUT-parameter cases (Alex Hunsaker) - - - - - - - - Fix tracking of psql script line numbers - during \copy from out-of-line data - (Kumar Rajeev Rastogi, Amit Khandekar) - - - - \copy ... from incremented the script file line number - for each data line, even if the data was not coming from the script - file. This mistake resulted in wrong line numbers being reported for - any errors occurring later in the same script file. - - - - - - - - Fix contrib/postgres_fdw to handle multiple join - conditions properly (Tom Lane) - - - - This oversight could result in sending WHERE clauses to - the remote server for execution even though the clauses are not known - to have the same semantics on the remote server (for example, clauses - that use non-built-in operators). The query might succeed anyway, - but it could also fail with errors from the remote server, or worse - give silently wrong answers. - - - - - - - - Prevent intermittent could not reserve shared memory region - failures on recent Windows versions (MauMau) - - - - - - - - Update time zone data files to tzdata release 2014a - for DST law changes in Fiji and Turkey, plus historical changes in - Israel and Ukraine. - - - - - - - - - - Release 9.3.3 - - - Release date: - 2014-02-20 - - - - This release contains a variety of fixes from 9.3.2. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.3 - - - A dump/restore is not required for those running 9.3.X. - - - - However, several of the issues corrected in this release could have - resulted in corruption of foreign-key constraints; that is, there - might now be referencing rows for which there is no matching row in - the referenced table. It may be worthwhile to recheck such - constraints after installing this update. The simplest way to do that - is to drop and recreate each suspect constraint; however, that will - require taking an exclusive lock on both tables, so it is unlikely to - be acceptable in production databases. Alternatively, you can do a - manual join query between the two tables to look for unmatched rows. - - - - Note also the requirement for replication standby servers to be - upgraded before their master server is upgraded. - - - - Also, if you are upgrading from a version earlier than 9.3.2, - see . - - - - - - Changes - - - - - - - - Shore up GRANT ... WITH ADMIN OPTION restrictions - (Noah Misch) - - - - Granting a role without ADMIN OPTION is supposed to - prevent the grantee from adding or removing members from the granted - role, but this restriction was easily bypassed by doing SET - ROLE first. The security impact is mostly that a role member can - revoke the access of others, contrary to the wishes of his grantor. - Unapproved role member additions are a lesser concern, since an - uncooperative role member could provide most of his rights to others - anyway by creating views or SECURITY DEFINER functions. - (CVE-2014-0060) - - - - - - - - Prevent privilege escalation via manual calls to PL validator - functions (Andres Freund) - - - - The primary role of PL validator functions is to be called implicitly - during CREATE FUNCTION, but they are also normal SQL - functions that a user can call explicitly. Calling a validator on - a function actually written in some other language was not checked - for and could be exploited for privilege-escalation purposes. - The fix involves adding a call to a privilege-checking function in - each validator function. Non-core procedural languages will also - need to make this change to their own validator functions, if any. - (CVE-2014-0061) - - - - - - - - Avoid multiple name lookups during table and index DDL - (Robert Haas, Andres Freund) - - - - If the name lookups come to different conclusions due to concurrent - activity, we might perform some parts of the DDL on a different table - than other parts. At least in the case of CREATE INDEX, - this can be used to cause the permissions checks to be performed - against a different table than the index creation, allowing for a - privilege escalation attack. - (CVE-2014-0062) - - - - - - - - Prevent buffer overrun with long datetime strings (Noah Misch) - - - - The MAXDATELEN constant was too small for the longest - possible value of type interval, allowing a buffer overrun - in interval_out(). Although the datetime input - functions were more careful about avoiding buffer overrun, the limit - was short enough to cause them to reject some valid inputs, such as - input containing a very long timezone name. The ecpg - library contained these vulnerabilities along with some of its own. - (CVE-2014-0063) - - - - - - - - Prevent buffer overrun due to integer overflow in size calculations - (Noah Misch, Heikki Linnakangas) - - - - Several functions, mostly type input functions, calculated an - allocation size without checking for overflow. If overflow did - occur, a too-small buffer would be allocated and then written past. - (CVE-2014-0064) - - - - - - - - Prevent overruns of fixed-size buffers - (Peter Eisentraut, Jozef Mlich) - - - - Use strlcpy() and related functions to provide a clear - guarantee that fixed-size buffers are not overrun. Unlike the - preceding items, it is unclear whether these cases really represent - live issues, since in most cases there appear to be previous - constraints on the size of the input string. Nonetheless it seems - prudent to silence all Coverity warnings of this type. - (CVE-2014-0065) - - - - - - - - Avoid crashing if crypt() returns NULL (Honza Horak, - Bruce Momjian) - - - - There are relatively few scenarios in which crypt() - could return NULL, but contrib/chkpass would crash - if it did. One practical case in which this could be an issue is - if libc is configured to refuse to execute unapproved - hashing algorithms (e.g., FIPS mode). - (CVE-2014-0066) - - - - - - - - Document risks of make check in the regression testing - instructions (Noah Misch, Tom Lane) - - - - Since the temporary server started by make check - uses trust authentication, another user on the same machine - could connect to it as database superuser, and then potentially - exploit the privileges of the operating-system user who started the - tests. A future release will probably incorporate changes in the - testing procedure to prevent this risk, but some public discussion is - needed first. So for the moment, just warn people against using - make check when there are untrusted users on the - same machine. - (CVE-2014-0067) - - - - - - - - Rework tuple freezing protocol - (Álvaro Herrera, Andres Freund) - - - - The logic for tuple freezing was unable to handle some cases involving - freezing of - multixact - IDs, with the practical effect that shared row-level locks - might be forgotten once old enough. - - - - Fixing this required changing the WAL record format for tuple - freezing. While this is no issue for standalone servers, when using - replication it means that standby servers must be upgraded - to 9.3.3 or later before their masters are. An older standby will - be unable to interpret freeze records generated by a newer master, and - will fail with a PANIC message. (In such a case, upgrading the - standby should be sufficient to let it resume execution.) - - - - - - - - Create separate GUC parameters to control multixact freezing - (Álvaro Herrera) - - - - 9.3 requires multixact tuple labels to be frozen before - they grow too old, in the same fashion as plain transaction ID labels - have been frozen for some time. Previously, the transaction ID - freezing parameters were used for multixact IDs too; but since - the consumption rates of transaction IDs and multixact IDs can be - quite different, this did not work very well. Introduce new settings - , - , and - - to control when to freeze multixacts. - - - - - - - - Account for remote row locks propagated by local updates - (Álvaro Herrera) - - - - If a row was locked by transaction A, and transaction B updated it, - the new version of the row created by B would be locked by A, yet - visible only to B. If transaction B then again updated the row, A's - lock wouldn't get checked, thus possibly allowing B to complete when - it shouldn't. This case is new in 9.3 since prior versions did not - have any types of row locking that would permit another transaction - to update the row at all. - - - - This oversight could allow referential integrity checks to give false - positives (for instance, allow deletes that should have been rejected). - Applications using the new commands SELECT FOR KEY SHARE - and SELECT FOR NO KEY UPDATE might also have suffered - locking failures of this kind. - - - - - - - - Prevent forgetting valid row locks when one of several - holders of a row lock aborts (Álvaro Herrera) - - - - This was yet another mechanism by which a shared row lock could be - lost, thus possibly allowing updates that should have been prevented - by foreign-key constraints. - - - - - - - - Fix incorrect logic during update chain locking - (Álvaro Herrera) - - - - This mistake could result in spurious could not serialize access - due to concurrent update errors in REPEATABLE READ - and SERIALIZABLE transaction isolation modes. - - - - - - - - Handle wraparound correctly during extension or truncation - of pg_multixact/members - (Andres Freund, Álvaro Herrera) - - - - - - - - Fix handling of 5-digit filenames in pg_multixact/members - (Álvaro Herrera) - - - - As of 9.3, these names can be more than 4 digits, but the directory - cleanup code ignored such files. - - - - - - - - Improve performance of multixact cache code - (Álvaro Herrera) - - - - - - - - Optimize updating a row that's already locked by the same transaction - (Andres Freund, Álvaro Herrera) - - - - This fixes a performance regression from pre-9.3 versions when doing - SELECT FOR UPDATE followed by UPDATE/DELETE. - - - - - - - - During archive recovery, prefer highest timeline number when WAL - segments with the same ID are present in both the archive - and pg_xlog/ (Kyotaro Horiguchi) - - - - Previously, not-yet-archived segments could get ignored during - recovery. This reverts an undesirable behavioral change in 9.3.0 - back to the way things worked pre-9.3. - - - - - - - - Fix possible mis-replay of WAL records when some segments of a - relation aren't full size (Greg Stark, Tom Lane) - - - - The WAL update could be applied to the wrong page, potentially many - pages past where it should have been. Aside from corrupting data, - this error has been observed to result in significant bloat - of standby servers compared to their masters, due to updates being - applied far beyond where the end-of-file should have been. This - failure mode does not appear to be a significant risk during crash - recovery, only when initially synchronizing a standby created from a - base backup taken from a quickly-changing master. - - - - - - - - Fix bug in determining when recovery has reached consistency - (Tomonari Katsumata, Heikki Linnakangas) - - - - In some cases WAL replay would mistakenly conclude that the database - was already consistent at the start of replay, thus possibly allowing - hot-standby queries before the database was really consistent. Other - symptoms such as PANIC: WAL contains references to invalid - pages were also possible. - - - - - - - - Fix WAL logging of visibility map changes (Heikki Linnakangas) - - - - - - - - Fix improper locking of btree index pages while replaying - a VACUUM operation in hot-standby mode (Andres Freund, - Heikki Linnakangas, Tom Lane) - - - - This error could result in PANIC: WAL contains references to - invalid pages failures. - - - - - - - - Ensure that insertions into non-leaf GIN index pages write a full-page - WAL record when appropriate (Heikki Linnakangas) - - - - The previous coding risked index corruption in the event of a - partial-page write during a system crash. - - - - - - - - When pause_at_recovery_target - and recovery_target_inclusive are both set, ensure the - target record is applied before pausing, not after (Heikki - Linnakangas) - - - - - - - - Ensure walreceiver sends hot-standby feedback messages on time even - when there is a continuous stream of data (Andres Freund, Amit - Kapila) - - - - - - - - Prevent timeout interrupts from taking control away from mainline - code unless ImmediateInterruptOK is set - (Andres Freund, Tom Lane) - - - - This is a serious issue for any application making use of statement - timeouts, as it could cause all manner of strange failures after a - timeout occurred. We have seen reports of stuck spinlocks, - ERRORs being unexpectedly promoted to PANICs, unkillable backends, - and other misbehaviors. - - - - - - - - Fix race conditions during server process exit (Robert Haas) - - - - Ensure that signal handlers don't attempt to use the - process's MyProc pointer after it's no longer valid. - - - - - - - - Fix race conditions in walsender shutdown logic and walreceiver - SIGHUP signal handler (Tom Lane) - - - - - - - - Fix unsafe references to errno within error reporting - logic (Christian Kruse) - - - - This would typically lead to odd behaviors such as missing or - inappropriate HINT fields. - - - - - - - - Fix possible crashes from using ereport() too early - during server startup (Tom Lane) - - - - The principal case we've seen in the field is a crash if the server - is started in a directory it doesn't have permission to read. - - - - - - - - Clear retry flags properly in OpenSSL socket write - function (Alexander Kukushkin) - - - - This omission could result in a server lockup after unexpected loss - of an SSL-encrypted connection. - - - - - - - - Fix length checking for Unicode identifiers (U&"..." - syntax) containing escapes (Tom Lane) - - - - A spurious truncation warning would be printed for such identifiers - if the escaped form of the identifier was too long, but the - identifier actually didn't need truncation after de-escaping. - - - - - - - - Fix parsing of Unicode literals and identifiers just before the end - of a command string or function body (Tom Lane) - - - - - - - - Allow keywords that are type names to be used in lists of roles - (Stephen Frost) - - - - A previous patch allowed such keywords to be used without quoting - in places such as role identifiers; but it missed cases where a - list of role identifiers was permitted, such as DROP ROLE. - - - - - - - - Fix parser crash for EXISTS(SELECT * FROM - zero_column_table) (Tom Lane) - - - - - - - - Fix possible crash due to invalid plan for nested sub-selects, such - as WHERE (... x IN (SELECT ...) ...) IN (SELECT ...) - (Tom Lane) - - - - - - - - Fix mishandling of WHERE conditions pulled up from - a LATERAL subquery (Tom Lane) - - - - The typical symptom of this bug was a JOIN qualification - cannot refer to other relations error, though subtle logic - errors in created plans seem possible as well. - - - - - - - - Disallow LATERAL references to the target table of - an UPDATE/DELETE (Tom Lane) - - - - While this might be allowed in some future release, it was - unintentional in 9.3, and didn't work quite right anyway. - - - - - - - - Fix UPDATE/DELETE of an inherited target table - that has UNION ALL subqueries (Tom Lane) - - - - Without this fix, UNION ALL subqueries aren't correctly - inserted into the update plans for inheritance child tables after the - first one, typically resulting in no update happening for those child - table(s). - - - - - - - - Fix ANALYZE to not fail on a column that's a domain over - a range type (Tom Lane) - - - - - - - - Ensure that ANALYZE creates statistics for a table column - even when all the values in it are too wide (Tom Lane) - - - - ANALYZE intentionally omits very wide values from its - histogram and most-common-values calculations, but it neglected to do - something sane in the case that all the sampled entries are too wide. - - - - - - - - In ALTER TABLE ... SET TABLESPACE, allow the database's - default tablespace to be used without a permissions check - (Stephen Frost) - - - - CREATE TABLE has always allowed such usage, - but ALTER TABLE didn't get the memo. - - - - - - - - Fix support for extensions containing event triggers (Tom Lane) - - - - - - - - Fix cannot accept a set error when some arms of - a CASE return a set and others don't (Tom Lane) - - - - - - - - Fix memory leakage in JSON functions (Craig Ringer) - - - - - - - - Properly distinguish numbers from non-numbers when generating JSON - output (Andrew Dunstan) - - - - - - - - Fix checks for all-zero client addresses in pgstat functions (Kevin - Grittner) - - - - - - - - Fix possible misclassification of multibyte characters by the text - search parser (Tom Lane) - - - - Non-ASCII characters could be misclassified when using C locale with - a multibyte encoding. On Cygwin, non-C locales could fail as well. - - - - - - - - Fix possible misbehavior in plainto_tsquery() - (Heikki Linnakangas) - - - - Use memmove() not memcpy() for copying - overlapping memory regions. There have been no field reports of - this actually causing trouble, but it's certainly risky. - - - - - - - - Fix placement of permissions checks in pg_start_backup() - and pg_stop_backup() (Andres Freund, Magnus Hagander) - - - - The previous coding might attempt to do catalog access when it - shouldn't. - - - - - - - - Accept SHIFT_JIS as an encoding name for locale checking - purposes (Tatsuo Ishii) - - - - - - - - Fix *-qualification of named parameters in SQL-language - functions (Tom Lane) - - - - Given a composite-type parameter - named foo, $1.* worked fine, - but foo.* not so much. - - - - - - - - Fix misbehavior of PQhost() on Windows (Fujii Masao) - - - - It should return localhost if no host has been specified. - - - - - - - - Improve error handling in libpq and psql - for failures during COPY TO STDOUT/FROM STDIN (Tom Lane) - - - - In particular this fixes an infinite loop that could occur in 9.2 and - up if the server connection was lost during COPY FROM - STDIN. Variants of that scenario might be possible in older - versions, or with other client applications. - - - - - - - - Fix incorrect translation handling in - some psql \d commands - (Peter Eisentraut, Tom Lane) - - - - - - - - Ensure pg_basebackup's background process is killed - when exiting its foreground process (Magnus Hagander) - - - - - - - - Fix possible incorrect printing of filenames - in pg_basebackup's verbose mode (Magnus Hagander) - - - - - - - - Avoid including tablespaces inside PGDATA twice in base backups - (Dimitri Fontaine, Magnus Hagander) - - - - - - - - Fix misaligned descriptors in ecpg (MauMau) - - - - - - - - In ecpg, handle lack of a hostname in the connection - parameters properly (Michael Meskes) - - - - - - - - Fix performance regression in contrib/dblink connection - startup (Joe Conway) - - - - Avoid an unnecessary round trip when client and server encodings match. - - - - - - - - In contrib/isn, fix incorrect calculation of the check - digit for ISMN values (Fabien Coelho) - - - - - - - - Fix contrib/pgbench's progress logging to avoid overflow - when the scale factor is large (Tatsuo Ishii) - - - - - - - - Fix contrib/pg_stat_statement's handling - of CURRENT_DATE and related constructs (Kyotaro - Horiguchi) - - - - - - - - Improve lost-connection error handling - in contrib/postgres_fdw (Tom Lane) - - - - - - - - Ensure client-code-only installation procedure works as documented - (Peter Eisentraut) - - - - - - - - In Mingw and Cygwin builds, install the libpq DLL - in the bin directory (Andrew Dunstan) - - - - This duplicates what the MSVC build has long done. It should fix - problems with programs like psql failing to start - because they can't find the DLL. - - - - - - - - Avoid using the deprecated dllwrap tool in Cygwin builds - (Marco Atzeri) - - - - - - - - Enable building with Visual Studio 2013 (Brar Piening) - - - - - - - - Don't generate plain-text HISTORY - and src/test/regress/README files anymore (Tom Lane) - - - - These text files duplicated the main HTML and PDF documentation - formats. The trouble involved in maintaining them greatly outweighs - the likely audience for plain-text format. Distribution tarballs - will still contain files by these names, but they'll just be stubs - directing the reader to consult the main documentation. - The plain-text INSTALL file will still be maintained, as - there is arguably a use-case for that. - - - - - - - - Update time zone data files to tzdata release 2013i - for DST law changes in Jordan and historical changes in Cuba. - - - - In addition, the zones Asia/Riyadh87, - Asia/Riyadh88, and Asia/Riyadh89 have been - removed, as they are no longer maintained by IANA, and never - represented actual civil timekeeping practice. - - - - - - - - - - Release 9.3.2 - - - Release date: - 2013-12-05 - - - - This release contains a variety of fixes from 9.3.1. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.2 - - - A dump/restore is not required for those running 9.3.X. - - - - However, this release corrects a number of potential data corruption - issues. See the first three changelog entries below to find out whether - your installation has been affected and what steps you can take if so. - - - - Also, if you are upgrading from a version earlier than 9.3.1, - see . - - - - - - Changes - - - - - - Fix VACUUM's tests to see whether it can - update relfrozenxid (Andres Freund) - - - - In some cases VACUUM (either manual or autovacuum) could - incorrectly advance a table's relfrozenxid value, - allowing tuples to escape freezing, causing those rows to become - invisible once 2^31 transactions have elapsed. The probability of - data loss is fairly low since multiple incorrect advancements would - need to happen before actual loss occurs, but it's not zero. In 9.2.0 - and later, the probability of loss is higher, and it's also possible - to get could not access status of transaction errors as a - consequence of this bug. Users upgrading from releases 9.0.4 or 8.4.8 - or earlier are not affected, but all later versions contain the bug. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix any latent corruption but will not be able - to fix all pre-existing data errors. However, an installation can be - presumed safe after performing this vacuuming if it has executed fewer - than 2^31 update transactions in its lifetime (check this with - SELECT txid_current() < 2^31). - - - - - - Fix multiple bugs in MultiXactId freezing (Andres Freund, - Álvaro Herrera) - - - - These bugs could lead to could not access status of - transaction errors, or to duplicate or vanishing rows. - Users upgrading from releases prior to 9.3.0 are not affected. - - - - The issue can be ameliorated by, after upgrading, vacuuming all tables - in all databases while having vacuum_freeze_table_age - set to zero. This will fix latent corruption but will not be able to - fix all pre-existing data errors. - - - - As a separate issue, these bugs can also cause standby servers to get - out of sync with the primary, thus exhibiting data errors that are not - in the primary. Therefore, it's recommended that 9.3.0 and 9.3.1 - standby servers be re-cloned from the primary (e.g., with a new base - backup) after upgrading. - - - - - - Fix initialization of pg_clog and pg_subtrans - during hot standby startup (Andres Freund, Heikki Linnakangas) - - - - This bug can cause data loss on standby servers at the moment they - start to accept hot-standby queries, by marking committed transactions - as uncommitted. The likelihood of such corruption is small unless, at - the time of standby startup, the primary server has executed many - updating transactions since its last checkpoint. Symptoms include - missing rows, rows that should have been deleted being still visible, - and obsolete versions of updated rows being still visible alongside - their newer versions. - - - - This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14. - Standby servers that have only been running earlier releases are not - at risk. It's recommended that standby servers that have ever run any - of the buggy releases be re-cloned from the primary (e.g., with a new - base backup) after upgrading. - - - - - - Fix multiple bugs in update chain traversal (Andres Freund, - Álvaro Herrera) - - - - These bugs could result in incorrect behavior, such as locking or even - updating the wrong row, in the presence of concurrent updates. - Spurious unable to fetch updated version of tuple errors - were also possible. - - - - - - Fix dangling-pointer problem in fast-path locking (Tom Lane) - - - - This could lead to corruption of the lock data structures in shared - memory, causing lock already held and other odd errors. - - - - - - Fix assorted race conditions in timeout management (Tom Lane) - - - - These errors could result in a server process becoming unresponsive - because it had blocked SIGALRM and/or SIGINT. - - - - - - Truncate pg_multixact contents during WAL replay - (Andres Freund) - - - - This avoids ever-increasing disk space consumption in standby servers. - - - - - - Ensure an anti-wraparound VACUUM counts a page as scanned - when it's only verified that no tuples need freezing (Sergey - Burladyan, Jeff Janes) - - - - This bug could result in failing to - advance relfrozenxid, so that the table would still be - thought to need another anti-wraparound vacuum. In the worst case the - database might even shut down to prevent wraparound. - - - - - - Fix full-table-vacuum request mechanism for MultiXactIds (Andres Freund) - - - - This bug could result in large amounts of useless autovacuum activity. - - - - - - Fix race condition in GIN index posting tree page deletion (Heikki - Linnakangas) - - - - This could lead to transient wrong answers or query failures. - - - - - - Fix unexpected spgdoinsert() failure error during SP-GiST - index creation (Teodor Sigaev) - - - - - - Fix assorted bugs in materialized views (Kevin Grittner, Andres Freund) - - - - - - Re-allow duplicate table aliases if they're within aliased JOINs - (Tom Lane) - - - - Historically PostgreSQL has accepted queries like - -SELECT ... FROM tab1 x CROSS JOIN (tab2 x CROSS JOIN tab3 y) z - - although a strict reading of the SQL standard would forbid the - duplicate usage of table alias x. A misguided change in - 9.3.0 caused it to reject some such cases that were formerly accepted. - Restore the previous behavior. - - - - - - Avoid flattening a subquery whose SELECT list contains a - volatile function wrapped inside a sub-SELECT (Tom Lane) - - - - This avoids unexpected results due to extra evaluations of the - volatile function. - - - - - - Fix planner's processing of non-simple-variable subquery outputs - nested within outer joins (Tom Lane) - - - - This error could lead to incorrect plans for queries involving - multiple levels of subqueries within JOIN syntax. - - - - - - Fix incorrect planning in cases where the same non-strict expression - appears in multiple WHERE and outer JOIN - equality clauses (Tom Lane) - - - - - - Fix planner crash with whole-row reference to a subquery (Tom Lane) - - - - - - Fix incorrect generation of optimized MIN()/MAX() plans for - inheritance trees (Tom Lane) - - - - The planner could fail in cases where the MIN()/MAX() argument was an - expression rather than a simple variable. - - - - - - Fix premature deletion of temporary files (Andres Freund) - - - - - - Prevent intra-transaction memory leak when printing range values - (Tom Lane) - - - - This fix actually cures transient memory leaks in any datatype output - function, but range types are the only ones known to have had a - significant problem. - - - - - - Fix memory leaks when reloading configuration files (Heikki - Linnakangas, Hari Babu) - - - - - - Prevent incorrect display of dropped columns in NOT NULL and CHECK - constraint violation messages (Michael Paquier and Tom Lane) - - - - - - Allow default arguments and named-argument notation for window - functions (Tom Lane) - - - - Previously, these cases were likely to crash. - - - - - - Suppress trailing whitespace on each line when pretty-printing rules - and views (Tom Lane) - - - - 9.3.0 generated such whitespace in many more cases than previous - versions did. To reduce unexpected behavioral changes, suppress - unnecessary whitespace in all cases. - - - - - - Fix possible read past end of memory in rule printing (Peter Eisentraut) - - - - - - Fix array slicing of int2vector and oidvector values - (Tom Lane) - - - - Expressions of this kind are now implicitly promoted to - regular int2 or oid arrays. - - - - - - Return a valid JSON value when converting an empty hstore value - to json - (Oskari Saarenmaa) - - - - - - Fix incorrect behaviors when using a SQL-standard, simple GMT offset - timezone (Tom Lane) - - - - In some cases, the system would use the simple GMT offset value when - it should have used the regular timezone setting that had prevailed - before the simple offset was selected. This change also causes - the timeofday function to honor the simple GMT offset - zone. - - - - - - Prevent possible misbehavior when logging translations of Windows - error codes (Tom Lane) - - - - - - Properly quote generated command lines in pg_ctl - (Naoya Anzai and Tom Lane) - - - - This fix applies only to Windows. - - - - - - Fix pg_dumpall to work when a source database - sets default_transaction_read_only - via ALTER DATABASE SET (Kevin Grittner) - - - - Previously, the generated script would fail during restore. - - - - - - Fix pg_isready to handle its - - - - - Fix parsing of WAL file names in pg_receivexlog - (Heikki Linnakangas) - - - - This error made pg_receivexlog unable to restart - streaming after stopping, once at least 4 GB of WAL had been written. - - - - - - Report out-of-disk-space failures properly - in pg_upgrade (Peter Eisentraut) - - - - - - Make ecpg search for quoted cursor names - case-sensitively (Zoltán Böszörményi) - - - - - - Fix ecpg's processing of lists of variables - declared varchar (Zoltán Böszörményi) - - - - - - Make contrib/lo defend against incorrect trigger definitions - (Marc Cousin) - - - - - - Update time zone data files to tzdata release 2013h - for DST law changes in Argentina, Brazil, Jordan, Libya, - Liechtenstein, Morocco, and Palestine. Also, new timezone - abbreviations WIB, WIT, WITA for Indonesia. - - - - - - - - - - Release 9.3.1 - - - Release date: - 2013-10-10 - - - - This release contains a variety of fixes from 9.3.0. - For information about new features in the 9.3 major release, see - . - - - - Migration to Version 9.3.1 - - - A dump/restore is not required for those running 9.3.X. - - - - However, if you use the hstore extension, see the - first changelog entry. - - - - - - Changes - - - - - - Ensure new-in-9.3 JSON functionality is added to the hstore - extension during an update (Andrew Dunstan) - - - - Users who upgraded a pre-9.3 database containing hstore - should execute - -ALTER EXTENSION hstore UPDATE; - - after installing 9.3.1, to add two new JSON functions and a cast. - (If hstore is already up to date, this command does - nothing.) - - - - - - Fix memory leak when creating B-tree indexes on range columns - (Heikki Linnakangas) - - - - - - Fix memory leak caused by lo_open() failure - (Heikki Linnakangas) - - - - - - Serializable snapshot fixes (Kevin Grittner, Heikki Linnakangas) - - - - - - Fix deadlock bug in libpq when using SSL (Stephen Frost) - - - - - - Fix timeline handling bugs in pg_receivexlog - (Heikki Linnakangas, Andrew Gierth) - - - - - - Prevent CREATE FUNCTION from checking SET - variables unless function body checking is enabled (Tom Lane) - - - - - - Remove rare inaccurate warning during vacuum of index-less tables - (Heikki Linnakangas) - - - - - - - - - - Release 9.3 - - - Release date: - 2013-09-09 - - - - Overview - - - Major enhancements in PostgreSQL 9.3 include: - - - - - - - - - Add materialized - views - - - - - - Make simple views auto-updatable - - - - - - Add many features for the JSON data type, - including operators and functions - to extract elements from JSON values - - - - - - Implement SQL-standard LATERAL option for - FROM-clause subqueries and function calls - - - - - - Allow foreign data - wrappers to support writes (inserts/updates/deletes) on foreign - tables - - - - - - Add a Postgres foreign - data wrapper to allow access to - other Postgres servers - - - - - - Add support for event triggers - - - - - - Add optional ability to checksum data pages and - report corruption - - - - - - Prevent non-key-field row updates from blocking foreign key checks - - - - - - Greatly reduce System V shared - memory requirements - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.3 - - - A dump/restore using pg_dumpall, or use - of pg_upgrade, is - required for those wishing to migrate data from any previous release. - - - - Version 9.3 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - Server Settings - - - - - - Rename replication_timeout to wal_sender_timeout - (Amit Kapila) - - - - This setting controls the WAL sender timeout. - - - - - - Require superuser privileges to set commit_delay - because it can now potentially delay other sessions (Simon Riggs) - - - - - - Allow in-memory sorts to use their full memory allocation (Jeff Janes) - - - - Users who have set work_mem based on the - previous behavior may need to revisit that setting. - - - - - - - - - Other - - - - - - Throw an error if a tuple to be updated or deleted has already been - updated or deleted by a BEFORE trigger (Kevin Grittner) - - - - Formerly, the originally-intended update was silently skipped, - resulting in logical inconsistency since the trigger might have - propagated data to other places based on the intended update. - Now an error is thrown to prevent the inconsistent results from being - committed. If this change affects your application, the best solution - is usually to move the data-propagation actions to - an AFTER trigger. - - - - This error will also be thrown if a query invokes a volatile function - that modifies rows that are later modified by the query itself. - Such cases likewise previously resulted in silently skipping updates. - - - - - - Change multicolumn ON UPDATE - SET NULL/SET DEFAULT foreign key actions to affect - all columns of the constraint, not just those changed in the - UPDATE (Tom Lane) - - - - Previously, we would set only those referencing columns that - correspond to referenced columns that were changed by - the UPDATE. This was what was required by SQL-92, - but more recent editions of the SQL standard specify the new behavior. - - - - - - Force cached plans to be replanned if the search_path changes - (Tom Lane) - - - - Previously, cached plans already generated in the current session were - not redone if the query was re-executed with a - new search_path setting, resulting in surprising behavior. - - - - - - Fix to_number() - to properly handle a period used as a thousands separator (Tom Lane) - - - - Previously, a period was considered to be a decimal point even when - the locale says it isn't and the D format code is used to - specify use of the locale-specific decimal point. This resulted in - wrong answers if FM format was also used. - - - - - - Fix STRICT non-set-returning functions that have - set-returning functions in their arguments to properly return null - rows (Tom Lane) - - - - A null value passed to the strict function should result in a null - output, but instead, that output row was suppressed entirely. - - - - - - Store WAL in a continuous - stream, rather than skipping the last 16MB segment every 4GB - (Heikki Linnakangas) - - - - Previously, WAL files with names ending in FF - were not used because of this skipping. If you have WAL - backup or restore scripts that took this behavior into account, they - will need to be adjusted. - - - - - - In pg_constraint.confmatchtype, - store the default foreign key match type (non-FULL, - non-PARTIAL) as s for simple - (Tom Lane) - - - - Previously this case was represented by u - for unspecified. - - - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.3 and the previous major - release. - - - - Server - - - Locking - - - - - - Prevent non-key-field row updates from blocking foreign key checks - (Álvaro Herrera, Noah Misch, Andres Freund, Alexander - Shulgin, Marti Raudsepp, Alexander Shulgin) - - - - This change improves concurrency and reduces the probability of - deadlocks when updating tables involved in a foreign-key constraint. - UPDATEs that do not change any columns referenced in a - foreign key now take the new NO KEY UPDATE lock mode on - the row, while foreign key checks use the new KEY SHARE - lock mode, which does not conflict with NO KEY UPDATE. - So there is no blocking unless a foreign-key column is changed. - - - - - - Add configuration variable lock_timeout to - allow limiting how long a session will wait to acquire any one lock - (Zoltán Böszörményi) - - - - - - - - - Indexes - - - - - - Add SP-GiST - support for range data types (Alexander Korotkov) - - - - - - Allow GiST indexes to be - unlogged (Jeevan Chalke) - - - - - - Improve performance of GiST index insertion by randomizing - the choice of which page to descend to when there are multiple equally - good alternatives (Heikki Linnakangas) - - - - - - Improve concurrency of hash index operations (Robert Haas) - - - - - - - - - Optimizer - - - - - - Collect and use histograms of upper and lower bounds, as well as range - lengths, for range types - (Alexander Korotkov) - - - - - - Improve optimizer's cost estimation for index access (Tom Lane) - - - - - - Improve optimizer's hash table size estimate for - doing DISTINCT via hash aggregation (Tom Lane) - - - - - - Suppress no-op Result and Limit plan nodes - (Kyotaro Horiguchi, Amit Kapila, Tom Lane) - - - - - - Reduce optimizer overhead by not keeping plans on the basis of cheap - startup cost when the optimizer only cares about total cost overall - (Tom Lane) - - - - - - - - - General Performance - - - - - - Add COPY FREEZE - option to avoid the overhead of marking tuples as frozen later - (Simon Riggs, Jeff Davis) - - - - - - Improve performance of NUMERIC calculations - (Kyotaro Horiguchi) - - - - - - Improve synchronization of sessions waiting for commit_delay - (Peter Geoghegan) - - - - This greatly improves the usefulness of commit_delay. - - - - - - Improve performance of the CREATE TEMPORARY TABLE ... ON - COMMIT DELETE ROWS option by not truncating such temporary - tables in transactions that haven't touched any temporary tables - (Heikki Linnakangas) - - - - - - Make vacuum recheck visibility after it has removed expired tuples - (Pavan Deolasee) - - - - This increases the chance of a page being marked as all-visible. - - - - - - Add per-resource-owner lock caches (Jeff Janes) - - - - This speeds up lock bookkeeping at statement completion in - multi-statement transactions that hold many locks; it is particularly - useful for pg_dump. - - - - - - Avoid scanning the entire relation cache at commit of a transaction - that creates a new relation (Jeff Janes) - - - - This speeds up sessions that create many tables in successive - small transactions, such as a pg_restore run. - - - - - - Improve performance of transactions that drop many relations - (Tomas Vondra) - - - - - - - - - Monitoring - - - - - - Add optional ability to checksum data pages and - report corruption (Simon Riggs, Jeff Davis, Greg Smith, Ants Aasma) - - - - The checksum option can be set during initdb. - - - - - - Split the statistics collector's - data file into separate global and per-database files (Tomas Vondra) - - - - This reduces the I/O required for statistics tracking. - - - - - - Fix the statistics collector to operate properly in cases where the - system clock goes backwards (Tom Lane) - - - - Previously, statistics collection would stop until the time again - reached the latest time previously recorded. - - - - - - Emit an informative message to postmaster standard error when we - are about to stop logging there - (Tom Lane) - - - - This should help reduce user confusion about where to look for log - output in common configurations that log to standard error only during - postmaster startup. - - - - - - - - - Authentication - - - - - - When an authentication failure occurs, log the relevant - pg_hba.conf - line, to ease debugging of unintended failures - (Magnus Hagander) - - - - - - Improve LDAP error - reporting and documentation (Peter Eisentraut) - - - - - - Add support for specifying LDAP authentication parameters - in URL format, per RFC 4516 (Peter Eisentraut) - - - - - - Change the ssl_ciphers parameter - to start with DEFAULT, rather than ALL, - then remove insecure ciphers (Magnus Hagander) - - - - This should yield a more appropriate SSL cipher set. - - - - - - Parse and load pg_ident.conf - once, not during each connection (Amit Kapila) - - - - This is similar to how pg_hba.conf is processed. - - - - - - - - - Server Settings - - - - - - Greatly reduce System V shared - memory requirements (Robert Haas) - - - - On Unix-like systems, mmap() is now used for most - of PostgreSQL's shared memory. For most users, this - will eliminate any need to adjust kernel parameters for shared memory. - - - - - - Allow the postmaster to listen on multiple Unix-domain sockets - (Honza Horák) - - - - The configuration parameter - unix_socket_directory is replaced by unix_socket_directories, - which accepts a list of directories. - - - - - - Allow a directory of configuration files to be processed (Magnus - Hagander, Greg Smith, Selena Deckelmann) - - - - Such a directory is specified with include_dir in the server - configuration file. - - - - - - Increase the maximum initdb-configured value for shared_buffers - to 128MB (Robert Haas) - - - - This is the maximum value that initdb will attempt to set in postgresql.conf; - the previous maximum was 32MB. - - - - - - Remove the external - PID file, if any, on postmaster exit - (Peter Eisentraut) - - - - - - - - - - - Replication and Recovery - - - - - - Allow a streaming replication standby to follow a timeline switch - (Heikki Linnakangas) - - - - This allows streaming standby servers to receive WAL data from a slave - newly promoted to master status. Previously, other standbys would - require a resync to begin following the new master. - - - - - - Add SQL functions pg_is_in_backup() - and pg_backup_start_time() - (Gilles Darold) - - - - These functions report the status of base backups. - - - - - - Improve performance of streaming log shipping with synchronous_commit - disabled (Andres Freund) - - - - - - Allow much faster promotion of a streaming standby to primary (Simon - Riggs, Kyotaro Horiguchi) - - - - - - Add the last checkpoint's redo location to pg_controldata's - output (Fujii Masao) - - - - This information is useful for determining which WAL - files are needed for restore. - - - - - - Allow tools like pg_receivexlog - to run on computers with different architectures (Heikki - Linnakangas) - - - - WAL files can still only be replayed on servers with the same - architecture as the primary; but they can now be transmitted to and - stored on machines of any architecture, since the - streaming replication protocol is now machine-independent. - - - - - - Make pg_basebackup - - - - This simplifies setting up a standby server. - - - - - - Allow pg_receivexlog - and pg_basebackup - - - - - - Add wal_receiver_timeout - parameter to control the WAL receiver's timeout - (Amit Kapila) - - - - This allows more rapid detection of connection failure. - - - - - - Change the WAL record format to - allow splitting the record header across pages (Heikki Linnakangas) - - - - The new format is slightly more compact, and is more efficient to - write. - - - - - - - - - Queries - - - - - - Implement SQL-standard LATERAL option for - FROM-clause subqueries and function calls (Tom Lane) - - - - This feature allows subqueries and functions in FROM to - reference columns from other tables in the FROM - clause. The LATERAL keyword is optional for functions. - - - - - - Add support for piping COPY and psql \copy - data to/from an external program (Etsuro Fujita) - - - - - - Allow a multirow VALUES clause in a rule - to reference OLD/NEW (Tom Lane) - - - - - - - - - Object Manipulation - - - - - - Add support for event triggers - (Dimitri Fontaine, Robert Haas, Álvaro Herrera) - - - - This allows server-side functions written in event-enabled - languages to be called when DDL commands are run. - - - - - - Allow foreign data - wrappers to support writes (inserts/updates/deletes) on foreign - tables (KaiGai Kohei) - - - - - - Add CREATE SCHEMA ... IF - NOT EXISTS clause (Fabrízio de Royes Mello) - - - - - - Make REASSIGN - OWNED also change ownership of shared objects - (Álvaro Herrera) - - - - - - Make CREATE - AGGREGATE complain if the given initial value string is not - valid input for the transition datatype (Tom Lane) - - - - - - Suppress CREATE - TABLE's messages about implicit index and sequence creation - (Robert Haas) - - - - These messages now appear at DEBUG1 verbosity, so that - they will not be shown by default. - - - - - - Allow DROP TABLE IF - EXISTS to succeed when a non-existent schema is specified - in the table name (Bruce Momjian) - - - - Previously, it threw an error if the schema did not exist. - - - - - - Provide clients with constraint violation details - as separate fields (Pavel Stehule) - - - - This allows clients to retrieve table, column, data type, or - constraint name error details. Previously such information had to be - extracted from error strings. Client library support is required to - access these fields. - - - - - - - <command>ALTER</> - - - - - - Support IF NOT EXISTS option in ALTER TYPE ... ADD VALUE - (Andrew Dunstan) - - - - This is useful for conditionally adding values to enumerated types. - - - - - - Add ALTER ROLE ALL - SET to establish settings for all users (Peter Eisentraut) - - - - This allows settings to apply to all users in all databases. ALTER DATABASE SET - already allowed addition of settings for all users in a single - database. postgresql.conf has a similar effect. - - - - - - Add support for ALTER RULE - ... RENAME (Ali Dar) - - - - - - - - - <link linkend="rules-views"><command>VIEWs</></link> - - - - - - Add materialized - views (Kevin Grittner) - - - - Unlike ordinary views, where the base tables are read on every access, - materialized views create physical tables at creation or refresh time. - Access to the materialized view then reads from its physical - table. There is not yet any facility for incrementally refreshing - materialized views or auto-accessing them via base table access. - - - - - - Make simple views auto-updatable - (Dean Rasheed) - - - - Simple views that reference some or all columns from a - single base table are now updatable by default. More - complex views can be made updatable using INSTEAD OF triggers - or INSTEAD rules. - - - - - - Add CREATE RECURSIVE - VIEW syntax (Peter Eisentraut) - - - - Internally this is translated into CREATE VIEW ... WITH - RECURSIVE .... - - - - - - Improve view/rule printing code to handle cases where referenced - tables are renamed, or columns are renamed, added, or dropped - (Tom Lane) - - - - Table and column renamings can produce cases where, if we merely - substitute the new name into the original text of a rule or view, the - result is ambiguous. This change fixes the rule-dumping code to insert - manufactured table and column aliases when needed to preserve the - original semantics. - - - - - - - - - - - Data Types - - - - - - Increase the maximum size of large - objects from 2GB to 4TB (Nozomi Anzai, Yugo Nagata) - - - - This change includes adding 64-bit-capable large object access - functions, both in the server and in libpq. - - - - - - Allow text timezone - designations, e.g. America/Chicago, in the - T field of ISO-format timestamptz - input (Bruce Momjian) - - - - - - - <link linkend="datatype-json"><type>JSON</></link> - - - - - - Add operators and functions - to extract elements from JSON values (Andrew Dunstan) - - - - - - Allow JSON values to be converted into records - (Andrew Dunstan) - - - - - - Add functions to convert - scalars, records, and hstore values to JSON (Andrew - Dunstan) - - - - - - - - - - - - Functions - - - - - - Add array_remove() - and array_replace() - functions (Marco Nenciarini, Gabriele Bartolini) - - - - - - Allow concat() - and format() - to properly expand VARIADIC-labeled arguments - (Pavel Stehule) - - - - - - Improve format() - to provide field width and left/right alignment options (Pavel Stehule) - - - - - - Make to_char(), - to_date(), - and to_timestamp() - handle negative (BC) century values properly - (Bruce Momjian) - - - - Previously the behavior was either wrong or inconsistent - with positive/AD handling, e.g. with the format mask - IYYY-IW-DY. - - - - - - Make to_date() - and to_timestamp() - return proper results when mixing ISO and Gregorian - week/day designations (Bruce Momjian) - - - - - - Cause pg_get_viewdef() - to start a new line by default after each SELECT target - list entry and FROM entry (Marko Tiikkaja) - - - - This reduces line length in view printing, for instance in pg_dump output. - - - - - - Fix map_sql_value_to_xml_value() to print values of - domain types the same way their base type would be printed - (Pavel Stehule) - - - - There are special formatting rules for certain built-in types such as - boolean; these rules now also apply to domains over these - types. - - - - - - - - - Server-Side Languages - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Allow PL/pgSQL to use RETURN with a composite-type - expression (Asif Rehman) - - - - Previously, in a function returning a composite type, - RETURN could only reference a variable of that type. - - - - - - Allow PL/pgSQL to access constraint violation - details as separate fields (Pavel Stehule) - - - - - - Allow PL/pgSQL to access the number of rows processed by - COPY (Pavel Stehule) - - - - A COPY executed in a PL/pgSQL function now updates the - value retrieved by GET DIAGNOSTICS - x = ROW_COUNT. - - - - - - Allow unreserved keywords to be used as identifiers everywhere in - PL/pgSQL (Tom Lane) - - - - In certain places in the PL/pgSQL grammar, keywords had to be quoted - to be used as identifiers, even if they were nominally unreserved. - - - - - - - - - <link linkend="plpython">PL/Python</link> Server-Side Language - - - - - - Add PL/Python result object string handler (Peter Eisentraut) - - - - This allows plpy.debug(rv) to output something reasonable. - - - - - - Make PL/Python convert OID values to a proper Python numeric type - (Peter Eisentraut) - - - - - - Handle SPI errors raised - explicitly (with PL/Python's RAISE) the same as - internal SPI errors (Oskari Saarenmaa and Jan Urbanski) - - - - - - - - - - - Server Programming Interface (<link linkend="spi">SPI</link>) - - - - - - Prevent leakage of SPI tuple tables during subtransaction - abort (Tom Lane) - - - - At the end of any failed subtransaction, the core SPI code now - releases any SPI tuple tables that were created during that - subtransaction. This avoids the need for SPI-using code to keep track - of such tuple tables and release them manually in error-recovery code. - Failure to do so caused a number of transaction-lifespan memory leakage - issues in PL/pgSQL and perhaps other SPI clients. SPI_freetuptable() - now protects itself against multiple freeing requests, so any existing - code that did take care to clean up shouldn't be broken by this change. - - - - - - Allow SPI functions to access the number of rows processed - by COPY (Pavel Stehule) - - - - - - - - - Client Applications - - - - - - Add command-line utility pg_isready to - check if the server is ready to accept connections (Phil Sorber) - - - - - - Support multiple - - - This is similar to the way pg_dump's - - - - - - Add - - - - - Add libpq function PQconninfo() - to return connection information (Zoltán - Böszörményi, Magnus Hagander) - - - - - - - <link linkend="APP-PSQL"><application>psql</></link> - - - - - - Adjust function cost settings so psql tab - completion and pattern searching are more efficient (Tom Lane) - - - - - - Improve psql's tab completion coverage (Jeff Janes, - Dean Rasheed, Peter Eisentraut, Magnus Hagander) - - - - - - Allow the psql - - - Previously this option only worked when reading from a file. - - - - - - Remove psql warning when connecting to an older - server (Peter Eisentraut) - - - - A warning is still issued when connecting to a server of a newer major - version than psql's. - - - - - - - <link linkend="APP-PSQL-meta-commands">Backslash Commands</link> - - - - - - Add psql command \watch to repeatedly - execute a SQL command (Will Leinweber) - - - - - - Add psql command \gset to store query - results in psql variables (Pavel Stehule) - - - - - - Add SSL information to psql's - \conninfo command (Alastair Turner) - - - - - - Add Security column to psql's - \df+ output (Jon Erdman) - - - - - - Allow psql command \l to accept a database - name pattern (Peter Eisentraut) - - - - - - In psql, do not allow \connect to - use defaults if there is no active connection (Bruce Momjian) - - - - This might be the case if the server had crashed. - - - - - - Properly reset state after failure of a SQL command executed with - psql's \g file - (Tom Lane) - - - - Previously, the output from subsequent SQL commands would unexpectedly - continue to go to the same file. - - - - - - - - - Output - - - - - - Add a latex-longtable output format to - psql (Bruce Momjian) - - - - This format allows tables to span multiple pages. - - - - - - Add a border=3 output mode to the psql - latex format (Bruce Momjian) - - - - - - In psql's tuples-only and expanded output modes, no - longer emit (No rows) for zero rows (Peter Eisentraut) - - - - - - In psql's unaligned, expanded output mode, no longer - print an empty line for zero rows (Peter Eisentraut) - - - - - - - - - - - <link linkend="APP-PGDUMP"><application>pg_dump</></link> - - - - - - Add pg_dump - - - - - Make pg_dump output functions in a more predictable - order (Joel Jacobson) - - - - - - Fix tar files emitted by pg_dump - to be POSIX conformant (Brian Weaver, Tom Lane) - - - - - - Add - - - The database name could already be supplied last without a flag. - - - - - - - - - <link linkend="APP-INITDB"><application>initdb</></link> - - - - - - Make initdb fsync the newly created data directory (Jeff Davis) - - - - This insures data integrity in event of a system crash shortly after - initdb. This can be disabled by using - - - - - Add initdb - - - This is used by pg_upgrade. - - - - - - Make initdb issue a warning about placing the data directory at the - top of a file system mount point (Bruce Momjian) - - - - - - - - - - - Source Code - - - - - - Add infrastructure to allow plug-in background worker processes - (Álvaro Herrera) - - - - - - Create a centralized timeout API (Zoltán - Böszörményi) - - - - - - Create libpgcommon and move pg_malloc() and other - functions there (Álvaro Herrera, Andres Freund) - - - - This allows libpgport to be used solely for portability-related code. - - - - - - Add support for list links embedded in larger structs (Andres Freund) - - - - - - Use SA_RESTART for all signals, - including SIGALRM (Tom Lane) - - - - - - Ensure that the correct text domain is used when - translating errcontext() messages - (Heikki Linnakangas) - - - - - - Standardize naming of client-side memory allocation functions (Tom Lane) - - - - - - Provide support for static assertions that will fail at - compile time if some compile-time-constant condition is not met - (Andres Freund, Tom Lane) - - - - - - Support Assert() in client-side code (Andrew Dunstan) - - - - - - Add decoration to inform the C compiler that some ereport() - and elog() calls do not return (Peter Eisentraut, - Andres Freund, Tom Lane, Heikki Linnakangas) - - - - - - Allow options to be passed to the regression - test output comparison utility via PG_REGRESS_DIFF_OPTS - (Peter Eisentraut) - - - - - - Add isolation tests for CREATE INDEX - CONCURRENTLY (Abhijit Menon-Sen) - - - - - - Remove typedefs for int2/int4 as they are better - represented as int16/int32 (Peter Eisentraut) - - - - - - Fix install-strip on Mac OS - X (Peter Eisentraut) - - - - - - Remove configure flag - - - - - - Rewrite pgindent in Perl (Andrew Dunstan) - - - - - - Provide Emacs macro to set Perl formatting to - match PostgreSQL's perltidy settings (Peter Eisentraut) - - - - - - Run tool to check the keyword list whenever the backend grammar is - changed (Tom Lane) - - - - - - Change the way UESCAPE is lexed, to significantly reduce - the size of the lexer tables (Heikki Linnakangas) - - - - - - Centralize flex and bison - make rules (Peter Eisentraut) - - - - This is useful for pgxs authors. - - - - - - Change many internal backend functions to return object OIDs - rather than void (Dimitri Fontaine) - - - - This is useful for event triggers. - - - - - - Invent pre-commit/pre-prepare/pre-subcommit events for transaction - callbacks (Tom Lane) - - - - Loadable modules that use transaction callbacks might need modification - to handle these new event types. - - - - - - Add function pg_identify_object() - to produce a machine-readable description of a database object - (Álvaro Herrera) - - - - - - Add post-ALTER-object server hooks (KaiGai Kohei) - - - - - - Implement a generic binary heap and use it for Merge-Append - operations (Abhijit Menon-Sen) - - - - - - Provide a tool to help detect timezone abbreviation changes when - updating the src/timezone/data files - (Tom Lane) - - - - - - Add pkg-config support for libpq - and ecpg libraries (Peter Eisentraut) - - - - - - Remove src/tools/backend, now that the content is on - the PostgreSQL wiki (Bruce Momjian) - - - - - - Split out WAL reading as - an independent facility (Heikki Linnakangas, Andres Freund) - - - - - - Use a 64-bit integer to represent WAL positions - (XLogRecPtr) instead of two 32-bit integers - (Heikki Linnakangas) - - - - Generally, tools that need to read the WAL format - will need to be adjusted. - - - - - - Allow PL/Python to support - platform-specific include directories (Peter Eisentraut) - - - - - - Allow PL/Python on OS - X to build against custom versions of Python - (Peter Eisentraut) - - - - - - - - - Additional Modules - - - - - - Add a Postgres foreign - data wrapper contrib module to allow access to - other Postgres servers (Shigeru Hanada) - - - - This foreign data wrapper supports writes. - - - - - - Add pg_xlogdump - contrib program (Andres Freund) - - - - - - Add support for indexing of regular-expression searches in - pg_trgm - (Alexander Korotkov) - - - - - - Improve pg_trgm's - handling of multibyte characters (Tom Lane) - - - - On a platform that does not have the wcstombs() or towlower() library - functions, this could result in an incompatible change in the contents - of pg_trgm indexes for non-ASCII data. In such cases, - REINDEX those indexes to ensure correct search results. - - - - - - Add a pgstattuple function to report - the size of the pending-insertions list of a GIN index - (Fujii Masao) - - - - - - Make oid2name, - pgbench, and - vacuumlo set - fallback_application_name (Amit Kapila) - - - - - - Improve output of pg_test_timing - (Bruce Momjian) - - - - - - Improve output of pg_test_fsync - (Peter Geoghegan) - - - - - - Create a dedicated foreign data wrapper, with its own option validator - function, for dblink (Shigeru Hanada) - - - - When using this FDW to define the target of a dblink - connection, instead of using a hard-wired list of connection options, - the underlying libpq library is consulted to see what - connection options it supports. - - - - - - - <link linkend="pgupgrade"><application>pg_upgrade</></link> - - - - - - Allow pg_upgrade to do dumps and restores in - parallel (Bruce Momjian, Andrew Dunstan) - - - - This allows parallel schema dump/restore of databases, as well as - parallel copy/link of data files per tablespace. Use the - - - - - - Make pg_upgrade create Unix-domain sockets in - the current directory (Bruce Momjian, Tom Lane) - - - - This reduces the possibility that someone will accidentally connect - during the upgrade. - - - - - - Make pg_upgrade - - - - - Improve performance of pg_upgrade for databases - with many tables (Bruce Momjian) - - - - - - Improve pg_upgrade's logs by showing - executed commands (Álvaro Herrera) - - - - - - Improve pg_upgrade's status display during - copy/link (Bruce Momjian) - - - - - - - - - <link linkend="pgbench"><application>pgbench</></link> - - - - - - Add - - - This adds foreign key constraints to the standard tables created by - pgbench, for use in foreign key performance testing. - - - - - - Allow pgbench to aggregate performance statistics - and produce output every - - - - - Add pgbench - - - - - Reduce and improve the status message output of - pgbench's initialization mode (Robert Haas, - Peter Eisentraut) - - - - - - Add pgbench - - - - - Output pgbench elapsed and estimated remaining - time during initialization (Tomas Vondra) - - - - - - Allow pgbench to use much larger scale factors, - by changing relevant columns from integer to bigint - when the requested scale factor exceeds 20000 - (Greg Smith) - - - - - - - - - - - Documentation - - - - - - Allow EPUB-format documentation to be created - (Peter Eisentraut) - - - - - - Update FreeBSD kernel configuration documentation - (Brad Davis) - - - - - - Improve WINDOW - function documentation (Bruce Momjian, Florian Pflug) - - - - - - Add instructions for setting - up the documentation tool chain on macOS - (Peter Eisentraut) - - - - - - Improve commit_delay - documentation (Peter Geoghegan) - - - - - - - - - diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml deleted file mode 100644 index 42feaa65cc..0000000000 --- a/doc/src/sgml/release-9.4.sgml +++ /dev/null @@ -1,13157 +0,0 @@ - - - - - Release 9.4.20 - - - Release date: - 2018-11-08 - - - - This release contains a variety of fixes from 9.4.19. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.20 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.18, - see . - - - - - Changes - - - - - - Fix corner-case failures - in has_foo_privilege() - family of functions (Tom Lane) - - - - Return NULL rather than throwing an error when an invalid object OID - is provided. Some of these functions got that right already, but not - all. has_column_privilege() was additionally - capable of crashing on some platforms. - - - - - - Avoid O(N^2) slowdown in regular expression match/split functions on - long strings (Andrew Gierth) - - - - - - Avoid O(N^3) slowdown in lexer for long strings - of + or - characters - (Andrew Gierth) - - - - - - Fix mis-execution of SubPlans when the outer query is being scanned - backwards (Andrew Gierth) - - - - - - Fix failure of UPDATE/DELETE ... WHERE CURRENT OF ... - after rewinding the referenced cursor (Tom Lane) - - - - A cursor that scans multiple relations (particularly an inheritance - tree) could produce wrong behavior if rewound to an earlier relation. - - - - - - Fix EvalPlanQual to handle conditionally-executed - InitPlans properly (Andrew Gierth, Tom Lane) - - - - This resulted in hard-to-reproduce crashes or wrong answers in - concurrent updates, if they contained code such as an uncorrelated - sub-SELECT inside a CASE - construct. - - - - - - Fix character-class checks to not fail on Windows for Unicode - characters above U+FFFF (Tom Lane, Kenji Uno) - - - - This bug affected full-text-search operations, as well - as contrib/ltree - and contrib/pg_trgm. - - - - - - Ensure that sequences owned by a foreign table are processed - by ALTER OWNER on the table (Peter Eisentraut) - - - - The ownership change should propagate to such sequences as well, but - this was missed for foreign tables. - - - - - - Fix over-allocation of space for array_out()'s - result string (Keiichi Hirobe) - - - - - - Fix memory leak in repeated SP-GiST index scans (Tom Lane) - - - - This is only known to amount to anything significant in cases where - an exclusion constraint using SP-GiST receives many new index entries - in a single command. - - - - - - Ensure that ApplyLogicalMappingFile() closes the - mapping file when done with it (Tomas Vondra) - - - - Previously, the file descriptor was leaked, eventually resulting in - failures during logical decoding. - - - - - - Fix logical decoding to handle cases where a mapped catalog table is - repeatedly rewritten, e.g. by VACUUM FULL - (Andres Freund) - - - - - - Prevent starting the server with wal_level set - to too low a value to support an existing replication slot (Andres - Freund) - - - - - - Avoid crash if a utility command causes infinite recursion (Tom Lane) - - - - - - When initializing a hot standby, cope with duplicate XIDs caused by - two-phase transactions on the master - (Michael Paquier, Konstantin Knizhnik) - - - - - - Randomize the random() seed in bootstrap and - standalone backends, and in initdb - (Noah Misch) - - - - The main practical effect of this change is that it avoids a scenario - where initdb might mistakenly conclude that - POSIX shared memory is not available, due to name collisions caused by - always using the same random seed. - - - - - - Allow DSM allocation to be interrupted (Chris Travers) - - - - - - Avoid possible buffer overrun when replaying GIN page recompression - from WAL (Alexander Korotkov, Sivasubramanian Ramasubramanian) - - - - - - Fix missed fsync of a replication slot's directory (Konstantin - Knizhnik, Michael Paquier) - - - - - - Fix unexpected timeouts when - using wal_sender_timeout on a slow server - (Noah Misch) - - - - - - Ensure that hot standby processes use the correct WAL consistency - point (Alexander Kukushkin, Michael Paquier) - - - - This prevents possible misbehavior just after a standby server has - reached a consistent database state during WAL replay. - - - - - - Don't run atexit callbacks when servicing SIGQUIT - (Heikki Linnakangas) - - - - - - Don't record foreign-server user mappings as members of extensions - (Tom Lane) - - - - If CREATE USER MAPPING is executed in an extension - script, an extension dependency was created for the user mapping, - which is unexpected. Roles can't be extension members, so user - mappings shouldn't be either. - - - - - - Make syslogger more robust against failures in opening CSV log files - (Tom Lane) - - - - - - Fix possible inconsistency in pg_dump's - sorting of dissimilar object names (Jacob Champion) - - - - - - Ensure that pg_restore will schema-qualify - the table name when - emitting DISABLE/ENABLE TRIGGER - commands (Tom Lane) - - - - This avoids failures due to the new policy of running restores with - restrictive search path. - - - - - - Fix pg_upgrade to handle event triggers in - extensions correctly (Haribabu Kommi) - - - - pg_upgrade failed to preserve an event - trigger's extension-membership status. - - - - - - Fix pg_upgrade's cluster state check to - work correctly on a standby server (Bruce Momjian) - - - - - - Enforce type cube's dimension limit in - all contrib/cube functions (Andrey Borodin) - - - - Previously, some cube-related functions could construct values that - would be rejected by cube_in(), leading to - dump/reload failures. - - - - - - Fix contrib/unaccent's - unaccent() function to use - the unaccent text search dictionary that is in the - same schema as the function (Tom Lane) - - - - Previously it tried to look up the dictionary using the search path, - which could fail if the search path has a restrictive value. - - - - - - Fix build problems on macOS 10.14 (Mojave) (Tom Lane) - - - - Adjust configure to add - an switch to CPPFLAGS; - without this, PL/Perl and PL/Tcl fail to configure or build on macOS - 10.14. The specific sysroot used can be overridden at configure time - or build time by setting the PG_SYSROOT variable in - the arguments of configure - or make. - - - - It is now recommended that Perl-related extensions - write $(perl_includespec) rather - than -I$(perl_archlibexp)/CORE in their compiler - flags. The latter continues to work on most platforms, but not recent - macOS. - - - - Also, it should no longer be necessary to - specify manually to get PL/Tcl to - build on recent macOS releases. - - - - - - Fix MSVC build and regression-test scripts to work on recent Perl - versions (Andrew Dunstan) - - - - Perl no longer includes the current directory in its search path - by default; work around that. - - - - - - Support building on Windows with Visual Studio 2015 or Visual Studio 2017 - (Michael Paquier, Haribabu Kommi) - - - - - - Allow btree comparison functions to return INT_MIN - (Tom Lane) - - - - Up to now, we've forbidden datatype-specific comparison functions from - returning INT_MIN, which allows callers to invert - the sort order just by negating the comparison result. However, this - was never safe for comparison functions that directly return the - result of memcmp(), strcmp(), - etc, as POSIX doesn't place any such restriction on those functions. - At least some recent versions of memcmp() can - return INT_MIN, causing incorrect sort ordering. - Hence, we've removed this restriction. Callers must now use - the INVERT_COMPARE_RESULT() macro if they wish to - invert the sort order. - - - - - - Fix recursion hazard in shared-invalidation message processing - (Tom Lane) - - - - This error could, for example, result in failure to access a system - catalog or index that had just been processed by VACUUM - FULL. - - - - This change adds a new result code - for LockAcquire, which might possibly affect - external callers of that function, though only very unusual usage - patterns would have an issue with it. The API - of LockAcquireExtended is also changed. - - - - - - Save and restore SPI's global variables - during SPI_connect() - and SPI_finish() (Chapman Flack, Tom Lane) - - - - This prevents possible interference when one SPI-using function calls - another. - - - - - - Provide ALLOCSET_DEFAULT_SIZES and sibling macros - in back branches (Tom Lane) - - - - These macros have existed since 9.6, but there were requests to add - them to older branches to allow extensions to rely on them without - branch-specific coding. - - - - - - Avoid using potentially-under-aligned page buffers (Tom Lane) - - - - Invent new union types PGAlignedBlock - and PGAlignedXLogBlock, and use these in place of plain - char arrays, ensuring that the compiler can't place the buffer at a - misaligned start address. This fixes potential core dumps on - alignment-picky platforms, and may improve performance even on - platforms that allow misalignment. - - - - - - Make src/port/snprintf.c follow the C99 - standard's definition of snprintf()'s result - value (Tom Lane) - - - - On platforms where this code is used (mostly Windows), its pre-C99 - behavior could lead to failure to detect buffer overrun, if the - calling code assumed C99 semantics. - - - - - - When building on i386 with the clang - compiler, require to be used (Andres Freund) - - - - This avoids problems with missed floating point overflow checks. - - - - - - Fix configure's detection of the result - type of strerror_r() (Tom Lane) - - - - The previous coding got the wrong answer when building - with icc on Linux (and perhaps in other - cases), leading to libpq not returning - useful error messages for system-reported errors. - - - - - - Update time zone data files to tzdata - release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia - (Volgograd), plus historical corrections for China, Hawaii, Japan, - Macau, and North Korea. - - - - - - - - - - Release 9.4.19 - - - Release date: - 2018-08-09 - - - - This release contains a variety of fixes from 9.4.18. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.19 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.18, - see . - - - - - Changes - - - - - - Fix failure to reset libpq's state fully - between connection attempts (Tom Lane) - - - - An unprivileged user of dblink - or postgres_fdw could bypass the checks intended - to prevent use of server-side credentials, such as - a ~/.pgpass file owned by the operating-system - user running the server. Servers allowing peer authentication on - local connections are particularly vulnerable. Other attacks such - as SQL injection into a postgres_fdw session - are also possible. - Attacking postgres_fdw in this way requires the - ability to create a foreign server object with selected connection - parameters, but any user with access to dblink - could exploit the problem. - In general, an attacker with the ability to select the connection - parameters for a libpq-using application - could cause mischief, though other plausible attack scenarios are - harder to think of. - Our thanks to Andrew Krasichkov for reporting this issue. - (CVE-2018-10915) - - - - - - Ensure that updates to the relfrozenxid - and relminmxid values - for nailed system catalogs are processed in a timely - fashion (Andres Freund) - - - - Overoptimistic caching rules could prevent these updates from being - seen by other sessions, leading to spurious errors and/or data - corruption. The problem was significantly worse for shared catalogs, - such as pg_authid, because the stale cache - data could persist into new sessions as well as existing ones. - - - - - - Fix case where a freshly-promoted standby crashes before having - completed its first post-recovery checkpoint (Michael Paquier, Kyotaro - Horiguchi, Pavan Deolasee, Álvaro Herrera) - - - - This led to a situation where the server did not think it had reached - a consistent database state during subsequent WAL replay, preventing - restart. - - - - - - Avoid emitting a bogus WAL record when recycling an all-zero btree - page (Amit Kapila) - - - - This mistake has been seen to cause assertion failures, and - potentially it could result in unnecessary query cancellations on hot - standby servers. - - - - - - Improve performance of WAL replay for transactions that drop many - relations (Fujii Masao) - - - - This change reduces the number of times that shared buffers are - scanned, so that it is of most benefit when that setting is large. - - - - - - Improve performance of lock releasing in standby server WAL replay - (Thomas Munro) - - - - - - Make logical WAL senders report streaming state correctly (Simon - Riggs, Sawada Masahiko) - - - - The code previously mis-detected whether or not it had caught up with - the upstream server. - - - - - - Fix bugs in snapshot handling during logical decoding, allowing wrong - decoding results in rare cases (Arseny Sher, Álvaro Herrera) - - - - - - Ensure a table's cached index list is correctly rebuilt after an index - creation fails partway through (Peter Geoghegan) - - - - Previously, the failed index's OID could remain in the list, causing - problems later in the same session. - - - - - - Fix mishandling of empty uncompressed posting list pages in GIN - indexes (Sivasubramanian Ramasubramanian, Alexander Korotkov) - - - - This could result in an assertion failure after pg_upgrade of a - pre-9.4 GIN index (9.4 and later will not create such pages). - - - - - - Ensure that VACUUM will respond to signals - within btree page deletion loops (Andres Freund) - - - - Corrupted btree indexes could result in an infinite loop here, and - that previously wasn't interruptible without forcing a crash. - - - - - - Fix misoptimization of equivalence classes involving composite-type - columns (Tom Lane) - - - - This resulted in failure to recognize that an index on a composite - column could provide the sort order needed for a mergejoin on that - column. - - - - - - Fix SQL-standard FETCH FIRST syntax to allow - parameters ($n), as the - standard expects (Andrew Gierth) - - - - - - Fix failure to schema-qualify some object names - in getObjectDescription output - (Kyotaro Horiguchi, Tom Lane) - - - - Names of collations, conversions, and text search objects - were not schema-qualified when they should be. - - - - - - Widen COPY FROM's current-line-number counter - from 32 to 64 bits (David Rowley) - - - - This avoids two problems with input exceeding 4G lines: COPY - FROM WITH HEADER would drop a line every 4G lines, not only - the first line, and error reports could show a wrong line number. - - - - - - Add a string freeing function - to ecpg's pgtypes - library, so that cross-module memory management problems can be - avoided on Windows (Takayuki Tsunakawa) - - - - On Windows, crashes can ensue if the free call - for a given chunk of memory is not made from the same DLL - that malloc'ed the memory. - The pgtypes library sometimes returns strings - that it expects the caller to free, making it impossible to follow - this rule. Add a PGTYPESchar_free() function - that just wraps free, allowing applications - to follow this rule. - - - - - - Fix ecpg's support for long - long variables on Windows, as well as other platforms that - declare strtoll/strtoull - nonstandardly or not at all (Dang Minh Huong, Tom Lane) - - - - - - Fix misidentification of SQL statement type in PL/pgSQL, when a rule - change causes a change in the semantics of a statement intra-session - (Tom Lane) - - - - This error led to assertion failures, or in rare cases, failure to - enforce the INTO STRICT option as expected. - - - - - - Fix password prompting in client programs so that echo is properly - disabled on Windows when stdin is not the - terminal (Matthew Stickney) - - - - - - Further fix mis-quoting of values for list-valued GUC variables in - dumps (Tom Lane) - - - - The previous fix for quoting of search_path and - other list-valued variables in pg_dump - output turned out to misbehave for empty-string list elements, and it - risked truncation of long file paths. - - - - - - Fix pg_dump's failure to - dump REPLICA IDENTITY properties for constraint - indexes (Tom Lane) - - - - Manually created unique indexes were properly marked, but not those - created by declaring UNIQUE or PRIMARY - KEY constraints. - - - - - - Make pg_upgrade check that the old server - was shut down cleanly (Bruce Momjian) - - - - The previous check could be fooled by an immediate-mode shutdown. - - - - - - Fix crash in contrib/ltree's - lca() function when the input array is empty - (Pierre Ducroquet) - - - - - - Fix various error-handling code paths in which an incorrect error code - might be reported (Michael Paquier, Tom Lane, Magnus Hagander) - - - - - - Rearrange makefiles to ensure that programs link to freshly-built - libraries (such as libpq.so) rather than ones - that might exist in the system library directories (Tom Lane) - - - - This avoids problems when building on platforms that supply old copies - of PostgreSQL libraries. - - - - - - Update time zone data files to tzdata - release 2018e for DST law changes in North Korea, plus historical - corrections for Czechoslovakia. - - - - This update includes a redefinition of daylight savings - in Ireland, as well as for some past years in Namibia and - Czechoslovakia. In those jurisdictions, legally standard time is - observed in summer, and daylight savings time in winter, so that the - daylight savings offset is one hour behind standard time not one hour - ahead. This does not affect either the actual UTC offset or the - timezone abbreviations in use; the only known effect is that - the is_dst column in - the pg_timezone_names view will now be true - in winter and false in summer in these cases. - - - - - - - - - - Release 9.4.18 - - - Release date: - 2018-05-10 - - - - This release contains a variety of fixes from 9.4.17. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.18 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if the function marking mistakes mentioned in the first - changelog entry below affect you, you will want to take steps to - correct your database catalogs. - - - - Also, if you are upgrading from a version earlier than 9.4.17, - see . - - - - - Changes - - - - - - Fix incorrect volatility markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - query_to_xml, - cursor_to_xml, - cursor_to_xmlschema, - query_to_xmlschema, and - query_to_xml_and_xmlschema - should be marked volatile because they execute user-supplied queries - that might contain volatile operations. They were not, leading to a - risk of incorrect query optimization. This has been repaired for new - installations by correcting the initial catalog data, but existing - installations will continue to contain the incorrect markings. - Practical use of these functions seems to pose little hazard, but in - case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, - boolean, text) VOLATILE. (Note that that will need to be - done in each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed - TOAST entries (Pavan Deolasee) - - - - Once the OID counter has wrapped around, it's possible to assign a - TOAST value whose OID matches a previously deleted entry in the same - TOAST table. If that entry were not yet vacuumed away, this resulted - in unexpected chunk number 0 (expected 1) for toast - value nnnnn errors, which would - persist until the dead entry was removed - by VACUUM. Fix by not selecting such OIDs when - creating a new TOAST entry. - - - - - - Change ANALYZE's algorithm for updating - pg_class.reltuples - (David Gould) - - - - Previously, pages not actually scanned by ANALYZE - were assumed to retain their old tuple density. In a large table - where ANALYZE samples only a small fraction of the - pages, this meant that the overall tuple density estimate could not - change very much, so that reltuples would - change nearly proportionally to changes in the table's physical size - (relpages) regardless of what was actually - happening in the table. This has been observed to result - in reltuples becoming so much larger than - reality as to effectively shut off autovacuuming. To fix, assume - that ANALYZE's sample is a statistically unbiased - sample of the table (as it should be), and just extrapolate the - density observed within those pages to the whole table. - - - - - - Avoid deadlocks in concurrent CREATE INDEX - CONCURRENTLY commands that are run - under SERIALIZABLE or REPEATABLE - READ transaction isolation (Tom Lane) - - - - - - Fix possible slow execution of REFRESH MATERIALIZED VIEW - CONCURRENTLY (Thomas Munro) - - - - - - Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail - when the referenced cursor uses an index-only-scan plan (Yugo Nagata, - Tom Lane) - - - - - - Fix incorrect planning of join clauses pushed into parameterized - paths (Andrew Gierth, Tom Lane) - - - - This error could result in misclassifying a condition as - a join filter for an outer join when it should be a - plain filter condition, leading to incorrect join - output. - - - - - - Fix misoptimization of CHECK constraints having - provably-NULL subclauses of - top-level AND/OR conditions - (Tom Lane, Dean Rasheed) - - - - This could, for example, allow constraint exclusion to exclude a - child table that should not be excluded from a query. - - - - - - Avoid failure if a query-cancel or session-termination interrupt - occurs while committing a prepared transaction (Stas Kelvich) - - - - - - Fix query-lifespan memory leakage in repeatedly executed hash joins - (Tom Lane) - - - - - - Fix overly strict sanity check - in heap_prepare_freeze_tuple - (Álvaro Herrera) - - - - This could result in incorrect cannot freeze committed - xmax failures in databases that have - been pg_upgrade'd from 9.2 or earlier. - - - - - - Prevent dangling-pointer dereference when a C-coded before-update row - trigger returns the old tuple (Rushabh Lathia) - - - - - - Reduce locking during autovacuum worker scheduling (Jeff Janes) - - - - The previous behavior caused drastic loss of potential worker - concurrency in databases with many tables. - - - - - - Ensure client hostname is copied while copying - pg_stat_activity data to local memory - (Edmund Horner) - - - - Previously the supposedly-local snapshot contained a pointer into - shared memory, allowing the client hostname column to change - unexpectedly if any existing session disconnected. - - - - - - Fix incorrect processing of multiple compound affixes - in ispell dictionaries (Arthur Zakirov) - - - - - - Fix collation-aware searches (that is, indexscans using inequality - operators) in SP-GiST indexes on text columns (Tom Lane) - - - - Such searches would return the wrong set of rows in most non-C - locales. - - - - - - Count the number of index tuples correctly during initial build of an - SP-GiST index (Tomas Vondra) - - - - Previously, the tuple count was reported to be the same as that of - the underlying table, which is wrong if the index is partial. - - - - - - Count the number of index tuples correctly during vacuuming of a - GiST index (Andrey Borodin) - - - - Previously it reported the estimated number of heap tuples, - which might be inaccurate, and is certainly wrong if the - index is partial. - - - - - - Fix a corner case where a streaming standby gets stuck at a WAL - continuation record (Kyotaro Horiguchi) - - - - - - In logical decoding, avoid possible double processing of WAL data - when a walsender restarts (Craig Ringer) - - - - - - Allow scalarltsel - and scalargtsel to be used on non-core datatypes - (Tomas Vondra) - - - - - - Reduce libpq's memory consumption when a - server error is reported after a large amount of query output has - been collected (Tom Lane) - - - - Discard the previous output before, not after, processing the error - message. On some platforms, notably Linux, this can make a - difference in the application's subsequent memory footprint. - - - - - - Fix double-free crashes in ecpg - (Patrick Krecker, Jeevan Ladhe) - - - - - - Fix ecpg to handle long long - int variables correctly in MSVC builds (Michael Meskes, - Andrew Gierth) - - - - - - Fix mis-quoting of values for list-valued GUC variables in dumps - (Michael Paquier, Tom Lane) - - - - The local_preload_libraries, - session_preload_libraries, - shared_preload_libraries, - and temp_tablespaces variables were not correctly - quoted in pg_dump output. This would - cause problems if settings for these variables appeared in - CREATE FUNCTION ... SET or ALTER - DATABASE/ROLE ... SET clauses. - - - - - - Fix pg_recvlogical to not fail against - pre-v10 PostgreSQL servers - (Michael Paquier) - - - - A previous fix caused pg_recvlogical to - issue a command regardless of server version, but it should only be - issued to v10 and later servers. - - - - - - Fix overflow handling in PL/pgSQL - integer FOR loops (Tom Lane) - - - - The previous coding failed to detect overflow of the loop variable - on some non-gcc compilers, leading to an infinite loop. - - - - - - Adjust PL/Python regression tests to pass - under Python 3.7 (Peter Eisentraut) - - - - - - Support testing PL/Python and related - modules when building with Python 3 and MSVC (Andrew Dunstan) - - - - - - Rename internal b64_encode - and b64_decode functions to avoid conflict with - Solaris 11.4 built-in functions (Rainer Orth) - - - - - - Sync our copy of the timezone library with IANA tzcode release 2018e - (Tom Lane) - - - - This fixes the zic timezone data compiler - to cope with negative daylight-savings offsets. While - the PostgreSQL project will not - immediately ship such timezone data, zic - might be used with timezone data obtained directly from IANA, so it - seems prudent to update zic now. - - - - - - Update time zone data files to tzdata - release 2018d for DST law changes in Palestine and Antarctica (Casey - Station), plus historical corrections for Portugal and its colonies, - as well as Enderbury, Jamaica, Turks & Caicos Islands, and - Uruguay. - - - - - - - - - - Release 9.4.17 - - - Release date: - 2018-03-01 - - - - This release contains a variety of fixes from 9.4.16. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.17 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you run an installation in which not all users are mutually - trusting, or if you maintain an application or extension that is - intended for use in arbitrary situations, it is strongly recommended - that you read the documentation changes described in the first changelog - entry below, and take suitable steps to ensure that your installation or - code is secure. - - - - Also, the changes described in the second changelog entry below may - cause functions used in index expressions or materialized views to fail - during auto-analyze, or when reloading from a dump. After upgrading, - monitor the server logs for such problems, and fix affected functions. - - - - Also, if you are upgrading from a version earlier than 9.4.13, - see . - - - - - Changes - - - - - - Document how to configure installations and applications to guard - against search-path-dependent trojan-horse attacks from other users - (Noah Misch) - - - - Using a search_path setting that includes any - schemas writable by a hostile user enables that user to capture - control of queries and then run arbitrary SQL code with the - permissions of the attacked user. While it is possible to write - queries that are proof against such hijacking, it is notationally - tedious, and it's very easy to overlook holes. Therefore, we now - recommend configurations in which no untrusted schemas appear in - one's search path. Relevant documentation appears in - (for database administrators and users), - (for application authors), - (for extension authors), and - (for authors - of SECURITY DEFINER functions). - (CVE-2018-1058) - - - - - - Avoid use of insecure search_path settings - in pg_dump and other client programs - (Noah Misch, Tom Lane) - - - - pg_dump, - pg_upgrade, - vacuumdb and - other PostgreSQL-provided applications were - themselves vulnerable to the type of hijacking described in the previous - changelog entry; since these applications are commonly run by - superusers, they present particularly attractive targets. To make them - secure whether or not the installation as a whole has been secured, - modify them to include only the pg_catalog - schema in their search_path settings. - Autovacuum worker processes now do the same, as well. - - - - In cases where user-provided functions are indirectly executed by - these programs — for example, user-provided functions in index - expressions — the tighter search_path may - result in errors, which will need to be corrected by adjusting those - user-provided functions to not assume anything about what search path - they are invoked under. That has always been good practice, but now - it will be necessary for correct behavior. - (CVE-2018-1058) - - - - - - Fix misbehavior of concurrent-update rechecks with CTE references - appearing in subplans (Tom Lane) - - - - If a CTE (WITH clause reference) is used in an - InitPlan or SubPlan, and the query requires a recheck due to trying - to update or lock a concurrently-updated row, incorrect results could - be obtained. - - - - - - Fix planner failures with overlapping mergejoin clauses in an outer - join (Tom Lane) - - - - These mistakes led to left and right pathkeys do not match in - mergejoin or outer pathkeys do not match - mergeclauses planner errors in corner cases. - - - - - - Repair pg_upgrade's failure to - preserve relfrozenxid for materialized - views (Tom Lane, Andres Freund) - - - - This oversight could lead to data corruption in materialized views - after an upgrade, manifesting as could not access status of - transaction or found xmin from before - relfrozenxid errors. The problem would be more likely to - occur in seldom-refreshed materialized views, or ones that were - maintained only with REFRESH MATERIALIZED VIEW - CONCURRENTLY. - - - - If such corruption is observed, it can be repaired by refreshing the - materialized view (without CONCURRENTLY). - - - - - - Fix incorrect reporting of PL/Python function names in - error CONTEXT stacks (Tom Lane) - - - - An error occurring within a nested PL/Python function call (that is, - one reached via a SPI query from another PL/Python function) would - result in a stack trace showing the inner function's name twice, - rather than the expected results. Also, an error in a nested - PL/Python DO block could result in a null pointer - dereference crash on some platforms. - - - - - - Allow contrib/auto_explain's - log_min_duration setting to range up - to INT_MAX, or about 24 days instead of 35 minutes - (Tom Lane) - - - - - - - - - - Release 9.4.16 - - - Release date: - 2018-02-08 - - - - This release contains a variety of fixes from 9.4.15. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.16 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.13, - see . - - - - - Changes - - - - - - Ensure that all temporary files made - by pg_upgrade are non-world-readable - (Tom Lane, Noah Misch) - - - - pg_upgrade normally restricts its - temporary files to be readable and writable only by the calling user. - But the temporary file containing pg_dumpall -g - output would be group- or world-readable, or even writable, if the - user's umask setting allows. In typical usage on - multi-user machines, the umask and/or the working - directory's permissions would be tight enough to prevent problems; - but there may be people using pg_upgrade - in scenarios where this oversight would permit disclosure of database - passwords to unfriendly eyes. - (CVE-2018-1053) - - - - - - Fix vacuuming of tuples that were updated while key-share locked - (Andres Freund, Álvaro Herrera) - - - - In some cases VACUUM would fail to remove such - tuples even though they are now dead, leading to assorted data - corruption scenarios. - - - - - - Fix inadequate buffer locking in some LSN fetches (Jacob Champion, - Asim Praveen, Ashwin Agrawal) - - - - These errors could result in misbehavior under concurrent load. - The potential consequences have not been characterized fully. - - - - - - Avoid unnecessary failure in a query on an inheritance tree that - occurs concurrently with some child table being removed from the tree - by ALTER TABLE NO INHERIT (Tom Lane) - - - - - - Fix spurious deadlock failures when multiple sessions are - running CREATE INDEX CONCURRENTLY (Jeff Janes) - - - - - - Repair failure with correlated sub-SELECT - inside VALUES inside a LATERAL - subquery (Tom Lane) - - - - - - Fix could not devise a query plan for the given query - planner failure for some cases involving nested UNION - ALL inside a lateral subquery (Tom Lane) - - - - - - Fix logical decoding to correctly clean up disk files for crashed - transactions (Atsushi Torikoshi) - - - - Logical decoding may spill WAL records to disk for transactions - generating many WAL records. Normally these files are cleaned up - after the transaction's commit or abort record arrives; but if - no such record is ever seen, the removal code misbehaved. - - - - - - Fix walsender timeout failure and failure to respond to interrupts - when processing a large transaction (Petr Jelinek) - - - - - - Fix has_sequence_privilege() to - support WITH GRANT OPTION tests, - as other privilege-testing functions do (Joe Conway) - - - - - - In databases using UTF8 encoding, ignore any XML declaration that - asserts a different encoding (Pavel Stehule, Noah Misch) - - - - We always store XML strings in the database encoding, so allowing - libxml to act on a declaration of another encoding gave wrong results. - In encodings other than UTF8, we don't promise to support non-ASCII - XML data anyway, so retain the previous behavior for bug compatibility. - This change affects only xpath() and related - functions; other XML code paths already acted this way. - - - - - - Provide for forward compatibility with future minor protocol versions - (Robert Haas, Badrul Chowdhury) - - - - Up to now, PostgreSQL servers simply - rejected requests to use protocol versions newer than 3.0, so that - there was no functional difference between the major and minor parts - of the protocol version number. Allow clients to request versions 3.x - without failing, sending back a message showing that the server only - understands 3.0. This makes no difference at the moment, but - back-patching this change should allow speedier introduction of future - minor protocol upgrades. - - - - - - Cope with failure to start a parallel worker process - (Amit Kapila, Robert Haas) - - - - Parallel query previously tended to hang indefinitely if a worker - could not be started, as the result of fork() - failure or other low-probability problems. - - - - - - Prevent stack-overflow crashes when planning extremely deeply - nested set operations - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Fix null-pointer crashes for some types of LDAP URLs appearing - in pg_hba.conf (Thomas Munro) - - - - - - Fix sample INSTR() functions in the PL/pgSQL - documentation (Yugo Nagata, Tom Lane) - - - - These functions are stated to - be Oracle compatible, but - they weren't exactly. In particular, there was a discrepancy in the - interpretation of a negative third parameter: Oracle thinks that a - negative value indicates the last place where the target substring can - begin, whereas our functions took it as the last place where the - target can end. Also, Oracle throws an error for a zero or negative - fourth parameter, whereas our functions returned zero. - - - - The sample code has been adjusted to match Oracle's behavior more - precisely. Users who have copied this code into their applications - may wish to update their copies. - - - - - - Fix pg_dump to make ACL (permissions), - comment, and security label entries reliably identifiable in archive - output formats (Tom Lane) - - - - The tag portion of an ACL archive entry was usually - just the name of the associated object. Make it start with the object - type instead, bringing ACLs into line with the convention already used - for comment and security label archive entries. Also, fix the - comment and security label entries for the whole database, if present, - to make their tags start with DATABASE so that they - also follow this convention. This prevents false matches in code that - tries to identify large-object-related entries by seeing if the tag - starts with LARGE OBJECT. That could have resulted - in misclassifying entries as data rather than schema, with undesirable - results in a schema-only or data-only dump. - - - - Note that this change has user-visible results in the output - of pg_restore --list. - - - - - - In ecpg, detect indicator arrays that do - not have the correct length and report an error (David Rader) - - - - - - Avoid triggering a libc assertion - in contrib/hstore, due to use - of memcpy() with equal source and destination - pointers (Tomas Vondra) - - - - - - Provide modern examples of how to auto-start Postgres on macOS - (Tom Lane) - - - - The scripts in contrib/start-scripts/osx use - infrastructure that's been deprecated for over a decade, and which no - longer works at all in macOS releases of the last couple of years. - Add a new subdirectory contrib/start-scripts/macos - containing scripts that use the newer launchd - infrastructure. - - - - - - Fix incorrect selection of configuration-specific libraries for - OpenSSL on Windows (Andrew Dunstan) - - - - - - Support linking to MinGW-built versions of libperl (Noah Misch) - - - - This allows building PL/Perl with some common Perl distributions for - Windows. - - - - - - Fix MSVC build to test whether 32-bit libperl - needs -D_USE_32BIT_TIME_T (Noah Misch) - - - - Available Perl distributions are inconsistent about what they expect, - and lack any reliable means of reporting it, so resort to a build-time - test on what the library being used actually does. - - - - - - On Windows, install the crash dump handler earlier in postmaster - startup (Takayuki Tsunakawa) - - - - This may allow collection of a core dump for some early-startup - failures that did not produce a dump before. - - - - - - On Windows, avoid encoding-conversion-related crashes when emitting - messages very early in postmaster startup (Takayuki Tsunakawa) - - - - - - Use our existing Motorola 68K spinlock code on OpenBSD as - well as NetBSD (David Carlier) - - - - - - Add support for spinlocks on Motorola 88K (David Carlier) - - - - - - Update time zone data files to tzdata - release 2018c for DST law changes in Brazil, Sao Tome and Principe, - plus historical corrections for Bolivia, Japan, and South Sudan. - The US/Pacific-New zone has been removed (it was - only an alias for America/Los_Angeles anyway). - - - - - - - - - - Release 9.4.15 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.4.14. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.15 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.13, - see . - - - - - Changes - - - - - - Fix crash due to rowtype mismatch - in json{b}_populate_recordset() - (Michael Paquier, Tom Lane) - - - - These functions used the result rowtype specified in the FROM - ... AS clause without checking that it matched the actual - rowtype of the supplied tuple value. If it didn't, that would usually - result in a crash, though disclosure of server memory contents seems - possible as well. - (CVE-2017-15098) - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Fix crash when logical decoding is invoked from a SPI-using function, - in particular any function written in a PL language - (Tom Lane) - - - - - - Fix json_build_array(), - json_build_object(), and their jsonb - equivalents to handle explicit VARIADIC arguments - correctly (Michael Paquier) - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - Avoid SIGBUS crash on Linux when a DSM memory - request exceeds the space available in tmpfs - (Thomas Munro) - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Allow COPY's FREEZE option to - work when the transaction isolation level is REPEATABLE - READ or higher (Noah Misch) - - - - This case was unintentionally broken by a previous bug fix. - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - Fix mis-parsing of the last line in a - non-newline-terminated pg_hba.conf file - (Tom Lane) - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - Fix ecpg's handling of out-of-scope cursor - declarations with pointer or array variables (Michael Meskes) - - - - - - In ecpglib, correctly handle backslashes in string literals depending - on whether standard_conforming_strings is set - (Tsunakawa Takayuki) - - - - - - Make ecpglib's Informix-compatibility mode ignore fractional digits in - integer input strings, as expected (Gao Zengqi, Michael Meskes) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.4.14 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.4.13. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.14 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.13, - see . - - - - - Changes - - - - - - - Fix failure of walsender processes to respond to shutdown signals - (Marco Nenciarini) - - - - A missed flag update resulted in walsenders continuing to run as long - as they had a standby server connected, preventing primary-server - shutdown unless immediate shutdown mode is used. - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - Fix crash in pg_restore when using parallel mode and - using a list file to select a subset of items to restore - (Fabrízio de Royes Mello) - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - - - - - Release 9.4.13 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.4.12. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.13 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.4.12, - see . - - - - - Changes - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - Make lo_put() check for UPDATE privilege on - the target large object (Tom Lane, Michael Paquier) - - - - lo_put() should surely require the same permissions - as lowrite(), but the check was missing, allowing any - user to change the data in a large object. - (CVE-2017-7548) - - - - - - Fix concurrent locking of tuple update chains (Álvaro Herrera) - - - - If several sessions concurrently lock a tuple update chain with - nonconflicting lock modes using an old snapshot, and they all - succeed, it was possible for some of them to nonetheless fail (and - conclude there is no live tuple version) due to a race condition. - This had consequences such as foreign-key checks failing to see a - tuple that definitely exists but is being updated concurrently. - - - - - - Fix potential data corruption when freezing a tuple whose XMAX is a - multixact with exactly one still-interesting member (Teodor Sigaev) - - - - - - Avoid integer overflow and ensuing crash when sorting more than one - billion tuples in-memory (Sergey Koposov) - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - Fix walsender to exit promptly when client requests - shutdown (Tom Lane) - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - Prevent walsender-triggered panics during shutdown checkpoints - (Andres Freund, Michael Paquier) - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - - Fix logical decoding failure with very wide tuples (Andres Freund) - - - - Logical decoding crashed on tuples that are wider than 64KB (after - compression, but with all data in-line). The case arises only - when REPLICA IDENTITY FULL is enabled for a table - containing such tuples. - - - - - - Fix leakage of small subtransactions spilled to disk during logical - decoding (Andres Freund) - - - - This resulted in temporary files consuming excessive disk space. - - - - - - Reduce the work needed to build snapshots during creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - The previous algorithm was infeasibly expensive on a server with a - lot of open transactions. - - - - - - Fix race condition that could indefinitely delay creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - - - Reduce overhead in processing syscache invalidation events (Tom Lane) - - - - This is particularly helpful for logical decoding, which triggers - frequent cache invalidation. - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - Allow window functions to be used in sub-SELECTs that - are within the arguments of an aggregate function (Tom Lane) - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - In libpq, reset GSS/SASL and SSPI authentication - state properly after a failed connection attempt (Michael Paquier) - - - - Failure to do this meant that when falling back from SSL to non-SSL - connections, a GSS/SASL failure in the SSL attempt would always cause - the non-SSL attempt to fail. SSPI did not fail, but it leaked memory. - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - Fix pg_dump and pg_restore to - emit REFRESH MATERIALIZED VIEW commands last (Tom Lane) - - - - This prevents errors during dump/restore when a materialized view - refers to tables owned by a different user. - - - - - - Improve pg_dump/pg_restore's - reporting of error conditions originating in zlib - (Vladimir Kunschikov, Álvaro Herrera) - - - - - - Fix pg_dump with the - - - It also now correctly assigns ownership of event triggers; before, - they were restored as being owned by the superuser running the - restore script. - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - Fix dumping of outer joins with empty constraints, such as the result - of a NATURAL LEFT JOIN with no common columns (Tom Lane) - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - In postgres_fdw, re-establish connections to remote - servers after ALTER SERVER or ALTER USER - MAPPING commands (Kyotaro Horiguchi) - - - - This ensures that option changes affecting connection parameters will - be applied promptly. - - - - - - In postgres_fdw, allow cancellation of remote - transaction control commands (Robert Haas, Rafia Sabih) - - - - This change allows us to quickly escape a wait for an unresponsive - remote server in many more cases than previously. - - - - - - Increase MAX_SYSCACHE_CALLBACKS to provide more room for - extensions (Tom Lane) - - - - - - Always use - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - Fix unescaped-braces issue in our build scripts for Microsoft MSVC, - to avoid a warning or error from recent Perl versions (Andrew - Dunstan) - - - - - - In MSVC builds, handle the case where the openssl - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - In MSVC builds, honor PROVE_FLAGS settings - on vcregress.pl's command line (Andrew Dunstan) - - - - - - - - - - Release 9.4.12 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.4.11. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.12 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are using third-party replication tools that depend - on logical decoding, see the fourth changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.4.11, - see . - - - - - Changes - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - Restore libpq's recognition of - the PGREQUIRESSL environment variable (Daniel Gustafsson) - - - - Processing of this environment variable was unintentionally dropped - in PostgreSQL 9.3, but its documentation remained. - This creates a security hazard, since users might be relying on the - environment variable to force SSL-encrypted connections, but that - would no longer be guaranteed. Restore handling of the variable, - but give it lower priority than PGSSLMODE, to avoid - breaking configurations that work correctly with post-9.3 code. - (CVE-2017-7485) - - - - - - Fix possibly-invalid initial snapshot during logical decoding - (Petr Jelinek, Andres Freund) - - - - The initial snapshot created for a logical decoding replication slot - was potentially incorrect. This could cause third-party tools that - use logical decoding to copy incomplete/inconsistent initial data. - This was more likely to happen if the source server was busy at the - time of slot creation, or if another logical slot already existed. - - - - If you are using a replication tool that depends on logical decoding, - and it should have copied a nonempty data set at the start of - replication, it is advisable to recreate the replica after - installing this update, or to verify its contents against the source - server. - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - Avoid possible crash in walsender due to failure - to initialize a string buffer (Stas Kelvich, Fujii Masao) - - - - - - Fix postmaster's handling of fork() failure for a - background worker process (Tom Lane) - - - - Previously, the postmaster updated portions of its state as though - the process had been launched successfully, resulting in subsequent - confusion. - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - Fix integer-overflow problems in interval comparison (Kyotaro - Horiguchi, Tom Lane) - - - - The comparison operators for type interval could yield wrong - answers for intervals larger than about 296000 years. Indexes on - columns containing such large values should be reindexed, since they - may be corrupt. - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - Fix roundoff problems in float8_timestamptz() - and make_interval() (Tom Lane) - - - - These functions truncated, rather than rounded, when converting a - floating-point value to integer microseconds; that could cause - unexpectedly off-by-one results. - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - Reduce memory management overhead for contexts containing many large - blocks (Tom Lane) - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - Fix contrib/pg_trgm's extraction of trigrams from regular - expressions (Tom Lane) - - - - In some cases it would produce a broken data structure that could never - match anything, leading to GIN or GiST indexscans that use a trigram - index not finding any matches to the regular expression. - - - - - - In contrib/postgres_fdw, - transmit query cancellation requests to the remote server - (Michael Paquier, Etsuro Fujita) - - - - Previously, a local query cancellation request did not cause an - already-sent remote query to terminate early. This is a back-patch - of work originally done for 9.6. - - - - - - - Support OpenSSL 1.1.0 (Heikki Linnakangas, Andreas Karlsson, Tom Lane) - - - - This is a back-patch of work previously done in newer branches; - it's needed since many platforms are adopting newer OpenSSL versions. - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.4.11 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.4.10. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.11 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.4.10, - see . - - - - - Changes - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - Ensure that the special snapshot used for catalog scans is not - invalidated by premature data pruning (Tom Lane) - - - - Backends failed to account for this snapshot when advertising their - oldest xmin, potentially allowing concurrent vacuuming operations to - remove data that was still needed. This led to transient failures - along the lines of cache lookup failed for relation 1255. - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - Reduce interlocking on standby servers during the replay of btree - index vacuuming operations (Simon Riggs) - - - - This change avoids substantial replication delays that sometimes - occurred while replaying such operations. - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - Ensure that hot standby feedback works correctly when it's enabled at - standby server start (Ants Aasma, Craig Ringer) - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - Fix incorrect updating of trigger function properties when changing a - foreign-key constraint's deferrability properties with ALTER - TABLE ... ALTER CONSTRAINT (Tom Lane) - - - - This led to odd failures during subsequent exercise of the foreign - key, as the triggers were fired at the wrong times. - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - Fix CREATE OR REPLACE VIEW to update the view query - before attempting to apply the new view options (Dean Rasheed) - - - - Previously the command would fail if the new options were - inconsistent with the old view definition. - - - - - - Report correct object identity during ALTER TEXT SEARCH - CONFIGURATION (Artur Zakirov) - - - - The wrong catalog OID was reported to extensions such as logical - decoding. - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - Prevent multicolumn expansion of foo.* in - an UPDATE source expression (Tom Lane) - - - - This led to UPDATE target count mismatch --- internal - error. Now the syntax is understood as a whole-row variable, - as it would be in other contexts. - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - Ensure that cached plans are invalidated by changes in foreign-table - options (Amit Langote, Etsuro Fujita, Ashutosh Bapat) - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - Fix pg_restore with - - - This doesn't fix any live bug, but it may improve the behavior in - future if pg_restore is used with an archive - generated by a later pg_dump version. - - - - - - Fix pg_basebackup's rate limiting in the presence of - slow I/O (Antonin Houska) - - - - If disk I/O was transiently much slower than the specified rate - limit, the calculation overflowed, effectively disabling the rate - limit for the rest of the run. - - - - - - Fix pg_basebackup's handling of - symlinked pg_stat_tmp and pg_replslot - subdirectories (Magnus Hagander, Michael Paquier) - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - Teach contrib/dblink to ignore irrelevant server options - when it uses a contrib/postgres_fdw foreign server as - the source of connection options (Corey Huinker) - - - - Previously, if the foreign server object had options that were not - also libpq connection options, an error occurred. - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.4.10 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.4.9. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.10 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted free space maps. - - - - Also, if you are upgrading from a version earlier than 9.4.6, - see . - - - - - Changes - - - - - - Fix WAL-logging of truncation of relation free space maps and - visibility maps (Pavan Deolasee, Heikki Linnakangas) - - - - It was possible for these files to not be correctly restored during - crash recovery, or to be written incorrectly on a standby server. - Bogus entries in a free space map could lead to attempts to access - pages that have been truncated away from the relation itself, typically - producing errors like could not read block XXX: - read only 0 of 8192 bytes. Checksum failures in the - visibility map are also possible, if checksumming is enabled. - - - - Procedures for determining whether there is a problem and repairing it - if so are discussed at - . - - - - - - Fix incorrect creation of GIN index WAL records on big-endian machines - (Tom Lane) - - - - The typical symptom was unexpected GIN leaf action errors - during WAL replay. - - - - - - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that - have been updated by a subsequently-aborted transaction - (Álvaro Herrera) - - - - In 9.5 and later, the SELECT would sometimes fail to - return such tuples at all. A failure has not been proven to occur in - earlier releases, but might be possible with concurrent updates. - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - Fix query-lifespan memory leak in a bulk UPDATE on a table - with a PRIMARY KEY or REPLICA IDENTITY index - (Tom Lane) - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - Suppress printing of zeroes for unmeasured times - in EXPLAIN (Maksim Milyutin) - - - - Certain option combinations resulted in printing zero values for times - that actually aren't ever measured in that combination. Our general - policy in EXPLAIN is not to print such fields at all, so - do that consistently in all cases. - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Fix logical WAL decoding to work properly when a subtransaction's WAL - output is large enough to spill to disk (Andres Freund) - - - - - - - Fix buffer overread in logical WAL decoding (Tom Lane) - - - - Logical decoding of a tuple update record read 23 bytes too many, - which was usually harmless but with very bad luck could result in a - crash. - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - Properly initialize replication slot state when recycling a - previously-used slot (Michael Paquier) - - - - This failure to reset all of the fields of the slot could - prevent VACUUM from removing dead tuples. - - - - - - Round shared-memory allocation request to a multiple of the actual - huge page size when attempting to use huge pages on Linux (Tom Lane) - - - - This avoids possible failures during munmap() on systems - with atypical default huge page sizes. Except in crash-recovery - cases, there were no ill effects other than a log message. - - - - - - Use a more random value for the dynamic shared memory control - segment's ID (Robert Haas, Tom Lane) - - - - Previously, the same value would be chosen every time, because it was - derived from random() but srandom() had not - yet been called. While relatively harmless, this was not the intended - behavior. - - - - - - On Windows, retry creation of the dynamic shared memory control - segment after an access-denied error (Kyotaro Horiguchi, Amit Kapila) - - - - Windows sometimes returns ERROR_ACCESS_DENIED rather - than ERROR_ALREADY_EXISTS when there is an existing - segment. This led to postmaster startup failure due to believing that - the former was an unrecoverable error. - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - Make ecpg's - - - - - Fix pgbench's calculation of average latency - (Fabien Coelho) - - - - The calculation was incorrect when there were \sleep - commands in the script, or when the test duration was specified in - number of transactions rather than total time. - - - - - - In pg_dump, never dump range constructor functions - (Tom Lane) - - - - This oversight led to pg_upgrade failures with - extensions containing range types, due to duplicate creation of the - constructor functions. - - - - - - In pg_xlogdump, retry opening new WAL segments when - using - - - This allows for a possible delay in the server's creation of the next - segment. - - - - - - Fix pg_xlogdump to cope with a WAL file that begins - with a continuation record spanning more than one page (Pavan - Deolasee) - - - - - - Fix contrib/pg_buffercache to work - when shared_buffers exceeds 256GB (KaiGai Kohei) - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the - - - - - Install TAP test infrastructure so that it's available for extension - testing (Craig Ringer) - - - - When PostgreSQL has been configured - with - - - - - In MSVC builds, include pg_recvlogical in a - client-only installation (MauMau) - - - - - - Update Windows time zone mapping to recognize some time zone names - added in recent Windows versions (Michael Paquier) - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.4.9 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.4.8. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.9 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.6, - see . - - - - - Changes - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - Avoid possible crash in pg_get_expr() when inconsistent - values are passed to it (Michael Paquier, Thomas Munro) - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - Do not run the planner on the query contained in CREATE - MATERIALIZED VIEW or CREATE TABLE AS - when WITH NO DATA is specified (Michael Paquier, - Tom Lane) - - - - This avoids some unnecessary failure conditions, for example if a - stable function invoked by the materialized view depends on a table - that doesn't exist yet. - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - Fix hint bit update during WAL replay of row locking operations - (Andres Freund) - - - - The only known consequence of this problem is that row locks held by - a prepared, but uncommitted, transaction might fail to be enforced - after a crash and restart. - - - - - - Avoid unnecessary could not serialize access errors when - acquiring FOR KEY SHARE row locks in serializable mode - (Álvaro Herrera) - - - - - - Avoid crash in postgres -C when the specified variable - has a null string value (Michael Paquier) - - - - - - Fix possible loss of large subtransactions in logical decoding - (Petru-Florin Mihancea) - - - - - - Fix failure of logical decoding when a subtransaction contains no - actual changes (Marko Tiikkaja, Andrew Gierth) - - - - - - Ensure that backends see up-to-date statistics for shared catalogs - (Tom Lane) - - - - The statistics collector failed to update the statistics file for - shared catalogs after a request from a regular backend. This problem - was partially masked because the autovacuum launcher regularly makes - requests that did cause such updates; however, it became obvious with - autovacuum disabled. - - - - - - Avoid redundant writes of the statistics files when multiple - backends request updates close together (Tom Lane, Tomas Vondra) - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - - Avoid canceling hot-standby queries during VACUUM FREEZE - (Simon Riggs, Álvaro Herrera) - - - - VACUUM FREEZE on an otherwise-idle master server could - result in unnecessary cancellations of queries on its standby - servers. - - - - - - Prevent possible failure when vacuuming multixact IDs in an - installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth, - Álvaro Herrera) - - - - The usual symptom of this bug is errors - like MultiXactId NNN has not been created - yet -- apparent wraparound. - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - Avoid duplicate buffer lock release when abandoning a b-tree index - page deletion attempt (Tom Lane) - - - - This mistake prevented VACUUM from completing in some - cases involving corrupt b-tree indexes. - - - - - - Prevent infinite loop in GiST index build for geometric columns - containing NaN component values (Tom Lane) - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - In pg_dump with both - - - - - Improve handling of SIGTERM/control-C in - parallel pg_dump and pg_restore (Tom - Lane) - - - - Make sure that the worker processes will exit promptly, and also arrange - to send query-cancel requests to the connected backends, in case they - are doing something long-running such as a CREATE INDEX. - - - - - - Fix error reporting in parallel pg_dump - and pg_restore (Tom Lane) - - - - Previously, errors reported by pg_dump - or pg_restore worker processes might never make it to - the user's console, because the messages went through the master - process, and there were various deadlock scenarios that would prevent - the master process from passing on the messages. Instead, just print - everything to stderr. In some cases this will result in - duplicate messages (for instance, if all the workers report a server - shutdown), but that seems better than no message. - - - - - - Ensure that parallel pg_dump - or pg_restore on Windows will shut down properly - after an error (Kyotaro Horiguchi) - - - - Previously, it would report the error, but then just sit until - manually stopped by the user. - - - - - - Make pg_dump behave better when built without zlib - support (Kyotaro Horiguchi) - - - - It didn't work right for parallel dumps, and emitted some rather - pointless warnings in other cases. - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - Be more predictable about reporting statement timeout - versus lock timeout (Tom Lane) - - - - On heavily loaded machines, the regression tests sometimes failed due - to reporting lock timeout even though the statement timeout - should have occurred first. - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.4.8 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.4.7. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.8 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.6, - see . - - - - - Changes - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - Fix incorrect handling of equivalence-class tests in multilevel - nestloop plans (Tom Lane) - - - - Given a three-or-more-way equivalence class of variables, such - as X.X = Y.Y = Z.Z, it was possible for the planner to omit - some of the tests needed to enforce that all the variables are actually - equal, leading to join rows being output that didn't satisfy - the WHERE clauses. For various reasons, erroneous plans - were seldom selected in practice, so that this bug has gone undetected - for a long time. - - - - - - Fix query-lifespan memory leak in GIN index scans (Julien Rouhaud) - - - - - - Fix query-lifespan memory leak and potential index corruption hazard in - GIN index insertion (Tom Lane) - - - - The memory leak would typically not amount to much in simple queries, - but it could be very substantial during a large GIN index build with - high maintenance_work_mem. - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - Disallow newlines in ALTER SYSTEM parameter values - (Tom Lane) - - - - The configuration-file parser doesn't support embedded newlines in - string literals, so we mustn't allow them in values to be inserted - by ALTER SYSTEM. - - - - - - Fix ALTER TABLE ... REPLICA IDENTITY USING INDEX to - work properly if an index on OID is selected (David Rowley) - - - - - - Fix crash in logical decoding on alignment-picky platforms (Tom Lane, - Andres Freund) - - - - The failure occurred only with a transaction large enough to spill to - disk and a primary-key change within that transaction. - - - - - - Avoid repeated requests for feedback from receiver while shutting down - walsender (Nick Cleaton) - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - Fix pg_upgrade to not fail when new-cluster TOAST rules - differ from old (Tom Lane) - - - - pg_upgrade had special-case code to handle the - situation where the new PostgreSQL version thinks that - a table should have a TOAST table while the old version did not. That - code was broken, so remove it, and instead do nothing in such cases; - there seems no reason to believe that we can't get along fine without - a TOAST table if that was okay according to the old version's rules. - - - - - - Reduce the number of SysV semaphores used by a build configured with - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - Fix putenv() to work properly with Visual Studio 2013 - (Michael Paquier) - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.4.7 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.4.6. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.7 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.6, - see . - - - - - Changes - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - Fix bug in json_to_record() when a field of its input - object contains a sub-object with a field name matching one of the - requested output column names (Tom Lane) - - - - - - Fix misformatting of negative time zone offsets - by to_char()'s OF format code - (Thomas Munro, Tom Lane) - - - - - - Ignore parameter until - recovery has reached a consistent state (Michael Paquier) - - - - Previously, standby servers would delay application of WAL records in - response to recovery_min_apply_delay even while replaying - the initial portion of WAL needed to make their database state valid. - Since the standby is useless until it's reached a consistent database - state, this was deemed unhelpful. - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - Fix assorted bugs in logical decoding (Andres Freund) - - - - Trouble cases included tuples larger than one page when replica - identity is FULL, UPDATEs that change a - primary key within a transaction large enough to be spooled to disk, - incorrect reports of subxact logged without previous toplevel - record, and incorrect reporting of a transaction's commit time. - - - - - - Fix planner error with nested security barrier views when the outer - view has a WHERE clause containing a correlated subquery - (Dean Rasheed) - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - In pg_upgrade, skip creating a deletion script when - the new data directory is inside the old data directory (Bruce - Momjian) - - - - Blind application of the script in such cases would result in loss of - the new data directory. - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.4.6 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.4.5. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.6 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading an installation that contains any GIN - indexes that use the (non-default) jsonb_path_ops operator - class, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.4.4, - see . - - - - - Changes - - - - - - - - Fix inconsistent hash calculations in jsonb_path_ops GIN - indexes (Tom Lane) - - - - When processing jsonb values that contain both scalars and - sub-objects at the same nesting level, for example an array containing - both scalars and sub-arrays, key hash values could be calculated - differently than they would be for the same key in a different context. - This could result in queries not finding entries that they should find. - Fixing this means that existing indexes may now be inconsistent with the - new hash calculation code. Users - should REINDEX jsonb_path_ops GIN indexes after - installing this update to make sure that all searches work as expected. - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - - - Perform an immediate shutdown if the postmaster.pid file - is removed (Tom Lane) - - - - The postmaster now checks every minute or so - that postmaster.pid is still there and still contains its - own PID. If not, it performs an immediate shutdown, as though it had - received SIGQUIT. The main motivation for this change - is to ensure that failed buildfarm runs will get cleaned up without - manual intervention; but it also serves to limit the bad effects if a - DBA forcibly removes postmaster.pid and then starts a new - postmaster. - - - - - - - - In SERIALIZABLE transaction isolation mode, serialization - anomalies could be missed due to race conditions during insertions - (Kevin Grittner, Thomas Munro) - - - - - - - - Fix failure to emit appropriate WAL records when doing ALTER - TABLE ... SET TABLESPACE for unlogged relations (Michael Paquier, - Andres Freund) - - - - Even though the relation's data is unlogged, the move must be logged or - the relation will be inaccessible after a standby is promoted to master. - - - - - - - - Fix possible misinitialization of unlogged relations at the end of - crash recovery (Andres Freund, Michael Paquier) - - - - - - - - Ensure walsender slots are fully re-initialized when being re-used - (Magnus Hagander) - - - - - - - - Fix ALTER COLUMN TYPE to reconstruct inherited check - constraints properly (Tom Lane) - - - - - - - - Fix REASSIGN OWNED to change ownership of composite types - properly (Álvaro Herrera) - - - - - - - - Fix REASSIGN OWNED and ALTER OWNER to correctly - update granted-permissions lists when changing owners of data types, - foreign data wrappers, or foreign servers (Bruce Momjian, - Álvaro Herrera) - - - - - - - - Fix REASSIGN OWNED to ignore foreign user mappings, - rather than fail (Álvaro Herrera) - - - - - - - - Fix possible crash after doing query rewrite for an updatable view - (Stephen Frost) - - - - - - - - Fix planner's handling of LATERAL references (Tom - Lane) - - - - This fixes some corner cases that led to failed to build any - N-way joins or could not devise a query plan planner - failures. - - - - - - - - Add more defenses against bad planner cost estimates for GIN index - scans when the index's internal statistics are very out-of-date - (Tom Lane) - - - - - - - - Make planner cope with hypothetical GIN indexes suggested by an index - advisor plug-in (Julien Rouhaud) - - - - - - - - Speed up generation of unique table aliases in EXPLAIN and - rule dumping, and ensure that generated aliases do not - exceed NAMEDATALEN (Tom Lane) - - - - - - - - Fix dumping of whole-row Vars in ROW() - and VALUES() lists (Tom Lane) - - - - - - - - Translation of minus-infinity dates and timestamps to json - or jsonb incorrectly rendered them as plus-infinity (Tom Lane) - - - - - - - - Fix possible internal overflow in numeric division - (Dean Rasheed) - - - - - - - - Fix enforcement of restrictions inside parentheses within regular - expression lookahead constraints (Tom Lane) - - - - Lookahead constraints aren't allowed to contain backrefs, and - parentheses within them are always considered non-capturing, according - to the manual. However, the code failed to handle these cases properly - inside a parenthesized subexpression, and would give unexpected - results. - - - - - - - - Conversion of regular expressions to indexscan bounds could produce - incorrect bounds from regexps containing lookahead constraints - (Tom Lane) - - - - - - - - Fix regular-expression compiler to handle loops of constraint arcs - (Tom Lane) - - - - The code added for CVE-2007-4772 was both incomplete, in that it didn't - handle loops involving more than one state, and incorrect, in that it - could cause assertion failures (though there seem to be no bad - consequences of that in a non-assert build). Multi-state loops would - cause the compiler to run until the query was canceled or it reached - the too-many-states error condition. - - - - - - - - Improve memory-usage accounting in regular-expression compiler - (Tom Lane) - - - - This causes the code to emit regular expression is too - complex errors in some cases that previously used unreasonable - amounts of time and memory. - - - - - - - - Improve performance of regular-expression compiler (Tom Lane) - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - - - On Windows, ensure the shared-memory mapping handle gets closed in - child processes that don't need it (Tom Lane, Amit Kapila) - - - - This oversight resulted in failure to recover from crashes - whenever logging_collector is turned on. - - - - - - - - Fix possible failure to detect socket EOF in non-blocking mode on - Windows (Tom Lane) - - - - It's not entirely clear whether this problem can happen in pre-9.5 - branches, but if it did, the symptom would be that a walsender process - would wait indefinitely rather than noticing a loss of connection. - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - - - In psql, ensure that libreadline's idea - of the screen size is updated when the terminal window size changes - (Merlin Moncure) - - - - Previously, libreadline did not notice if the window - was resized during query output, leading to strange behavior during - later input of multiline queries. - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - - - Avoid possible crash in psql's \c command - when previous connection was via Unix socket and command specifies a - new hostname and same username (Tom Lane) - - - - - - - - In pg_ctl start -w, test child process status directly - rather than relying on heuristics (Tom Lane, Michael Paquier) - - - - Previously, pg_ctl relied on an assumption that the new - postmaster would always create postmaster.pid within five - seconds. But that can fail on heavily-loaded systems, - causing pg_ctl to report incorrectly that the - postmaster failed to start. - - - - Except on Windows, this change also means that a pg_ctl start - -w done immediately after another such command will now reliably - fail, whereas previously it would report success if done within two - seconds of the first command. - - - - - - - - In pg_ctl start -w, don't attempt to use a wildcard listen - address to connect to the postmaster (Kondo Yuta) - - - - On Windows, pg_ctl would fail to detect postmaster - startup if listen_addresses is set to 0.0.0.0 - or ::, because it would try to use that value verbatim as - the address to connect to, which doesn't work. Instead assume - that 127.0.0.1 or ::1, respectively, is the - right thing to use. - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - - - In pg_dump and pg_basebackup, adopt - the GNU convention for handling tar-archive members exceeding 8GB - (Tom Lane) - - - - The POSIX standard for tar file format does not allow - archive member files to exceed 8GB, but most modern implementations - of tar support an extension that fixes that. Adopt - this extension so that pg_dump with - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - - - Ensure that relation option values are properly quoted - in pg_dump (Kouhei Sutou, Tom Lane) - - - - A reloption value that isn't a simple identifier or number could lead - to dump/reload failures due to syntax errors in CREATE statements - issued by pg_dump. This is not an issue with any - reloption currently supported by core PostgreSQL, but - extensions could allow reloptions that cause the problem. - - - - - - - - Avoid repeated password prompts during parallel pg_dump - (Zeus Kronion) - - - - - - - - Fix pg_upgrade's file-copying code to handle errors - properly on Windows (Bruce Momjian) - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - - - Fix failure to localize messages emitted - by pg_receivexlog and pg_recvlogical - (Ioseph Kim) - - - - - - Avoid dump/reload problems when using both plpython2 - and plpython3 (Tom Lane) - - - - In principle, both versions of PL/Python can be used in - the same database, though not in the same session (because the two - versions of libpython cannot safely be used concurrently). - However, pg_restore and pg_upgrade both - do things that can fall foul of the same-session restriction. Work - around that by changing the timing of the check. - - - - - - Fix PL/Python regression tests to pass with Python 3.5 - (Peter Eisentraut) - - - - - - - - Fix premature clearing of libpq's input buffer when - socket EOF is seen (Tom Lane) - - - - This mistake caused libpq to sometimes not report the - backend's final error message before reporting server closed the - connection unexpectedly. - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - - - Improve libpq's handling of out-of-memory situations - (Michael Paquier, Amit Kapila, Heikki Linnakangas) - - - - - - - - Fix order of arguments - in ecpg-generated typedef statements - (Michael Meskes) - - - - - - - - Use %g not %f format - in ecpg's PGTYPESnumeric_from_double() - (Tom Lane) - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - Fix hstore_to_json_loose()'s test for whether - an hstore value can be converted to a JSON number (Tom Lane) - - - - Previously this function could be fooled by non-alphanumeric trailing - characters, leading to emitting syntactically-invalid JSON. - - - - - - - - Ensure that contrib/pgcrypto's crypt() - function can be interrupted by query cancel (Andreas Karlsson) - - - - - - In contrib/postgres_fdw, fix bugs triggered by use - of tableoid in data-modifying commands (Etsuro Fujita, - Robert Haas) - - - - - - - - Accept flex versions later than 2.5.x - (Tom Lane, Michael Paquier) - - - - Now that flex 2.6.0 has been released, the version checks in our build - scripts needed to be adjusted. - - - - - - Improve reproducibility of build output by ensuring filenames are given - to the linker in a fixed order (Christoph Berg) - - - - This avoids possible bitwise differences in the produced executable - files from one build to the next. - - - - - - - - Install our missing script where PGXS builds can find it - (Jim Nasby) - - - - This allows sane behavior in a PGXS build done on a machine where build - tools such as bison are missing. - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - - - Add variant regression test expected-output file to match behavior of - current libxml2 (Tom Lane) - - - - The fix for libxml2's CVE-2015-7499 causes it not to - output error context reports in some cases where it used to do so. - This seems to be a bug, but we'll probably have to live with it for - some time, so work around it. - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.4.5 - - - Release date: - 2015-10-08 - - - - This release contains a variety of fixes from 9.4.4. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.5 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.4, - see . - - - - - Changes - - - - - - - - Guard against stack overflows in json parsing - (Oskari Saarenmaa) - - - - If an application constructs PostgreSQL json - or jsonb values from arbitrary user input, the application's - users can reliably crash the PostgreSQL server, causing momentary - denial of service. (CVE-2015-5289) - - - - - - - - Fix contrib/pgcrypto to detect and report - too-short crypt() salts (Josh Kupershmidt) - - - - Certain invalid salt arguments crashed the server or disclosed a few - bytes of server memory. We have not ruled out the viability of - attacks that arrange for presence of confidential information in the - disclosed bytes, but they seem unlikely. (CVE-2015-5288) - - - - - - - - Fix subtransaction cleanup after a portal (cursor) belonging to an - outer subtransaction fails (Tom Lane, Michael Paquier) - - - - A function executed in an outer-subtransaction cursor could cause an - assertion failure or crash by referencing a relation created within an - inner subtransaction. - - - - - - - - Fix possible deadlock during WAL insertion - when commit_delay is set (Heikki Linnakangas) - - - - - - - - Ensure all relations referred to by an updatable view are properly - locked during an update statement (Dean Rasheed) - - - - - - - - Fix insertion of relations into the relation cache init file - (Tom Lane) - - - - An oversight in a patch in the most recent minor releases - caused pg_trigger_tgrelid_tgname_index to be omitted - from the init file. Subsequent sessions detected this, then deemed the - init file to be broken and silently ignored it, resulting in a - significant degradation in session startup time. In addition to fixing - the bug, install some guards so that any similar future mistake will be - more obvious. - - - - - - - - Avoid O(N^2) behavior when inserting many tuples into a SPI query - result (Neil Conway) - - - - - - - - Improve LISTEN startup time when there are many unread - notifications (Matt Newell) - - - - - - - - Fix performance problem when a session alters large numbers of foreign - key constraints (Jan Wieck, Tom Lane) - - - - This was seen primarily when restoring pg_dump output - for databases with many thousands of tables. - - - - - - - - Disable SSL renegotiation by default (Michael Paquier, Andres Freund) - - - - While use of SSL renegotiation is a good idea in theory, we have seen - too many bugs in practice, both in the underlying OpenSSL library and - in our usage of it. Renegotiation will be removed entirely in 9.5 and - later. In the older branches, just change the default value - of ssl_renegotiation_limit to zero (disabled). - - - - - - - - Lower the minimum values of the *_freeze_max_age parameters - (Andres Freund) - - - - This is mainly to make tests of related behavior less time-consuming, - but it may also be of value for installations with limited disk space. - - - - - - - - Limit the maximum value of wal_buffers to 2GB to avoid - server crashes (Josh Berkus) - - - - - - - - Avoid logging complaints when a parameter that can only be set at - server start appears multiple times in postgresql.conf, - and fix counting of line numbers after an include_dir - directive (Tom Lane) - - - - - - - - Fix rare internal overflow in multiplication of numeric values - (Dean Rasheed) - - - - - - - - Guard against hard-to-reach stack overflows involving record types, - range types, json, jsonb, tsquery, - ltxtquery and query_int (Noah Misch) - - - - - - - - Fix handling of DOW and DOY in datetime input - (Greg Stark) - - - - These tokens aren't meant to be used in datetime values, but previously - they resulted in opaque internal error messages rather - than invalid input syntax. - - - - - - - - Add more query-cancel checks to regular expression matching (Tom Lane) - - - - - - - - Add recursion depth protections to regular expression, SIMILAR - TO, and LIKE matching (Tom Lane) - - - - Suitable search patterns and a low stack depth limit could lead to - stack-overrun crashes. - - - - - - - - Fix potential infinite loop in regular expression execution (Tom Lane) - - - - A search pattern that can apparently match a zero-length string, but - actually doesn't match because of a back reference, could lead to an - infinite loop. - - - - - - - - In regular expression execution, correctly record match data for - capturing parentheses within a quantifier even when the match is - zero-length (Tom Lane) - - - - - - - - Fix low-memory failures in regular expression compilation - (Andreas Seltenreich) - - - - - - - - Fix low-probability memory leak during regular expression execution - (Tom Lane) - - - - - - - - Fix rare low-memory failure in lock cleanup during transaction abort - (Tom Lane) - - - - - - - - Fix unexpected out-of-memory situation during sort errors - when using tuplestores with small work_mem settings (Tom - Lane) - - - - - - - - Fix very-low-probability stack overrun in qsort (Tom Lane) - - - - - - - - Fix invalid memory alloc request size failure in hash joins - with large work_mem settings (Tomas Vondra, Tom Lane) - - - - - - - - Fix assorted planner bugs (Tom Lane) - - - - These mistakes could lead to incorrect query plans that would give wrong - answers, or to assertion failures in assert-enabled builds, or to odd - planner errors such as could not devise a query plan for the - given query, could not find pathkey item to - sort, plan should not reference subplan's variable, - or failed to assign all NestLoopParams to plan nodes. - Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz - testing that exposed these problems. - - - - - - - - Improve planner's performance for UPDATE/DELETE - on large inheritance sets (Tom Lane, Dean Rasheed) - - - - - - - - Ensure standby promotion trigger files are removed at postmaster - startup (Michael Paquier, Fujii Masao) - - - - This prevents unwanted promotion from occurring if these files appear - in a database backup that is used to initialize a new standby server. - - - - - - - - During postmaster shutdown, ensure that per-socket lock files are - removed and listen sockets are closed before we remove - the postmaster.pid file (Tom Lane) - - - - This avoids race-condition failures if an external script attempts to - start a new postmaster as soon as pg_ctl stop returns. - - - - - - - - Ensure that the postmaster does not exit until all its child processes - are gone, even in an immediate shutdown (Tom Lane) - - - - Like the previous item, this avoids possible race conditions against a - subsequently-started postmaster. - - - - - - - - Fix postmaster's handling of a startup-process crash during crash - recovery (Tom Lane) - - - - If, during a crash recovery cycle, the startup process crashes without - having restored database consistency, we'd try to launch a new startup - process, which typically would just crash again, leading to an infinite - loop. - - - - - - - - Make emergency autovacuuming for multixact wraparound more robust - (Andres Freund) - - - - - - - - Do not print a WARNING when an autovacuum worker is already - gone when we attempt to signal it, and reduce log verbosity for such - signals (Tom Lane) - - - - - - - - Prevent autovacuum launcher from sleeping unduly long if the server - clock is moved backwards a large amount (Álvaro Herrera) - - - - - - - - Ensure that cleanup of a GIN index's pending-insertions list is - interruptable by cancel requests (Jeff Janes) - - - - - - - - Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas) - - - - Such a page might be left behind after a crash. - - - - - - - - Fix handling of all-zeroes pages in SP-GiST indexes (Heikki - Linnakangas) - - - - VACUUM attempted to recycle such pages, but did so in a - way that wasn't crash-safe. - - - - - - - - Fix off-by-one error that led to otherwise-harmless warnings - about apparent wraparound in subtrans/multixact truncation - (Thomas Munro) - - - - - - - - Fix misreporting of CONTINUE and MOVE statement - types in PL/pgSQL's error context messages - (Pavel Stehule, Tom Lane) - - - - - - - - Fix PL/Perl to handle non-ASCII error - message texts correctly (Alex Hunsaker) - - - - - - - - Fix PL/Python crash when returning the string - representation of a record result (Tom Lane) - - - - - - - - Fix some places in PL/Tcl that neglected to check for - failure of malloc() calls (Michael Paquier, Álvaro - Herrera) - - - - - - - - In contrib/isn, fix output of ISBN-13 numbers that begin - with 979 (Fabien Coelho) - - - - EANs beginning with 979 (but not 9790) are considered ISBNs, but they - must be printed in the new 13-digit format, not the 10-digit format. - - - - - - - - Improve contrib/pg_stat_statements' handling of - query-text garbage collection (Peter Geoghegan) - - - - The external file containing query texts could bloat to very large - sizes; once it got past 1GB attempts to trim it would fail, soon - leading to situations where the file could not be read at all. - - - - - - - - Improve contrib/postgres_fdw's handling of - collation-related decisions (Tom Lane) - - - - The main user-visible effect is expected to be that comparisons - involving varchar columns will be sent to the remote server - for execution in more cases than before. - - - - - - - - Improve libpq's handling of out-of-memory conditions - (Michael Paquier, Heikki Linnakangas) - - - - - - - - Fix memory leaks and missing out-of-memory checks - in ecpg (Michael Paquier) - - - - - - - - Fix psql's code for locale-aware formatting of numeric - output (Tom Lane) - - - - The formatting code invoked by \pset numericlocale on - did the wrong thing for some uncommon cases such as numbers with an - exponent but no decimal point. It could also mangle already-localized - output from the money data type. - - - - - - - - Prevent crash in psql's \c command when - there is no current connection (Noah Misch) - - - - - - - - Make pg_dump handle inherited NOT VALID - check constraints correctly (Tom Lane) - - - - - - - - Fix selection of default zlib compression level - in pg_dump's directory output format (Andrew Dunstan) - - - - - - - - Ensure that temporary files created during a pg_dump - run with tar-format output are not world-readable (Michael - Paquier) - - - - - - - - Fix pg_dump and pg_upgrade to support - cases where the postgres or template1 database - is in a non-default tablespace (Marti Raudsepp, Bruce Momjian) - - - - - - - - Fix pg_dump to handle object privileges sanely when - dumping from a server too old to have a particular privilege type - (Tom Lane) - - - - When dumping data types from pre-9.2 servers, and when dumping - functions or procedural languages from pre-7.3 - servers, pg_dump would - produce GRANT/REVOKE commands that revoked the - owner's grantable privileges and instead granted all privileges - to PUBLIC. Since the privileges involved are - just USAGE and EXECUTE, this isn't a security - problem, but it's certainly a surprising representation of the older - systems' behavior. Fix it to leave the default privilege state alone - in these cases. - - - - - - - - Fix pg_dump to dump shell types (Tom Lane) - - - - Shell types (that is, not-yet-fully-defined types) aren't useful for - much, but nonetheless pg_dump should dump them. - - - - - - - - Fix assorted minor memory leaks in pg_dump and other - client-side programs (Michael Paquier) - - - - - - - - Fix pgbench's progress-report behavior when a query, - or pgbench itself, gets stuck (Fabien Coelho) - - - - - - - - Fix spinlock assembly code for Alpha hardware (Tom Lane) - - - - - - - - Fix spinlock assembly code for PPC hardware to be compatible - with AIX's native assembler (Tom Lane) - - - - Building with gcc didn't work if gcc - had been configured to use the native assembler, which is becoming more - common. - - - - - - - - On AIX, test the -qlonglong compiler option - rather than just assuming it's safe to use (Noah Misch) - - - - - - - - On AIX, use -Wl,-brtllib link option to allow - symbols to be resolved at runtime (Noah Misch) - - - - Perl relies on this ability in 5.8.0 and later. - - - - - - - - Avoid use of inline functions when compiling with - 32-bit xlc, due to compiler bugs (Noah Misch) - - - - - - - - Use librt for sched_yield() when necessary, - which it is on some Solaris versions (Oskari Saarenmaa) - - - - - - - - Translate encoding UHC as Windows code page 949 - (Noah Misch) - - - - This fixes presentation of non-ASCII log messages from processes that - are not attached to any particular database, such as the postmaster. - - - - - - - - On Windows, avoid failure when doing encoding conversion to UTF16 - outside a transaction, such as for log messages (Noah Misch) - - - - - - - - Fix postmaster startup failure due to not - copying setlocale()'s return value (Noah Misch) - - - - This has been reported on Windows systems with the ANSI code page set - to CP936 (Chinese (Simplified, PRC)), and may occur with - other multibyte code pages. - - - - - - - - Fix Windows install.bat script to handle target directory - names that contain spaces (Heikki Linnakangas) - - - - - - - - Make the numeric form of the PostgreSQL version number - (e.g., 90405) readily available to extension Makefiles, - as a variable named VERSION_NUM (Michael Paquier) - - - - - - - - Update time zone data files to tzdata release 2015g for - DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk - Island, North Korea, Turkey, and Uruguay. There is a new zone name - America/Fort_Nelson for the Canadian Northern Rockies. - - - - - - - - - - Release 9.4.4 - - - Release date: - 2015-06-12 - - - - This release contains a small number of fixes from 9.4.3. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.4 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading an installation that was previously - upgraded using a pg_upgrade version between 9.3.0 and - 9.3.4 inclusive, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.4.2, - see . - - - - - Changes - - - - - - - - Fix possible failure to recover from an inconsistent database state - (Robert Haas) - - - - Recent PostgreSQL releases introduced mechanisms to - protect against multixact wraparound, but some of that code did not - account for the possibility that it would need to run during crash - recovery, when the database may not be in a consistent state. This - could result in failure to restart after a crash, or failure to start - up a secondary server. The lingering effects of a previously-fixed - bug in pg_upgrade could also cause such a failure, in - installations that had used pg_upgrade versions - between 9.3.0 and 9.3.4. - - - - The pg_upgrade bug in question was that it would - set oldestMultiXid to 1 in pg_control even - if the true value should be higher. With the fixes introduced in - this release, such a situation will result in immediate emergency - autovacuuming until a correct oldestMultiXid value can - be determined. If that would pose a hardship, users can avoid it by - doing manual vacuuming before upgrading to this release. - In detail: - - - - - Check whether pg_controldata reports Latest - checkpoint's oldestMultiXid to be 1. If not, there's nothing - to do. - - - - - Look in PGDATA/pg_multixact/offsets to see if there's a - file named 0000. If there is, there's nothing to do. - - - - - Otherwise, for each table that has - pg_class.relminmxid equal to 1, - VACUUM that table with - both - and set to - zero. (You can use the vacuum cost delay parameters described - in to reduce - the performance consequences for concurrent sessions.) - - - - - - - - - - - Fix rare failure to invalidate relation cache init file (Tom Lane) - - - - With just the wrong timing of concurrent activity, a VACUUM - FULL on a system catalog might fail to update the init file - that's used to avoid cache-loading work for new sessions. This would - result in later sessions being unable to access that catalog at all. - This is a very ancient bug, but it's so hard to trigger that no - reproducible case had been seen until recently. - - - - - - - - Avoid deadlock between incoming sessions and CREATE/DROP - DATABASE (Tom Lane) - - - - A new session starting in a database that is the target of - a DROP DATABASE command, or is the template for - a CREATE DATABASE command, could cause the command to wait - for five seconds and then fail, even if the new session would have - exited before that. - - - - - - - - Improve planner's cost estimates for semi-joins and anti-joins with - inner indexscans (Tom Lane, Tomas Vondra) - - - - This type of plan is quite cheap when all the join clauses are used - as index scan conditions, even if the inner scan would nominally - fetch many rows, because the executor will stop after obtaining one - row. The planner only partially accounted for that effect, and would - therefore overestimate the cost, leading it to possibly choose some - other much less efficient plan type. - - - - - - - - - - Release 9.4.3 - - - Release date: - 2015-06-04 - - - - This release contains a small number of fixes from 9.4.2. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.3 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are upgrading from a version earlier than 9.4.2, - see . - - - - - Changes - - - - - - - - Avoid failures while fsync'ing data directory during - crash restart (Abhijit Menon-Sen, Tom Lane) - - - - In the previous minor releases we added a patch to fsync - everything in the data directory after a crash. Unfortunately its - response to any error condition was to fail, thereby preventing the - server from starting up, even when the problem was quite harmless. - An example is that an unwritable file in the data directory would - prevent restart on some platforms; but it is common to make SSL - certificate files unwritable by the server. Revise this behavior so - that permissions failures are ignored altogether, and other types of - failures are logged but do not prevent continuing. - - - - Also apply the same rules in initdb --sync-only. - This case is less critical but it should act similarly. - - - - - - - - Fix pg_get_functiondef() to show - functions' LEAKPROOF property, if set (Jeevan Chalke) - - - - - - - - Fix pushJsonbValue() to unpack jbvBinary - objects (Andrew Dunstan) - - - - This change does not affect any behavior in the core code as of 9.4, - but it avoids a corner case for possible third-party callers. - - - - - - - - Remove configure's check prohibiting linking to a - threaded libpython - on OpenBSD (Tom Lane) - - - - The failure this restriction was meant to prevent seems to not be a - problem anymore on current OpenBSD - versions. - - - - - - - - - - Release 9.4.2 - - - Release date: - 2015-05-22 - - - - This release contains a variety of fixes from 9.4.1. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.2 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you use contrib/citext's - regexp_matches() functions, see the changelog entry below - about that. - - - - Also, if you are upgrading from a version earlier than 9.4.1, - see . - - - - - Changes - - - - - - - - Avoid possible crash when client disconnects just before the - authentication timeout expires (Benkocs Norbert Attila) - - - - If the timeout interrupt fired partway through the session shutdown - sequence, SSL-related state would be freed twice, typically causing a - crash and hence denial of service to other sessions. Experimentation - shows that an unauthenticated remote attacker could trigger the bug - somewhat consistently, hence treat as security issue. - (CVE-2015-3165) - - - - - - - - Improve detection of system-call failures (Noah Misch) - - - - Our replacement implementation of snprintf() failed to - check for errors reported by the underlying system library calls; - the main case that might be missed is out-of-memory situations. - In the worst case this might lead to information exposure, due to our - code assuming that a buffer had been overwritten when it hadn't been. - Also, there were a few places in which security-relevant calls of other - system library functions did not check for failure. - - - - It remains possible that some calls of the *printf() - family of functions are vulnerable to information disclosure if an - out-of-memory error occurs at just the wrong time. We judge the risk - to not be large, but will continue analysis in this area. - (CVE-2015-3166) - - - - - - - - In contrib/pgcrypto, uniformly report decryption failures - as Wrong key or corrupt data (Noah Misch) - - - - Previously, some cases of decryption with an incorrect key could report - other error message texts. It has been shown that such variance in - error reports can aid attackers in recovering keys from other systems. - While it's unknown whether pgcrypto's specific behaviors - are likewise exploitable, it seems better to avoid the risk by using a - one-size-fits-all message. - (CVE-2015-3167) - - - - - - - - Protect against wraparound of multixact member IDs - (Álvaro Herrera, Robert Haas, Thomas Munro) - - - - Under certain usage patterns, the existing defenses against this might - be insufficient, allowing pg_multixact/members files to be - removed too early, resulting in data loss. - The fix for this includes modifying the server to fail transactions - that would result in overwriting old multixact member ID data, and - improving autovacuum to ensure it will act proactively to prevent - multixact member ID wraparound, as it does for transaction ID - wraparound. - - - - - - - - Fix incorrect declaration of contrib/citext's - regexp_matches() functions (Tom Lane) - - - - These functions should return setof text[], like the core - functions they are wrappers for; but they were incorrectly declared as - returning just text[]. This mistake had two results: first, - if there was no match you got a scalar null result, whereas what you - should get is an empty set (zero rows). Second, the g flag - was effectively ignored, since you would get only one result array even - if there were multiple matches. - - - - While the latter behavior is clearly a bug, there might be applications - depending on the former behavior; therefore the function declarations - will not be changed by default until PostgreSQL 9.5. - In pre-9.5 branches, the old behavior exists in version 1.0 of - the citext extension, while we have provided corrected - declarations in version 1.1 (which is not installed by - default). To adopt the fix in pre-9.5 branches, execute - ALTER EXTENSION citext UPDATE TO '1.1' in each database in - which citext is installed. (You can also update - back to 1.0 if you need to undo that.) Be aware that either update - direction will require dropping and recreating any views or rules that - use citext's regexp_matches() functions. - - - - - - - - Render infinite dates and timestamps as infinity when - converting to json, rather than throwing an error - (Andrew Dunstan) - - - - - - - - Fix json/jsonb's populate_record() - and to_record() functions to handle empty input properly - (Andrew Dunstan) - - - - - - - - Fix incorrect checking of deferred exclusion constraints after a HOT - update (Tom Lane) - - - - If a new row that potentially violates a deferred exclusion constraint - is HOT-updated (that is, no indexed columns change and the row can be - stored back onto the same table page) later in the same transaction, - the exclusion constraint would be reported as violated when the check - finally occurred, even if the row(s) the new row originally conflicted - with had been deleted. - - - - - - - - Fix behavior when changing foreign key constraint deferrability status - with ALTER TABLE ... ALTER CONSTRAINT (Tom Lane) - - - - Operations later in the same session or concurrent sessions might not - honor the status change promptly. - - - - - - - - Fix planning of star-schema-style queries (Tom Lane) - - - - Sometimes, efficient scanning of a large table requires that index - parameters be provided from more than one other table (commonly, - dimension tables whose keys are needed to index a large fact table). - The planner should be able to find such plans, but an overly - restrictive search heuristic prevented it. - - - - - - - - Prevent improper reordering of antijoins (NOT EXISTS joins) versus - other outer joins (Tom Lane) - - - - This oversight in the planner has been observed to cause could - not find RelOptInfo for given relids errors, but it seems possible - that sometimes an incorrect query plan might get past that consistency - check and result in silently-wrong query output. - - - - - - - - Fix incorrect matching of subexpressions in outer-join plan nodes - (Tom Lane) - - - - Previously, if textually identical non-strict subexpressions were used - both above and below an outer join, the planner might try to re-use - the value computed below the join, which would be incorrect because the - executor would force the value to NULL in case of an unmatched outer row. - - - - - - - - Fix GEQO planner to cope with failure of its join order heuristic - (Tom Lane) - - - - This oversight has been seen to lead to failed to join all - relations together errors in queries involving LATERAL, - and that might happen in other cases as well. - - - - - - - - Ensure that row locking occurs properly when the target of - an UPDATE or DELETE is a security-barrier view - (Stephen Frost) - - - - - - - - Use a file opened for read/write when syncing replication slot data - during database startup (Andres Freund) - - - - On some platforms, the previous coding could result in errors like - could not fsync file "pg_replslot/...": Bad file descriptor. - - - - - - - - Fix possible deadlock at startup - when max_prepared_transactions is too small - (Heikki Linnakangas) - - - - - - - - Don't archive useless preallocated WAL files after a timeline switch - (Heikki Linnakangas) - - - - - - - - Recursively fsync() the data directory after a crash - (Abhijit Menon-Sen, Robert Haas) - - - - This ensures consistency if another crash occurs shortly later. (The - second crash would have to be a system-level crash, not just a database - crash, for there to be a problem.) - - - - - - - - Fix autovacuum launcher's possible failure to shut down, if an error - occurs after it receives SIGTERM (Álvaro Herrera) - - - - - - - - Fix failure to handle invalidation messages for system catalogs - early in session startup (Tom Lane) - - - - This oversight could result in failures in sessions that start - concurrently with a VACUUM FULL on a system catalog. - - - - - - - - Fix crash in BackendIdGetTransactionIds() when trying - to get status for a backend process that just exited (Tom Lane) - - - - - - - - Cope with unexpected signals in LockBufferForCleanup() - (Andres Freund) - - - - This oversight could result in spurious errors about multiple - backends attempting to wait for pincount 1. - - - - - - - - Fix crash when doing COPY IN to a table with check - constraints that contain whole-row references (Tom Lane) - - - - The known failure case only crashes in 9.4 and up, but there is very - similar code in 9.3 and 9.2, so back-patch those branches as well. - - - - - - - - Avoid waiting for WAL flush or synchronous replication during commit of - a transaction that was read-only so far as the user is concerned - (Andres Freund) - - - - Previously, a delay could occur at commit in transactions that had - written WAL due to HOT page pruning, leading to undesirable effects - such as sessions getting stuck at startup if all synchronous replicas - are down. Sessions have also been observed to get stuck in catchup - interrupt processing when using synchronous replication; this will fix - that problem as well. - - - - - - - - Avoid busy-waiting with short recovery_min_apply_delay - values (Andres Freund) - - - - - - - - Fix crash when manipulating hash indexes on temporary tables - (Heikki Linnakangas) - - - - - - - - Fix possible failure during hash index bucket split, if other processes - are modifying the index concurrently (Tom Lane) - - - - - - - - Fix memory leaks in GIN index vacuum (Heikki Linnakangas) - - - - - - - - Check for interrupts while analyzing index expressions (Jeff Janes) - - - - ANALYZE executes index expressions many times; if there are - slow functions in such an expression, it's desirable to be able to - cancel the ANALYZE before that loop finishes. - - - - - - - - Ensure tableoid of a foreign table is reported - correctly when a READ COMMITTED recheck occurs after - locking rows in SELECT FOR UPDATE, UPDATE, - or DELETE (Etsuro Fujita) - - - - - - - - Add the name of the target server to object description strings for - foreign-server user mappings (Álvaro Herrera) - - - - - - - - Include the schema name in object identity strings for conversions - (Álvaro Herrera) - - - - - - - - Recommend setting include_realm to 1 when using - Kerberos/GSSAPI/SSPI authentication (Stephen Frost) - - - - Without this, identically-named users from different realms cannot be - distinguished. For the moment this is only a documentation change, but - it will become the default setting in PostgreSQL 9.5. - - - - - - - - Remove code for matching IPv4 pg_hba.conf entries to - IPv4-in-IPv6 addresses (Tom Lane) - - - - This hack was added in 2003 in response to a report that some Linux - kernels of the time would report IPv4 connections as having - IPv4-in-IPv6 addresses. However, the logic was accidentally broken in - 9.0. The lack of any field complaints since then shows that it's not - needed anymore. Now we have reports that the broken code causes - crashes on some systems, so let's just remove it rather than fix it. - (Had we chosen to fix it, that would make for a subtle and potentially - security-sensitive change in the effective meaning of - IPv4 pg_hba.conf entries, which does not seem like a good - thing to do in minor releases.) - - - - - - - - Fix status reporting for terminated background workers that were never - actually started (Robert Haas) - - - - - - - - After a database crash, don't restart background workers that are - marked BGW_NEVER_RESTART (Amit Khandekar) - - - - - - - - Report WAL flush, not insert, position in IDENTIFY_SYSTEM - replication command (Heikki Linnakangas) - - - - This avoids a possible startup failure - in pg_receivexlog. - - - - - - - - While shutting down service on Windows, periodically send status - updates to the Service Control Manager to prevent it from killing the - service too soon; and ensure that pg_ctl will wait for - shutdown (Krystian Bigaj) - - - - - - - - Reduce risk of network deadlock when using libpq's - non-blocking mode (Heikki Linnakangas) - - - - When sending large volumes of data, it's important to drain the input - buffer every so often, in case the server has sent enough response data - to cause it to block on output. (A typical scenario is that the server - is sending a stream of NOTICE messages during COPY FROM - STDIN.) This worked properly in the normal blocking mode, but not - so much in non-blocking mode. We've modified libpq - to opportunistically drain input when it can, but a full defense - against this problem requires application cooperation: the application - should watch for socket read-ready as well as write-ready conditions, - and be sure to call PQconsumeInput() upon read-ready. - - - - - - - - In libpq, fix misparsing of empty values in URI - connection strings (Thomas Fanghaenel) - - - - - - - - Fix array handling in ecpg (Michael Meskes) - - - - - - - - Fix psql to sanely handle URIs and conninfo strings as - the first parameter to \connect - (David Fetter, Andrew Dunstan, Álvaro Herrera) - - - - This syntax has been accepted (but undocumented) for a long time, but - previously some parameters might be taken from the old connection - instead of the given string, which was agreed to be undesirable. - - - - - - - - Suppress incorrect complaints from psql on some - platforms that it failed to write ~/.psql_history at exit - (Tom Lane) - - - - This misbehavior was caused by a workaround for a bug in very old - (pre-2006) versions of libedit. We fixed it by - removing the workaround, which will cause a similar failure to appear - for anyone still using such versions of libedit. - Recommendation: upgrade that library, or use libreadline. - - - - - - - - Fix pg_dump's rule for deciding which casts are - system-provided casts that should not be dumped (Tom Lane) - - - - - - - - In pg_dump, fix failure to honor -Z - compression level option together with -Fd - (Michael Paquier) - - - - - - - - Make pg_dump consider foreign key relationships - between extension configuration tables while choosing dump order - (Gilles Darold, Michael Paquier, Stephen Frost) - - - - This oversight could result in producing dumps that fail to reload - because foreign key constraints are transiently violated. - - - - - - - - Avoid possible pg_dump failure when concurrent sessions - are creating and dropping temporary functions (Tom Lane) - - - - - - - - Fix dumping of views that are just VALUES(...) but have - column aliases (Tom Lane) - - - - - - - - Ensure that a view's replication identity is correctly set - to nothing during dump/restore (Marko Tiikkaja) - - - - Previously, if the view was involved in a circular dependency, - it might wind up with an incorrect replication identity property. - - - - - - - - In pg_upgrade, force timeline 1 in the new cluster - (Bruce Momjian) - - - - This change prevents upgrade failures caused by bogus complaints about - missing WAL history files. - - - - - - - - In pg_upgrade, check for improperly non-connectable - databases before proceeding - (Bruce Momjian) - - - - - - - - In pg_upgrade, quote directory paths - properly in the generated delete_old_cluster script - (Bruce Momjian) - - - - - - - - In pg_upgrade, preserve database-level freezing info - properly - (Bruce Momjian) - - - - This oversight could cause missing-clog-file errors for tables within - the postgres and template1 databases. - - - - - - - - Run pg_upgrade and pg_resetxlog with - restricted privileges on Windows, so that they don't fail when run by - an administrator (Muhammad Asif Naeem) - - - - - - - - Improve handling of readdir() failures when scanning - directories in initdb and pg_basebackup - (Marco Nenciarini) - - - - - - - - Fix slow sorting algorithm in contrib/intarray (Tom Lane) - - - - - - - - Fix compile failure on Sparc V8 machines (Rob Rowan) - - - - - - - - Silence some build warnings on macOS (Tom Lane) - - - - - - - - Update time zone data files to tzdata release 2015d - for DST law changes in Egypt, Mongolia, and Palestine, plus historical - changes in Canada and Chile. Also adopt revised zone abbreviations for - the America/Adak zone (HST/HDT not HAST/HADT). - - - - - - - - - - Release 9.4.1 - - - Release date: - 2015-02-05 - - - - This release contains a variety of fixes from 9.4.0. - For information about new features in the 9.4 major release, see - . - - - - Migration to Version 9.4.1 - - - A dump/restore is not required for those running 9.4.X. - - - - However, if you are a Windows user and are using the Norwegian - (Bokmål) locale, manual action is needed after the upgrade to - replace any Norwegian (Bokmål)_Norway - or norwegian-bokmal locale names stored - in PostgreSQL system catalogs with the plain-ASCII - alias Norwegian_Norway. For details see - - - - - - Changes - - - - - - - - Fix buffer overruns in to_char() - (Bruce Momjian) - - - - When to_char() processes a numeric formatting template - calling for a large number of digits, PostgreSQL - would read past the end of a buffer. When processing a crafted - timestamp formatting template, PostgreSQL would write - past the end of a buffer. Either case could crash the server. - We have not ruled out the possibility of attacks that lead to - privilege escalation, though they seem unlikely. - (CVE-2015-0241) - - - - - - - - Fix buffer overrun in replacement *printf() functions - (Tom Lane) - - - - PostgreSQL includes a replacement implementation - of printf and related functions. This code will overrun - a stack buffer when formatting a floating point number (conversion - specifiers e, E, f, F, - g or G) with requested precision greater than - about 500. This will crash the server, and we have not ruled out the - possibility of attacks that lead to privilege escalation. - A database user can trigger such a buffer overrun through - the to_char() SQL function. While that is the only - affected core PostgreSQL functionality, extension - modules that use printf-family functions may be at risk as well. - - - - This issue primarily affects PostgreSQL on Windows. - PostgreSQL uses the system implementation of these - functions where adequate, which it is on other modern platforms. - (CVE-2015-0242) - - - - - - - - Fix buffer overruns in contrib/pgcrypto - (Marko Tiikkaja, Noah Misch) - - - - Errors in memory size tracking within the pgcrypto - module permitted stack buffer overruns and improper dependence on the - contents of uninitialized memory. The buffer overrun cases can - crash the server, and we have not ruled out the possibility of - attacks that lead to privilege escalation. - (CVE-2015-0243) - - - - - - - - Fix possible loss of frontend/backend protocol synchronization after - an error - (Heikki Linnakangas) - - - - If any error occurred while the server was in the middle of reading a - protocol message from the client, it could lose synchronization and - incorrectly try to interpret part of the message's data as a new - protocol message. An attacker able to submit crafted binary data - within a command parameter might succeed in injecting his own SQL - commands this way. Statement timeout and query cancellation are the - most likely sources of errors triggering this scenario. Particularly - vulnerable are applications that use a timeout and also submit - arbitrary user-crafted data as binary query parameters. Disabling - statement timeout will reduce, but not eliminate, the risk of - exploit. Our thanks to Emil Lenngren for reporting this issue. - (CVE-2015-0244) - - - - - - - - Fix information leak via constraint-violation error messages - (Stephen Frost) - - - - Some server error messages show the values of columns that violate - a constraint, such as a unique constraint. If the user does not have - SELECT privilege on all columns of the table, this could - mean exposing values that the user should not be able to see. Adjust - the code so that values are displayed only when they came from the SQL - command or could be selected by the user. - (CVE-2014-8161) - - - - - - - - Lock down regression testing's temporary installations on Windows - (Noah Misch) - - - - Use SSPI authentication to allow connections only from the OS user - who launched the test suite. This closes on Windows the same - vulnerability previously closed on other platforms, namely that other - users might be able to connect to the test postmaster. - (CVE-2014-0067) - - - - - - - - Cope with the Windows locale named Norwegian (Bokmål) - (Heikki Linnakangas) - - - - Non-ASCII locale names are problematic since it's not clear what - encoding they should be represented in. Map the troublesome locale - name to a plain-ASCII alias, Norwegian_Norway. - - - - 9.4.0 mapped the troublesome name to norwegian-bokmal, - but that turns out not to work on all Windows configurations. - Norwegian_Norway is now recommended instead. - - - - - - - - Fix use-of-already-freed-memory problem in EvalPlanQual processing - (Tom Lane) - - - - In READ COMMITTED mode, queries that lock or update - recently-updated rows could crash as a result of this bug. - - - - - - - - Avoid possible deadlock while trying to acquire tuple locks - in EvalPlanQual processing (Álvaro Herrera, Mark Kirkwood) - - - - - - - - Fix failure to wait when a transaction tries to acquire a FOR - NO KEY EXCLUSIVE tuple lock, while multiple other transactions - currently hold FOR SHARE locks (Álvaro Herrera) - - - - - - - - Improve performance of EXPLAIN with large range tables - (Tom Lane) - - - - - - - - Fix jsonb Unicode escape processing, and in consequence - disallow \u0000 (Tom Lane) - - - - Previously, the JSON Unicode escape \u0000 was accepted - and was stored as those six characters; but that is indistinguishable - from what is stored for the input \\u0000, resulting in - ambiguity. Moreover, in cases where de-escaped textual output is - expected, such as the ->> operator, the sequence was - printed as \u0000, which does not meet the expectation - that JSON escaping would be removed. (Consistent behavior would - require emitting a zero byte, but PostgreSQL does not - support zero bytes embedded in text strings.) 9.4.0 included an - ill-advised attempt to improve this situation by adjusting JSON output - conversion rules; but of course that could not fix the fundamental - ambiguity, and it turned out to break other usages of Unicode escape - sequences. Revert that, and to avoid the core problem, - reject \u0000 in jsonb input. - - - - If a jsonb column contains a \u0000 value stored - with 9.4.0, it will henceforth read out as though it - were \\u0000, which is the other valid interpretation of - the data stored by 9.4.0 for this case. - - - - The json type did not have the storage-ambiguity problem, but - it did have the problem of inconsistent de-escaped textual output. - Therefore \u0000 will now also be rejected - in json values when conversion to de-escaped form is - required. This change does not break the ability to - store \u0000 in json columns so long as no - processing is done on the values. This is exactly parallel to the - cases in which non-ASCII Unicode escapes are allowed when the database - encoding is not UTF8. - - - - - - - - Fix namespace handling in xpath() (Ali Akbar) - - - - Previously, the xml value resulting from - an xpath() call would not have namespace declarations if - the namespace declarations were attached to an ancestor element in the - input xml value, rather than to the specific element being - returned. Propagate the ancestral declaration so that the result is - correct when considered in isolation. - - - - - - - - Fix assorted oversights in range-operator selectivity estimation - (Emre Hasegeli) - - - - This patch fixes corner-case unexpected operator NNNN planner - errors, and improves the selectivity estimates for some other cases. - - - - - - - - Revert unintended reduction in maximum size of a GIN index item - (Heikki Linnakangas) - - - - 9.4.0 could fail with index row size exceeds maximum errors - for data that previous versions would accept. - - - - - - - - Fix query-duration memory leak during repeated GIN index rescans - (Heikki Linnakangas) - - - - - - - - Fix possible crash when using - nonzero gin_fuzzy_search_limit (Heikki Linnakangas) - - - - - - - - Assorted fixes for logical decoding (Andres Freund) - - - - - - - - Fix incorrect replay of WAL parameter change records that report - changes in the wal_log_hints setting (Petr Jelinek) - - - - - - - - Change pgstat wait timeout warning message to be LOG level, - and rephrase it to be more understandable (Tom Lane) - - - - This message was originally thought to be essentially a can't-happen - case, but it occurs often enough on our slower buildfarm members to be - a nuisance. Reduce it to LOG level, and expend a bit more effort on - the wording: it now reads using stale statistics instead of - current ones because stats collector is not responding. - - - - - - - - Warn if macOS's setlocale() starts an unwanted extra - thread inside the postmaster (Noah Misch) - - - - - - - - Fix libpq's behavior when /etc/passwd - isn't readable (Tom Lane) - - - - While doing PQsetdbLogin(), libpq - attempts to ascertain the user's operating system name, which on most - Unix platforms involves reading /etc/passwd. As of 9.4, - failure to do that was treated as a hard error. Restore the previous - behavior, which was to fail only if the application does not provide a - database role name to connect as. This supports operation in chroot - environments that lack an /etc/passwd file. - - - - - - - - Improve consistency of parsing of psql's special - variables (Tom Lane) - - - - Allow variant spellings of on and off (such - as 1/0) for ECHO_HIDDEN - and ON_ERROR_ROLLBACK. Report a warning for unrecognized - values for COMP_KEYWORD_CASE, ECHO, - ECHO_HIDDEN, HISTCONTROL, - ON_ERROR_ROLLBACK, and VERBOSITY. Recognize - all values for all these variables case-insensitively; previously - there was a mishmash of case-sensitive and case-insensitive behaviors. - - - - - - - - Fix pg_dump to handle comments on event triggers - without failing (Tom Lane) - - - - - - - - Allow parallel pg_dump to - use - - - - - - - Prevent WAL files created by pg_basebackup -x/-X from - being archived again when the standby is promoted (Andres Freund) - - - - - - - - Handle unexpected query results, especially NULLs, safely in - contrib/tablefunc's connectby() - (Michael Paquier) - - - - connectby() previously crashed if it encountered a NULL - key value. It now prints that row but doesn't recurse further. - - - - - - - - Numerous cleanups of warnings from Coverity static code analyzer - (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) - - - - These changes are mostly cosmetic but in some cases fix corner-case - bugs, for example a crash rather than a proper error report after an - out-of-memory failure. None are believed to represent security - issues. - - - - - - - - Allow CFLAGS from configure's environment - to override automatically-supplied CFLAGS (Tom Lane) - - - - Previously, configure would add any switches that it - chose of its own accord to the end of the - user-specified CFLAGS string. Since most compilers - process switches left-to-right, this meant that configure's choices - would override the user-specified flags in case of conflicts. That - should work the other way around, so adjust the logic to put the - user's string at the end not the beginning. - - - - - - - - Make pg_regress remove any temporary installation it - created upon successful exit (Tom Lane) - - - - This results in a very substantial reduction in disk space usage - during make check-world, since that sequence involves - creation of numerous temporary installations. - - - - - - - - Add CST (China Standard Time) to our lists of timezone abbreviations - (Tom Lane) - - - - - - - - Update time zone data files to tzdata release 2015a - for DST law changes in Chile and Mexico, plus historical changes in - Iceland. - - - - - - - - - - Release 9.4 - - - Release date: - 2014-12-18 - - - - Overview - - - Major enhancements in PostgreSQL 9.4 include: - - - - - - - - - Add jsonb, a more - capable and efficient data type for storing JSON data - - - - - - Add new SQL command - for changing postgresql.conf configuration file entries - - - - - - Reduce lock strength for some - commands - - - - - - Allow materialized views - to be refreshed without blocking concurrent reads - - - - - - Add support for logical decoding - of WAL data, to allow database changes to be streamed out in a - customizable format - - - - - - Allow background worker processes - to be dynamically registered, started and terminated - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.4 - - - A dump/restore using , or use - of , is required for those wishing to migrate - data from any previous release. - - - - Version 9.4 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - - - - Tighten checks for multidimensional array input (Bruce Momjian) - - - - Previously, an input array string that started with a single-element - sub-array could later contain multi-element sub-arrays, - e.g. '{{1}, {2,3}}'::int[] would be accepted. - - - - - - When converting values of type date, timestamp - or timestamptz - to JSON, render the - values in a format compliant with ISO 8601 (Andrew Dunstan) - - - - Previously such values were rendered according to the current - setting; but many JSON processors - require timestamps to be in ISO 8601 format. If necessary, the - previous behavior can be obtained by explicitly casting the datetime - value to text before passing it to the JSON conversion - function. - - - - - - The json - #> text[] path extraction operator now - returns its lefthand input, not NULL, if the array is empty (Tom Lane) - - - - This is consistent with the notion that this represents zero - applications of the simple field/element extraction - operator ->. Similarly, json - #>> text[] with an empty array merely - coerces its lefthand input to text. - - - - - - Corner cases in - the JSON - field/element/path extraction operators now return NULL rather - than raising an error (Tom Lane) - - - - For example, applying field extraction to a JSON array now yields NULL - not an error. This is more consistent (since some comparable cases such - as no-such-field already returned NULL), and it makes it safe to create - expression indexes that use these operators, since they will now not - throw errors for any valid JSON input. - - - - - - Cause consecutive whitespace in to_timestamp() - and to_date() format strings to consume a corresponding - number of characters in the input string (whitespace or not), then - conditionally consume adjacent whitespace, if not in FX - mode (Jeevan Chalke) - - - - Previously, consecutive whitespace characters in a non-FX - format string behaved like a single whitespace character and consumed - all adjacent whitespace in the input string. For example, previously - a format string of three spaces would consume only the first space in - ' 12', but it will now consume all three characters. - - - - - - Fix ts_rank_cd() - to ignore stripped lexemes (Alex Hill) - - - - Previously, stripped lexemes were treated as if they had a default - location, producing a rank of dubious usefulness. - - - - - - For functions declared to - take VARIADIC - "any", an actual parameter marked as VARIADIC - must be of a determinable array type (Pavel Stehule) - - - - Such parameters can no longer be written as an undecorated string - literal or NULL; a cast to an appropriate array data type - will now be required. Note that this does not affect parameters not - marked VARIADIC. - - - - - - Ensure that whole-row variables expose the expected column names - to functions that pay attention to column names within composite - arguments (Tom Lane) - - - - Constructs like row_to_json(tab.*) now always emit column - names that match the column aliases visible for table tab - at the point of the call. In previous releases the emitted column - names would sometimes be the table's actual column names regardless - of any aliases assigned in the query. - - - - - - now also discards sequence-related state - (Fabrízio de Royes Mello, Robert Haas) - - - - - - Rename EXPLAIN - ANALYZE's total runtime output - to execution time (Tom Lane) - - - - Now that planning time is also reported, the previous name was - confusing. - - - - - - SHOW TIME ZONE now - outputs simple numeric UTC offsets in POSIX timezone - format (Tom Lane) - - - - Previously, such timezone settings were displayed as interval values. - The new output is properly interpreted by SET TIME ZONE - when passed as a simple string, whereas the old output required - special treatment to be re-parsed correctly. - - - - - - Foreign data wrappers that support updating foreign tables must - consider the possible presence of AFTER ROW triggers - (Noah Misch) - - - - When an AFTER ROW trigger is present, all columns of the - table must be returned by updating actions, since the trigger might - inspect any or all of them. Previously, foreign tables never had - triggers, so the FDW might optimize away fetching columns not mentioned - in the RETURNING clause (if any). - - - - - - Prevent CHECK - constraints from referencing system columns, except - tableoid (Amit Kapila) - - - - Previously such check constraints were allowed, but they would often - cause errors during restores. - - - - - - Use the last specified recovery - target parameter if multiple target parameters are specified - (Heikki Linnakangas) - - - - Previously, there was an undocumented precedence order among - the recovery_target_xxx parameters. - - - - - - On Windows, automatically preserve quotes in command strings supplied - by the user (Heikki Linnakangas) - - - - User commands that did their own quote preservation might need - adjustment. This is likely to be an issue for commands used in - , , - and COPY TO/FROM PROGRAM. - - - - - - Remove catalog column pg_class.reltoastidxid - (Michael Paquier) - - - - - - Remove catalog column pg_rewrite.ev_attr - (Kevin Grittner) - - - - Per-column rules have not been supported since - PostgreSQL 7.3. - - - - - - Remove native support for Kerberos authentication - ( - - - The supported way to use Kerberos authentication is - with GSSAPI. The native code has been deprecated since - PostgreSQL 8.3. - - - - - - In PL/Python, handle domains over arrays like the - underlying array type (Rodolfo Campero) - - - - Previously such values were treated as strings. - - - - - - Make libpq's PQconnectdbParams() - and PQpingParams() - functions process zero-length strings as defaults (Adrian - Vondendriesch) - - - - Previously, these functions treated zero-length string values as - selecting the default in only some cases. - - - - - - Change empty arrays returned by the module - to be zero-dimensional arrays (Bruce Momjian) - - - - Previously, empty arrays were returned as zero-length one-dimensional - arrays, whose text representation looked the same as zero-dimensional - arrays ({}), but they acted differently in array - operations. intarray's behavior in this area now - matches the built-in array operators. - - - - - - now uses - - - Previously this option was spelled - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.4 and the previous major - release. - - - - Server - - - - - - Allow background worker processes - to be dynamically registered, started and terminated (Robert Haas) - - - - The new worker_spi module shows an example of use - of this feature. - - - - - - Allow dynamic allocation of shared memory segments (Robert Haas, - Amit Kapila) - - - - This feature is illustrated in the test_shm_mq - module. - - - - - - During crash recovery or immediate shutdown, send uncatchable - termination signals (SIGKILL) to child processes - that do not shut down promptly (MauMau, Álvaro Herrera) - - - - This reduces the likelihood of leaving orphaned child processes - behind after shutdown, as well - as ensuring that crash recovery can proceed if some child processes - have become stuck. - - - - - - Improve randomness of the database system identifier (Tom Lane) - - - - - - Make properly report dead but - not-yet-removable rows to the statistics collector (Hari Babu) - - - - Previously these were reported as live rows. - - - - - - - Indexes - - - - - - Reduce GIN index size - (Alexander Korotkov, Heikki Linnakangas) - - - - Indexes upgraded via will work fine - but will still be in the old, larger GIN format. - Use to recreate old GIN indexes in the - new format. - - - - - - Improve speed of multi-key GIN lookups (Alexander Korotkov, - Heikki Linnakangas) - - - - - - Add GiST index support - for inet and - cidr data types - (Emre Hasegeli) - - - - Such indexes improve subnet and supernet - lookups and ordering comparisons. - - - - - - Fix rare race condition in B-tree page deletion (Heikki Linnakangas) - - - - - - Make the handling of interrupted B-tree page splits more robust - (Heikki Linnakangas) - - - - - - - - - General Performance - - - - - - Allow multiple backends to insert - into WAL buffers - concurrently (Heikki Linnakangas) - - - - This improves parallel write performance. - - - - - - Conditionally write only the modified portion of updated rows to - WAL (Amit Kapila) - - - - - - Improve performance of aggregate functions used as window functions - (David Rowley, Florian Pflug, Tom Lane) - - - - - - Improve speed of aggregates that - use numeric state - values (Hadi Moshayedi) - - - - - - Attempt to freeze - tuples when tables are rewritten with or VACUUM FULL (Robert Haas, - Andres Freund) - - - - This can avoid the need to freeze the tuples in the future. - - - - - - Improve speed of with default nextval() - columns (Simon Riggs) - - - - - - Improve speed of accessing many different sequences in the same session - (David Rowley) - - - - - - Raise hard limit on the number of tuples held in memory during sorting - and B-tree index builds (Noah Misch) - - - - - - Reduce memory allocated by PL/pgSQL - blocks (Tom Lane) - - - - - - Make the planner more aggressive about extracting restriction clauses - from mixed AND/OR clauses (Tom Lane) - - - - - - Disallow pushing volatile WHERE clauses down - into DISTINCT subqueries (Tom Lane) - - - - Pushing down a WHERE clause can produce a more - efficient plan overall, but at the cost of evaluating the clause - more often than is implied by the text of the query; so don't do it - if the clause contains any volatile functions. - - - - - - Auto-resize the catalog caches (Heikki Linnakangas) - - - - This reduces memory consumption for sessions accessing only a few - tables, and improves performance for sessions accessing many tables. - - - - - - - - - Monitoring - - - - - - Add system view to - report WAL archiver activity - (Gabriele Bartolini) - - - - - - Add n_mod_since_analyze columns to - and related system views - (Mark Kirkwood) - - - - These columns expose the system's estimate of the number of changed - tuples since the table's last . This - estimate drives decisions about when to auto-analyze. - - - - - - Add backend_xid and backend_xmin - columns to the system view , - and a backend_xmin column to - (Christian Kruse) - - - - - - - - - <acronym>SSL</> - - - - - - Add support for SSL ECDH key exchange - (Marko Kreen) - - - - This allows use of Elliptic Curve keys for server authentication. - Such keys are faster and have better security than RSA - keys. The new configuration parameter - - controls which curve is used for ECDH. - - - - - - Improve the default setting - (Marko Kreen) - - - - - - By default, the server not the client now controls the preference - order of SSL ciphers - (Marko Kreen) - - - - Previously, the order specified by - was usually ignored in favor of client-side defaults, which are not - configurable in most PostgreSQL clients. If - desired, the old behavior can be restored via the new configuration - parameter . - - - - - - Make show SSL - encryption information (Andreas Kunert) - - - - - - Improve SSL renegotiation handling (Álvaro - Herrera) - - - - - - - - - Server Settings - - - - - - Add new SQL command - for changing postgresql.conf configuration file entries - (Amit Kapila) - - - - Previously such settings could only be changed by manually - editing postgresql.conf. - - - - - - Add configuration parameter - to control the amount of memory used by autovacuum workers - (Peter Geoghegan) - - - - - - Add parameter to allow using huge - memory pages on Linux (Christian Kruse, Richard Poole, Abhijit - Menon-Sen) - - - - This can improve performance on large-memory systems. - - - - - - Add parameter - to limit the number of background workers (Robert Haas) - - - - This is helpful in configuring a standby server to have the - required number of worker processes (the same as the primary). - - - - - - Add superuser-only - parameter to load libraries at session start (Peter Eisentraut) - - - - In contrast to , this - parameter can load any shared library, not just those in - the $libdir/plugins directory. - - - - - - Add parameter to enable WAL - logging of hint-bit changes (Sawada Masahiko) - - - - Hint bit changes are not normally logged, except when checksums are - enabled. This is useful for external tools - like pg_rewind. - - - - - - Increase the default settings of - and by four times (Bruce - Momjian) - - - - The new defaults are 4MB and 64MB respectively. - - - - - - Increase the default setting of - to 4GB (Bruce Momjian, Tom Lane) - - - - - - Allow printf-style space padding to be - specified in (David Rowley) - - - - - - Allow terabyte units (TB) to be used when specifying - configuration variable values (Simon Riggs) - - - - - - Show PIDs of lock holders and waiters and improve - information about relations in - log messages (Christian Kruse) - - - - - - Reduce server logging level when loading shared libraries (Peter - Geoghegan) - - - - The previous level was LOG, which was too verbose - for libraries loaded per-session. - - - - - - On Windows, make SQL_ASCII-encoded databases and server - processes (e.g., ) emit messages in - the character encoding of the server's Windows user locale - (Alexander Law, Noah Misch) - - - - Previously these messages were output in the Windows - ANSI code page. - - - - - - - - - - - Replication and Recovery - - - - - - Add replication - slots to coordinate activity on streaming standbys with the - node they are streaming from (Andres Freund, Robert Haas) - - - - Replication slots allow preservation of resources like - WAL files on the primary until they are no longer - needed by standby servers. - - - - - - Add recovery parameter - to delay replication (Robert Haas, Fabrízio de Royes Mello, - Simon Riggs) - - - - Delaying replay on standby servers can be useful for recovering - from user errors. - - - - - - Add - option - - - - - Improve recovery target processing (Heikki Linnakangas) - - - - The timestamp reported - by pg_last_xact_replay_timestamp() - now reflects already-committed records, not transactions about to - be committed. Recovering to a restore point now replays the restore - point, rather than stopping just before the restore point. - - - - - - pg_switch_xlog() - now clears any unused trailing space in the old WAL file - (Heikki Linnakangas) - - - - This improves the compression ratio for WAL files. - - - - - - Report failure return codes from external recovery commands - (Peter Eisentraut) - - - - - - Reduce spinlock contention during WAL replay (Heikki - Linnakangas) - - - - - - Write WAL records of running transactions more - frequently (Andres Freund) - - - - This allows standby servers to start faster and clean up resources - more aggressively. - - - - - - - <link linkend="logicaldecoding">Logical Decoding</> - - - Logical decoding allows database changes to be streamed in a - configurable format. The data is read from - the WAL and transformed into the - desired target format. To implement this feature, the following changes - were made: - - - - - - - Add support for logical decoding - of WAL data, to allow database changes to be streamed out in a - customizable format - (Andres Freund) - - - - - - Add new setting - - - - - Add table-level parameter REPLICA IDENTITY - to control logical replication (Andres Freund) - - - - - - Add relation option - - - - - Add application to receive - logical-decoding data (Andres Freund) - - - - - - Add module to illustrate logical - decoding at the SQL level (Andres Freund) - - - - - - - - - - - Queries - - - - - - Add WITH - ORDINALITY syntax to number the rows returned from a - set-returning function in the FROM clause - (Andrew Gierth, David Fetter) - - - - This is particularly useful for functions like - unnest(). - - - - - - Add ROWS - FROM() syntax to allow horizontal concatenation of - set-returning functions in the FROM clause (Andrew Gierth) - - - - - - Allow to have - an empty target list (Tom Lane) - - - - This was added so that views that select from a table with zero - columns can be dumped and restored correctly. - - - - - - Ensure that SELECT ... FOR UPDATE - NOWAIT does not wait in corner cases involving - already-concurrently-updated tuples (Craig Ringer and Thomas Munro) - - - - - - - - - Utility Commands - - - - - - Add DISCARD - SEQUENCES command to discard cached sequence-related state - (Fabrízio de Royes Mello, Robert Haas) - - - - DISCARD ALL will now also discard such information. - - - - - - Add FORCE NULL option - to COPY FROM, which - causes quoted strings matching the specified null string to be - converted to NULLs in CSV mode (Ian Barwick, Michael - Paquier) - - - - Without this option, only unquoted matching strings will be imported - as null values. - - - - - - Issue warnings for commands used outside of transaction blocks - when they can have no effect (Bruce Momjian) - - - - New warnings are issued for SET - LOCAL, SET CONSTRAINTS, SET TRANSACTION and - ABORT when used outside a transaction block. - - - - - - - <xref linkend="SQL-EXPLAIN"> - - - - - - Make EXPLAIN ANALYZE show planning time (Andreas - Karlsson) - - - - - - Make EXPLAIN show the grouping columns in Agg and - Group nodes (Tom Lane) - - - - - - Make EXPLAIN ANALYZE show exact and lossy - block counts in bitmap heap scans (Etsuro Fujita) - - - - - - - - - Views - - - - - - Allow a materialized view - to be refreshed without blocking other sessions from reading the view - meanwhile (Kevin Grittner) - - - - This is done with REFRESH MATERIALIZED - VIEW CONCURRENTLY. - - - - - - Allow views to be automatically - updated even if they contain some non-updatable columns - (Dean Rasheed) - - - - Previously the presence of non-updatable output columns such as - expressions, literals, and function calls prevented automatic - updates. Now INSERTs, UPDATEs and - DELETEs are supported, provided that they do not - attempt to assign new values to any of the non-updatable columns. - - - - - - Allow control over whether INSERTs and - UPDATEs can add rows to an auto-updatable view that - would not appear in the view (Dean Rasheed) - - - - This is controlled with the new - clause WITH CHECK OPTION. - - - - - - Allow security barrier views - to be automatically updatable (Dean Rasheed) - - - - - - - - - - - Object Manipulation - - - - - - Support triggers on foreign - tables (Ronan Dunklau) - - - - - - Allow moving groups of objects from one tablespace to another - using the ALL IN TABLESPACE ... SET TABLESPACE form of - , , or - (Stephen Frost) - - - - - - Allow changing foreign key constraint deferrability - via ... ALTER - CONSTRAINT (Simon Riggs) - - - - - - Reduce lock strength for some - commands - (Simon Riggs, Noah Misch, Robert Haas) - - - - Specifically, VALIDATE CONSTRAINT, CLUSTER - ON, SET WITHOUT CLUSTER, ALTER COLUMN - SET STATISTICS, ALTER COLUMN SET - - - - - - Allow tablespace options to be set - in (Vik Fearing) - - - - Formerly these options could only be set - via . - - - - - - Allow to define the estimated - size of the aggregate's transition state data (Hadi Moshayedi) - - - - Proper use of this feature allows the planner to better estimate - how much memory will be used by aggregates. - - - - - - Fix DROP IF EXISTS to avoid errors for non-existent - objects in more cases (Pavel Stehule, Dean Rasheed) - - - - - - Improve how system relations are identified (Andres Freund, - Robert Haas) - - - - Previously, relations once moved into the pg_catalog - schema could no longer be modified or dropped. - - - - - - - - - Data Types - - - - - - Fully implement the line data type (Peter - Eisentraut) - - - - The line segment data type (lseg) has always been - fully supported. The previous line data type (which was - enabled only via a compile-time option) is not binary or - dump-compatible with the new implementation. - - - - - - Add pg_lsn - data type to represent a WAL log sequence number - (LSN) (Robert Haas, Michael Paquier) - - - - - - Allow single-point polygons to be converted - to circles - (Bruce Momjian) - - - - - - Support time zone abbreviations that change UTC offset from time to - time (Tom Lane) - - - - Previously, PostgreSQL assumed that the UTC offset - associated with a time zone abbreviation (such as EST) - never changes in the usage of any particular locale. However this - assumption fails in the real world, so introduce the ability for a - zone abbreviation to represent a UTC offset that sometimes changes. - Update the zone abbreviation definition files to make use of this - feature in timezone locales that have changed the UTC offset of their - abbreviations since 1970 (according to the IANA timezone database). - In such timezones, PostgreSQL will now associate the - correct UTC offset with the abbreviation depending on the given date. - - - - - - Allow 5+ digit years for non-ISO timestamp and - date strings, where appropriate (Bruce Momjian) - - - - - - Add checks for overflow/underflow of interval values - (Bruce Momjian) - - - - - - - <link linkend="datatype-json"><acronym>JSON</></link> - - - - - - Add jsonb, a more - capable and efficient data type for storing JSON data - (Oleg Bartunov, Teodor Sigaev, Alexander - Korotkov, Peter Geoghegan, Andrew Dunstan) - - - - This new type allows faster access to values within a JSON - document, and faster and more useful indexing of JSON columns. - Scalar values in jsonb documents are stored as appropriate - scalar SQL types, and the JSON document structure is pre-parsed - rather than being stored as text as in the original json - data type. - - - - - - Add new JSON functions to allow for the construction - of arbitrarily complex JSON trees (Andrew Dunstan, Laurence Rowe) - - - - New functions include json_array_elements_text(), - json_build_array(), json_object(), - json_object_agg(), json_to_record(), - and json_to_recordset(). - - - - - - Add json_typeof() - to return the data type of a json value (Andrew Tipton) - - - - - - - - - - - Functions - - - - - - Add pg_sleep_for(interval) - and pg_sleep_until(timestamp) to specify - delays more flexibly (Vik Fearing, Julien Rouhaud) - - - - The existing pg_sleep() function only supports delays - specified in seconds. - - - - - - Add cardinality() - function for arrays (Marko Tiikkaja) - - - - This returns the total number of elements in the array, or zero - for an array with no elements. - - - - - - Add SQL functions to allow large - object reads/writes at arbitrary offsets (Pavel Stehule) - - - - - - Allow unnest() - to take multiple arguments, which are individually unnested then - horizontally concatenated (Andrew Gierth) - - - - - - Add functions to construct times, dates, - timestamps, timestamptzs, and intervals - from individual values, rather than strings (Pavel Stehule) - - - - These functions' names are prefixed with make_, - e.g. make_date(). - - - - - - Make to_char()'s - TZ format specifier return a useful value for simple - numeric time zone offsets (Tom Lane) - - - - Previously, to_char(CURRENT_TIMESTAMP, 'TZ') returned - an empty string if the timezone was set to a constant - like -4. - - - - - - Add timezone offset format specifier OF to to_char() - (Bruce Momjian) - - - - - - Improve the random seed used for random() - (Honza Horak) - - - - - - Tighten validity checking for Unicode code points in chr(int) - (Tom Lane) - - - - This function now only accepts values that are valid UTF8 characters - according to RFC 3629. - - - - - - - System Information Functions - - - - - - Add functions for looking up objects in pg_class, - pg_proc, pg_type, and - pg_operator that do not generate errors for - non-existent objects (Yugo Nagata, Nozomi Anzai, - Robert Haas) - - - - For example, to_regclass() - does a lookup in pg_class similarly to - the regclass input function, but it returns NULL for a - non-existent object instead of failing. - - - - - - Add function pg_filenode_relation() - to allow for more efficient lookup of relation names from filenodes - (Andres Freund) - - - - - - Add parameter_default column to information_schema.parameters - view (Peter Eisentraut) - - - - - - Make information_schema.schemata - show all accessible schemas (Peter Eisentraut) - - - - Previously it only showed schemas owned by the current user. - - - - - - - - - Aggregates - - - - - - Add control over which rows are passed - into aggregate functions via the FILTER clause - (David Fetter) - - - - - - Support ordered-set (WITHIN GROUP) - aggregates (Atri Sharma, Andrew Gierth, Tom Lane) - - - - - - Add standard ordered-set aggregates percentile_cont(), - percentile_disc(), mode(), rank(), - dense_rank(), percent_rank(), and - cume_dist() - (Atri Sharma, Andrew Gierth) - - - - - - Support VARIADIC - aggregate functions (Tom Lane) - - - - - - Allow polymorphic aggregates to have non-polymorphic state data - types (Tom Lane) - - - This allows proper declaration in SQL of aggregates like the built-in - aggregate array_agg(). - - - - - - - - - - - Server-Side Languages - - - - - - Add event trigger support to PL/Perl - and PL/Tcl (Dimitri Fontaine) - - - - - - Convert numeric - values to decimal in PL/Python - (Szymon Guz, Ronan Dunklau) - - - - Previously such values were converted to Python float values, - risking loss of precision. - - - - - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - Add ability to retrieve the current PL/pgSQL call stack - using GET - DIAGNOSTICS - (Pavel Stehule, Stephen Frost) - - - - - - Add option - - - - - Add variables plpgsql.extra_warnings - and plpgsql.extra_errors to enable additional PL/pgSQL - warnings and errors (Marko Tiikkaja, Petr Jelinek) - - - - Currently only warnings/errors about shadowed variables are available. - - - - - - - - - - - <link linkend="libpq"><application>libpq</></link> - - - - - Make libpq's PQconndefaults() - function ignore invalid service files (Steve Singer, Bruce Momjian) - - - - Previously it returned NULL if an incorrect service file was - encountered. - - - - - - Accept TLS protocol versions beyond TLSv1 - in libpq (Marko Kreen) - - - - - - - - - Client Applications - - - - - - Add option - - - - - Add - option - - - This allows minimal statistics to be created quickly. - - - - - - Make with option - - - - - Make throw error for incorrect locale - settings, rather than silently falling back to a default choice - (Tom Lane) - - - - - - Make return exit code 4 for - an inaccessible data directory (Amit Kapila, Bruce Momjian) - - - - This behavior more closely matches the Linux Standard Base - (LSB) Core Specification. - - - - - - On Windows, ensure that a non-absolute - - - Previously it would be interpreted relative to whichever directory - the underlying Windows service was started in. - - - - - - Allow sizeof() in ECPG - C array definitions (Michael Meskes) - - - - - - Make ECPG properly handle nesting - of C-style comments in both C and SQL text - (Michael Meskes) - - - - - - - <xref linkend="APP-PSQL"> - - - - - - Suppress No rows output in psql - - - - - Allow Control-C to abort psql when it's hung at - connection startup (Peter Eisentraut) - - - - - - - <link linkend="APP-PSQL-meta-commands">Backslash Commands</link> - - - - - - Make psql's \db+ show tablespace options - (Magnus Hagander) - - - - - - Make \do+ display the functions - that implement the operators (Marko Tiikkaja) - - - - - - Make \d+ output an - OID line only if an oid column - exists in the table (Bruce Momjian) - - - - Previously, the presence or absence of an oid - column was always reported. - - - - - - Make \d show disabled system triggers (Bruce - Momjian) - - - - Previously, if you disabled all triggers, only user triggers - would show as disabled. - - - - - - Fix \copy to no longer require - a space between stdin and a semicolon (Etsuro Fujita) - - - - - - Output the row count at the end of \copy, just - like COPY already did (Kumar Rajeev Rastogi) - - - - - - Fix \conninfo to display the - server's IP address for connections using - hostaddr (Fujii Masao) - - - - Previously \conninfo could not display the server's - IP address in such cases. - - - - - - Show the SSL protocol version in - \conninfo (Marko Kreen) - - - - - - Add tab completion for \pset - (Pavel Stehule) - - - - - - Allow \pset with no arguments - to show all settings (Gilles Darold) - - - - - - Make \s display the name of the history file it wrote - without converting it to an absolute path (Tom Lane) - - - - The code previously attempted to convert a relative file name to - an absolute path for display, but frequently got it wrong. - - - - - - - - - - - <xref linkend="APP-PGDUMP"> - - - - - - Allow options - - - - This allows multiple objects to be restored in one operation. - - - - - - Optionally add IF EXISTS clauses to the DROP - commands emitted when removing old objects during a restore (Pavel - Stehule) - - - - This change prevents unnecessary errors when removing old objects. - The new - - - - - - - - <xref linkend="app-pgbasebackup"> - - - - - - Add pg_basebackup option - - - - - Allow pg_basebackup to relocate tablespaces in - the backup copy (Steeve Lennmark) - - - - This is particularly useful for using pg_basebackup - on the same machine as the primary. - - - - - - Allow network-stream base backups to be throttled (Antonin Houska) - - - - This can be controlled with the pg_basebackup - - - - - - - - - - - Source Code - - - - - - Improve the way tuples are frozen to preserve forensic information - (Robert Haas, Andres Freund) - - - - This change removes the main objection to freezing tuples as soon - as possible. Code that inspects tuple flag bits will need to be - modified. - - - - - - No longer require function prototypes for functions marked with the - PG_FUNCTION_INFO_V1 - macro (Peter Eisentraut) - - - - This change eliminates the need to write boilerplate prototypes. - Note that the PG_FUNCTION_INFO_V1 macro must appear - before the corresponding function definition to avoid compiler - warnings. - - - - - - Remove SnapshotNow and - HeapTupleSatisfiesNow() (Robert Haas) - - - - All existing uses have been switched to more appropriate snapshot - types. Catalog scans now use MVCC snapshots. - - - - - - Add an API to allow memory allocations over one gigabyte - (Noah Misch) - - - - - - Add psprintf() to simplify memory allocation during - string composition (Peter Eisentraut, Tom Lane) - - - - - - Support printf() size modifier z to - print size_t values (Andres Freund) - - - - - - Change API of appendStringInfoVA() - to better use vsnprintf() (David Rowley, Tom Lane) - - - - - - Allow new types of external toast datums to be created (Andres - Freund) - - - - - - Add single-reader, single-writer, lightweight shared message queue - (Robert Haas) - - - - - - Improve spinlock speed on x86_64 CPUs (Heikki - Linnakangas) - - - - - - Remove spinlock support for unsupported platforms - SINIX, Sun3, and - NS32K (Robert Haas) - - - - - - Remove IRIX port (Robert Haas) - - - - - - Reduce the number of semaphores required by - - - - - - Rewrite duplicate_oids Unix shell script in - Perl (Andrew Dunstan) - - - - - - Add Test Anything Protocol (TAP) tests for client - programs (Peter Eisentraut) - - - - Currently, these tests are run by make check-world - only if the - - - - - Add make targets - - - - - Remove - - - The default build rules now include all the formerly-optional tests. - - - - - - Improve support for VPATH builds of PGXS - modules (Cédric Villemain, Andrew Dunstan, Peter Eisentraut) - - - - - - Upgrade to Autoconf 2.69 (Peter Eisentraut) - - - - - - Add a configure flag that appends custom text to the - PG_VERSION string (Oskari Saarenmaa) - - - - This is useful for packagers building custom binaries. - - - - - - Improve DocBook XML validity (Peter Eisentraut) - - - - - - Fix various minor security and sanity issues reported by the - Coverity scanner (Stephen Frost) - - - - - - Improve detection of invalid memory usage when testing - PostgreSQL with Valgrind - (Noah Misch) - - - - - - Improve sample Emacs configuration file - emacs.samples (Peter Eisentraut) - - - - Also add .dir-locals.el to the top of the source tree. - - - - - - Allow pgindent to accept a command-line list - of typedefs (Bruce Momjian) - - - - - - Make pgindent smarter about blank lines - around preprocessor conditionals (Bruce Momjian) - - - - - - Avoid most uses of dlltool - in Cygwin and - Mingw builds (Marco Atzeri, Hiroshi Inoue) - - - - - - Support client-only installs in MSVC (Windows) builds - (MauMau) - - - - - - - - - Additional Modules - - - - - - Add extension to preload relation data - into the shared buffer cache at server start (Robert Haas) - - - - This allows reaching full operating performance more quickly. - - - - - - Add UUID random number generator - gen_random_uuid() to - (Oskari Saarenmaa) - - - - This allows creation of version 4 UUIDs without - requiring installation of . - - - - - - Allow to work with - the BSD or e2fsprogs UUID libraries, - not only the OSSP UUID library (Matteo Beccati) - - - - This improves the uuid-ossp module's portability - since it no longer has to have the increasingly-obsolete OSSP - library. The module's name is now rather a misnomer, but we won't - change it. - - - - - - Add option to to include trigger - execution time (Horiguchi Kyotaro) - - - - - - Fix to not report rows from - uncommitted transactions as dead (Robert Haas) - - - - - - Make functions - use regclass-type arguments (Satoshi Nagayasu) - - - - While text-type arguments are still supported, they - may be removed in a future major release. - - - - - - Improve consistency of output to honor - snapshot rules more consistently (Robert Haas) - - - - - - Improve 's choice of trigrams for indexed - regular expression searches (Alexander Korotkov) - - - - This change discourages use of trigrams containing whitespace, which - are usually less selective. - - - - - - Allow to report a live log stream - with - - - - - Store data more compactly (Stas Kelvich) - - - - Existing data must be dumped/restored to use the new format. - The old format can still be read. - - - - - - Reduce client-side memory usage by using - a cursor (Andrew Dunstan) - - - - - - Dramatically reduce memory consumption - in (Bruce Momjian) - - - - - - Pass 's user name ( - - - - - - <xref linkend="pgbench"> - - - - - - Remove line length limit for pgbench scripts (Sawada - Masahiko) - - - - The previous line limit was BUFSIZ. - - - - - - Add long option names to pgbench (Fabien Coelho) - - - - - - Add pgbench option - - - - - Add pgbench option - - - - - - - - <xref linkend="pgstatstatements"> - - - - - - Make pg_stat_statements use a file, rather than - shared memory, for query text storage (Peter Geoghegan) - - - - This removes the previous limitation on query text length, and - allows a higher number of unique statements to be tracked by default. - - - - - - Allow reporting of pg_stat_statements's internal - query hash identifier (Daniel Farina, Sameer Thakur, Peter - Geoghegan) - - - - - - Add the ability to retrieve all pg_stat_statements - information except the query text (Peter Geoghegan) - - - - This allows monitoring tools to fetch query text only for - just-created entries, improving performance during repeated querying - of the statistics. - - - - - - Make pg_stat_statements ignore DEALLOCATE - commands (Fabien Coelho) - - - - It already ignored PREPARE, as well as planning time in - general, so this seems more consistent. - - - - - - Save the statistics file into $PGDATA/pg_stat at server - shutdown, rather than $PGDATA/global (Fujii Masao) - - - - - - - - - - - diff --git a/doc/src/sgml/release-9.5.sgml b/doc/src/sgml/release-9.5.sgml deleted file mode 100644 index 93a5e0f4fc..0000000000 --- a/doc/src/sgml/release-9.5.sgml +++ /dev/null @@ -1,11192 +0,0 @@ - - - - - Release 9.5.15 - - - Release date: - 2018-11-08 - - - - This release contains a variety of fixes from 9.5.14. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.15 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.13, - see . - - - - - Changes - - - - - - Fix corner-case failures - in has_foo_privilege() - family of functions (Tom Lane) - - - - Return NULL rather than throwing an error when an invalid object OID - is provided. Some of these functions got that right already, but not - all. has_column_privilege() was additionally - capable of crashing on some platforms. - - - - - - Avoid O(N^2) slowdown in regular expression match/split functions on - long strings (Andrew Gierth) - - - - - - Fix parsing of standard multi-character operators that are immediately - followed by a comment or + or - - (Andrew Gierth) - - - - This oversight could lead to parse errors, or to incorrect assignment - of precedence. - - - - - - Avoid O(N^3) slowdown in lexer for long strings - of + or - characters - (Andrew Gierth) - - - - - - Fix mis-execution of SubPlans when the outer query is being scanned - backwards (Andrew Gierth) - - - - - - Fix failure of UPDATE/DELETE ... WHERE CURRENT OF ... - after rewinding the referenced cursor (Tom Lane) - - - - A cursor that scans multiple relations (particularly an inheritance - tree) could produce wrong behavior if rewound to an earlier relation. - - - - - - Fix EvalPlanQual to handle conditionally-executed - InitPlans properly (Andrew Gierth, Tom Lane) - - - - This resulted in hard-to-reproduce crashes or wrong answers in - concurrent updates, if they contained code such as an uncorrelated - sub-SELECT inside a CASE - construct. - - - - - - Fix character-class checks to not fail on Windows for Unicode - characters above U+FFFF (Tom Lane, Kenji Uno) - - - - This bug affected full-text-search operations, as well - as contrib/ltree - and contrib/pg_trgm. - - - - - - Ensure that sequences owned by a foreign table are processed - by ALTER OWNER on the table (Peter Eisentraut) - - - - The ownership change should propagate to such sequences as well, but - this was missed for foreign tables. - - - - - - Ensure that the server will process - already-received NOTIFY - and SIGTERM interrupts before waiting for client - input (Jeff Janes, Tom Lane) - - - - - - Fix over-allocation of space for array_out()'s - result string (Keiichi Hirobe) - - - - - - Fix memory leak in repeated SP-GiST index scans (Tom Lane) - - - - This is only known to amount to anything significant in cases where - an exclusion constraint using SP-GiST receives many new index entries - in a single command. - - - - - - Ensure that ApplyLogicalMappingFile() closes the - mapping file when done with it (Tomas Vondra) - - - - Previously, the file descriptor was leaked, eventually resulting in - failures during logical decoding. - - - - - - Fix logical decoding to handle cases where a mapped catalog table is - repeatedly rewritten, e.g. by VACUUM FULL - (Andres Freund) - - - - - - Prevent starting the server with wal_level set - to too low a value to support an existing replication slot (Andres - Freund) - - - - - - Avoid crash if a utility command causes infinite recursion (Tom Lane) - - - - - - When initializing a hot standby, cope with duplicate XIDs caused by - two-phase transactions on the master - (Michael Paquier, Konstantin Knizhnik) - - - - - - Fix event triggers to handle nested ALTER TABLE - commands (Michael Paquier, Álvaro Herrera) - - - - - - Propagate parent process's transaction and statement start timestamps - to parallel workers (Konstantin Knizhnik) - - - - This prevents misbehavior of functions such - as transaction_timestamp() when executed in a - worker. - - - - - - Fix WAL file recycling logic to work correctly on standby servers - (Michael Paquier) - - - - Depending on the setting of archive_mode, a standby - might fail to remove some WAL files that could be removed. - - - - - - Fix handling of commit-timestamp tracking during recovery - (Masahiko Sawada, Michael Paquier) - - - - If commit timestamp tracking has been turned on or off, recovery might - fail due to trying to fetch the commit timestamp for a transaction - that did not record it. - - - - - - Randomize the random() seed in bootstrap and - standalone backends, and in initdb - (Noah Misch) - - - - The main practical effect of this change is that it avoids a scenario - where initdb might mistakenly conclude that - POSIX shared memory is not available, due to name collisions caused by - always using the same random seed. - - - - - - Allow DSM allocation to be interrupted (Chris Travers) - - - - - - Properly handle turning full_page_writes on - dynamically (Kyotaro Horiguchi) - - - - - - Avoid possible buffer overrun when replaying GIN page recompression - from WAL (Alexander Korotkov, Sivasubramanian Ramasubramanian) - - - - - - Fix missed fsync of a replication slot's directory (Konstantin - Knizhnik, Michael Paquier) - - - - - - Fix unexpected timeouts when - using wal_sender_timeout on a slow server - (Noah Misch) - - - - - - Ensure that hot standby processes use the correct WAL consistency - point (Alexander Kukushkin, Michael Paquier) - - - - This prevents possible misbehavior just after a standby server has - reached a consistent database state during WAL replay. - - - - - - Ensure background workers are stopped properly when the postmaster - receives a fast-shutdown request before completing database startup - (Alexander Kukushkin) - - - - - - Don't run atexit callbacks when servicing SIGQUIT - (Heikki Linnakangas) - - - - - - Don't record foreign-server user mappings as members of extensions - (Tom Lane) - - - - If CREATE USER MAPPING is executed in an extension - script, an extension dependency was created for the user mapping, - which is unexpected. Roles can't be extension members, so user - mappings shouldn't be either. - - - - - - Make syslogger more robust against failures in opening CSV log files - (Tom Lane) - - - - - - Fix psql, as well as documentation - examples, to call PQconsumeInput() before - each PQnotifies() call (Tom Lane) - - - - This fixes cases in which psql would not - report receipt of a NOTIFY message until after the - next command. - - - - - - Fix possible inconsistency in pg_dump's - sorting of dissimilar object names (Jacob Champion) - - - - - - Ensure that pg_restore will schema-qualify - the table name when - emitting DISABLE/ENABLE TRIGGER - commands (Tom Lane) - - - - This avoids failures due to the new policy of running restores with - restrictive search path. - - - - - - Fix pg_upgrade to handle event triggers in - extensions correctly (Haribabu Kommi) - - - - pg_upgrade failed to preserve an event - trigger's extension-membership status. - - - - - - Fix pg_upgrade's cluster state check to - work correctly on a standby server (Bruce Momjian) - - - - - - Enforce type cube's dimension limit in - all contrib/cube functions (Andrey Borodin) - - - - Previously, some cube-related functions could construct values that - would be rejected by cube_in(), leading to - dump/reload failures. - - - - - - Fix contrib/unaccent's - unaccent() function to use - the unaccent text search dictionary that is in the - same schema as the function (Tom Lane) - - - - Previously it tried to look up the dictionary using the search path, - which could fail if the search path has a restrictive value. - - - - - - Fix build problems on macOS 10.14 (Mojave) (Tom Lane) - - - - Adjust configure to add - an switch to CPPFLAGS; - without this, PL/Perl and PL/Tcl fail to configure or build on macOS - 10.14. The specific sysroot used can be overridden at configure time - or build time by setting the PG_SYSROOT variable in - the arguments of configure - or make. - - - - It is now recommended that Perl-related extensions - write $(perl_includespec) rather - than -I$(perl_archlibexp)/CORE in their compiler - flags. The latter continues to work on most platforms, but not recent - macOS. - - - - Also, it should no longer be necessary to - specify manually to get PL/Tcl to - build on recent macOS releases. - - - - - - Fix MSVC build and regression-test scripts to work on recent Perl - versions (Andrew Dunstan) - - - - Perl no longer includes the current directory in its search path - by default; work around that. - - - - - - On Windows, allow the regression tests to be run by an Administrator - account (Andrew Dunstan) - - - - To do this safely, pg_regress now gives up - any such privileges at startup. - - - - - - - Support building on Windows with Visual Studio 2015 or Visual Studio 2017 - (Michael Paquier, Haribabu Kommi) - - - - - - Allow btree comparison functions to return INT_MIN - (Tom Lane) - - - - Up to now, we've forbidden datatype-specific comparison functions from - returning INT_MIN, which allows callers to invert - the sort order just by negating the comparison result. However, this - was never safe for comparison functions that directly return the - result of memcmp(), strcmp(), - etc, as POSIX doesn't place any such restriction on those functions. - At least some recent versions of memcmp() can - return INT_MIN, causing incorrect sort ordering. - Hence, we've removed this restriction. Callers must now use - the INVERT_COMPARE_RESULT() macro if they wish to - invert the sort order. - - - - - - Fix recursion hazard in shared-invalidation message processing - (Tom Lane) - - - - This error could, for example, result in failure to access a system - catalog or index that had just been processed by VACUUM - FULL. - - - - This change adds a new result code - for LockAcquire, which might possibly affect - external callers of that function, though only very unusual usage - patterns would have an issue with it. The API - of LockAcquireExtended is also changed. - - - - - - Save and restore SPI's global variables - during SPI_connect() - and SPI_finish() (Chapman Flack, Tom Lane) - - - - This prevents possible interference when one SPI-using function calls - another. - - - - - - - Provide ALLOCSET_DEFAULT_SIZES and sibling macros - in back branches (Tom Lane) - - - - These macros have existed since 9.6, but there were requests to add - them to older branches to allow extensions to rely on them without - branch-specific coding. - - - - - - Avoid using potentially-under-aligned page buffers (Tom Lane) - - - - Invent new union types PGAlignedBlock - and PGAlignedXLogBlock, and use these in place of plain - char arrays, ensuring that the compiler can't place the buffer at a - misaligned start address. This fixes potential core dumps on - alignment-picky platforms, and may improve performance even on - platforms that allow misalignment. - - - - - - Make src/port/snprintf.c follow the C99 - standard's definition of snprintf()'s result - value (Tom Lane) - - - - On platforms where this code is used (mostly Windows), its pre-C99 - behavior could lead to failure to detect buffer overrun, if the - calling code assumed C99 semantics. - - - - - - When building on i386 with the clang - compiler, require to be used (Andres Freund) - - - - This avoids problems with missed floating point overflow checks. - - - - - - Fix configure's detection of the result - type of strerror_r() (Tom Lane) - - - - The previous coding got the wrong answer when building - with icc on Linux (and perhaps in other - cases), leading to libpq not returning - useful error messages for system-reported errors. - - - - - - Update time zone data files to tzdata - release 2018g for DST law changes in Chile, Fiji, Morocco, and Russia - (Volgograd), plus historical corrections for China, Hawaii, Japan, - Macau, and North Korea. - - - - - - - - - - Release 9.5.14 - - - Release date: - 2018-08-09 - - - - This release contains a variety of fixes from 9.5.13. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.14 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.13, - see . - - - - - Changes - - - - - - Fix failure to reset libpq's state fully - between connection attempts (Tom Lane) - - - - An unprivileged user of dblink - or postgres_fdw could bypass the checks intended - to prevent use of server-side credentials, such as - a ~/.pgpass file owned by the operating-system - user running the server. Servers allowing peer authentication on - local connections are particularly vulnerable. Other attacks such - as SQL injection into a postgres_fdw session - are also possible. - Attacking postgres_fdw in this way requires the - ability to create a foreign server object with selected connection - parameters, but any user with access to dblink - could exploit the problem. - In general, an attacker with the ability to select the connection - parameters for a libpq-using application - could cause mischief, though other plausible attack scenarios are - harder to think of. - Our thanks to Andrew Krasichkov for reporting this issue. - (CVE-2018-10915) - - - - - - Fix INSERT ... ON CONFLICT UPDATE through a view - that isn't just SELECT * FROM ... - (Dean Rasheed, Amit Langote) - - - - Erroneous expansion of an updatable view could lead to crashes - or attribute ... has the wrong type errors, if the - view's SELECT list doesn't match one-to-one with - the underlying table's columns. - Furthermore, this bug could be leveraged to allow updates of columns - that an attacking user lacks UPDATE privilege for, - if that user has INSERT and UPDATE - privileges for some other column(s) of the table. - Any user could also use it for disclosure of server memory. - (CVE-2018-10925) - - - - - - Ensure that updates to the relfrozenxid - and relminmxid values - for nailed system catalogs are processed in a timely - fashion (Andres Freund) - - - - Overoptimistic caching rules could prevent these updates from being - seen by other sessions, leading to spurious errors and/or data - corruption. The problem was significantly worse for shared catalogs, - such as pg_authid, because the stale cache - data could persist into new sessions as well as existing ones. - - - - - - Fix case where a freshly-promoted standby crashes before having - completed its first post-recovery checkpoint (Michael Paquier, Kyotaro - Horiguchi, Pavan Deolasee, Álvaro Herrera) - - - - This led to a situation where the server did not think it had reached - a consistent database state during subsequent WAL replay, preventing - restart. - - - - - - Avoid emitting a bogus WAL record when recycling an all-zero btree - page (Amit Kapila) - - - - This mistake has been seen to cause assertion failures, and - potentially it could result in unnecessary query cancellations on hot - standby servers. - - - - - - During WAL replay, guard against corrupted record lengths exceeding - 1GB (Michael Paquier) - - - - Treat such a case as corrupt data. Previously, the code would try to - allocate space and get a hard error, making recovery impossible. - - - - - - When ending recovery, delay writing the timeline history file as long - as possible (Heikki Linnakangas) - - - - This avoids some situations where a failure during recovery cleanup - (such as a problem with a two-phase state file) led to inconsistent - timeline state on-disk. - - - - - - Improve performance of WAL replay for transactions that drop many - relations (Fujii Masao) - - - - This change reduces the number of times that shared buffers are - scanned, so that it is of most benefit when that setting is large. - - - - - - Improve performance of lock releasing in standby server WAL replay - (Thomas Munro) - - - - - - Make logical WAL senders report streaming state correctly (Simon - Riggs, Sawada Masahiko) - - - - The code previously mis-detected whether or not it had caught up with - the upstream server. - - - - - - Fix bugs in snapshot handling during logical decoding, allowing wrong - decoding results in rare cases (Arseny Sher, Álvaro Herrera) - - - - - - Ensure a table's cached index list is correctly rebuilt after an index - creation fails partway through (Peter Geoghegan) - - - - Previously, the failed index's OID could remain in the list, causing - problems later in the same session. - - - - - - Fix mishandling of empty uncompressed posting list pages in GIN - indexes (Sivasubramanian Ramasubramanian, Alexander Korotkov) - - - - This could result in an assertion failure after pg_upgrade of a - pre-9.4 GIN index (9.4 and later will not create such pages). - - - - - - Ensure that VACUUM will respond to signals - within btree page deletion loops (Andres Freund) - - - - Corrupted btree indexes could result in an infinite loop here, and - that previously wasn't interruptible without forcing a crash. - - - - - - Fix misoptimization of equivalence classes involving composite-type - columns (Tom Lane) - - - - This resulted in failure to recognize that an index on a composite - column could provide the sort order needed for a mergejoin on that - column. - - - - - - Fix SQL-standard FETCH FIRST syntax to allow - parameters ($n), as the - standard expects (Andrew Gierth) - - - - - - Fix failure to schema-qualify some object names - in getObjectDescription output - (Kyotaro Horiguchi, Tom Lane) - - - - Names of collations, conversions, and text search objects - were not schema-qualified when they should be. - - - - - - Widen COPY FROM's current-line-number counter - from 32 to 64 bits (David Rowley) - - - - This avoids two problems with input exceeding 4G lines: COPY - FROM WITH HEADER would drop a line every 4G lines, not only - the first line, and error reports could show a wrong line number. - - - - - - Add a string freeing function - to ecpg's pgtypes - library, so that cross-module memory management problems can be - avoided on Windows (Takayuki Tsunakawa) - - - - On Windows, crashes can ensue if the free call - for a given chunk of memory is not made from the same DLL - that malloc'ed the memory. - The pgtypes library sometimes returns strings - that it expects the caller to free, making it impossible to follow - this rule. Add a PGTYPESchar_free() function - that just wraps free, allowing applications - to follow this rule. - - - - - - Fix ecpg's support for long - long variables on Windows, as well as other platforms that - declare strtoll/strtoull - nonstandardly or not at all (Dang Minh Huong, Tom Lane) - - - - - - Fix misidentification of SQL statement type in PL/pgSQL, when a rule - change causes a change in the semantics of a statement intra-session - (Tom Lane) - - - - This error led to assertion failures, or in rare cases, failure to - enforce the INTO STRICT option as expected. - - - - - - Fix password prompting in client programs so that echo is properly - disabled on Windows when stdin is not the - terminal (Matthew Stickney) - - - - - - Further fix mis-quoting of values for list-valued GUC variables in - dumps (Tom Lane) - - - - The previous fix for quoting of search_path and - other list-valued variables in pg_dump - output turned out to misbehave for empty-string list elements, and it - risked truncation of long file paths. - - - - - - Fix pg_dump's failure to - dump REPLICA IDENTITY properties for constraint - indexes (Tom Lane) - - - - Manually created unique indexes were properly marked, but not those - created by declaring UNIQUE or PRIMARY - KEY constraints. - - - - - - Make pg_upgrade check that the old server - was shut down cleanly (Bruce Momjian) - - - - The previous check could be fooled by an immediate-mode shutdown. - - - - - - Fix contrib/hstore_plperl to look through Perl - scalar references, and to not crash if it doesn't find a hash - reference where it expects one (Tom Lane) - - - - - - Fix crash in contrib/ltree's - lca() function when the input array is empty - (Pierre Ducroquet) - - - - - - Fix various error-handling code paths in which an incorrect error code - might be reported (Michael Paquier, Tom Lane, Magnus Hagander) - - - - - - Rearrange makefiles to ensure that programs link to freshly-built - libraries (such as libpq.so) rather than ones - that might exist in the system library directories (Tom Lane) - - - - This avoids problems when building on platforms that supply old copies - of PostgreSQL libraries. - - - - - - Update time zone data files to tzdata - release 2018e for DST law changes in North Korea, plus historical - corrections for Czechoslovakia. - - - - This update includes a redefinition of daylight savings - in Ireland, as well as for some past years in Namibia and - Czechoslovakia. In those jurisdictions, legally standard time is - observed in summer, and daylight savings time in winter, so that the - daylight savings offset is one hour behind standard time not one hour - ahead. This does not affect either the actual UTC offset or the - timezone abbreviations in use; the only known effect is that - the is_dst column in - the pg_timezone_names view will now be true - in winter and false in summer in these cases. - - - - - - - - - - Release 9.5.13 - - - Release date: - 2018-05-10 - - - - This release contains a variety of fixes from 9.5.12. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.13 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if the function marking mistakes mentioned in the first - changelog entry below affect you, you will want to take steps to - correct your database catalogs. - - - - Also, if you are upgrading from a version earlier than 9.5.12, - see . - - - - - Changes - - - - - - Fix incorrect volatility markings on a few built-in functions - (Thomas Munro, Tom Lane) - - - - The functions - query_to_xml, - cursor_to_xml, - cursor_to_xmlschema, - query_to_xmlschema, and - query_to_xml_and_xmlschema - should be marked volatile because they execute user-supplied queries - that might contain volatile operations. They were not, leading to a - risk of incorrect query optimization. This has been repaired for new - installations by correcting the initial catalog data, but existing - installations will continue to contain the incorrect markings. - Practical use of these functions seems to pose little hazard, but in - case of trouble, it can be fixed by manually updating these - functions' pg_proc entries, for example - ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, - boolean, text) VOLATILE. (Note that that will need to be - done in each database of the installation.) Another option is - to pg_upgrade the database to a version - containing the corrected initial data. - - - - - - Avoid re-using TOAST value OIDs that match dead-but-not-yet-vacuumed - TOAST entries (Pavan Deolasee) - - - - Once the OID counter has wrapped around, it's possible to assign a - TOAST value whose OID matches a previously deleted entry in the same - TOAST table. If that entry were not yet vacuumed away, this resulted - in unexpected chunk number 0 (expected 1) for toast - value nnnnn errors, which would - persist until the dead entry was removed - by VACUUM. Fix by not selecting such OIDs when - creating a new TOAST entry. - - - - - - Change ANALYZE's algorithm for updating - pg_class.reltuples - (David Gould) - - - - Previously, pages not actually scanned by ANALYZE - were assumed to retain their old tuple density. In a large table - where ANALYZE samples only a small fraction of the - pages, this meant that the overall tuple density estimate could not - change very much, so that reltuples would - change nearly proportionally to changes in the table's physical size - (relpages) regardless of what was actually - happening in the table. This has been observed to result - in reltuples becoming so much larger than - reality as to effectively shut off autovacuuming. To fix, assume - that ANALYZE's sample is a statistically unbiased - sample of the table (as it should be), and just extrapolate the - density observed within those pages to the whole table. - - - - - - Avoid deadlocks in concurrent CREATE INDEX - CONCURRENTLY commands that are run - under SERIALIZABLE or REPEATABLE - READ transaction isolation (Tom Lane) - - - - - - Fix possible slow execution of REFRESH MATERIALIZED VIEW - CONCURRENTLY (Thomas Munro) - - - - - - Fix UPDATE/DELETE ... WHERE CURRENT OF to not fail - when the referenced cursor uses an index-only-scan plan (Yugo Nagata, - Tom Lane) - - - - - - Fix incorrect planning of join clauses pushed into parameterized - paths (Andrew Gierth, Tom Lane) - - - - This error could result in misclassifying a condition as - a join filter for an outer join when it should be a - plain filter condition, leading to incorrect join - output. - - - - - - Fix possibly incorrect generation of an index-only-scan plan when the - same table column appears in multiple index columns, and only some of - those index columns use operator classes that can return the column - value (Kyotaro Horiguchi) - - - - - - Fix misoptimization of CHECK constraints having - provably-NULL subclauses of - top-level AND/OR conditions - (Tom Lane, Dean Rasheed) - - - - This could, for example, allow constraint exclusion to exclude a - child table that should not be excluded from a query. - - - - - - Fix executor crash due to double free in some GROUPING - SET usages (Peter Geoghegan) - - - - - - Avoid crash if a table rewrite event trigger is added concurrently - with a command that could call such a trigger (Álvaro Herrera, - Andrew Gierth, Tom Lane) - - - - - - Avoid failure if a query-cancel or session-termination interrupt - occurs while committing a prepared transaction (Stas Kelvich) - - - - - - Fix query-lifespan memory leakage in repeatedly executed hash joins - (Tom Lane) - - - - - - Fix overly strict sanity check - in heap_prepare_freeze_tuple - (Álvaro Herrera) - - - - This could result in incorrect cannot freeze committed - xmax failures in databases that have - been pg_upgrade'd from 9.2 or earlier. - - - - - - Prevent dangling-pointer dereference when a C-coded before-update row - trigger returns the old tuple (Rushabh Lathia) - - - - - - Reduce locking during autovacuum worker scheduling (Jeff Janes) - - - - The previous behavior caused drastic loss of potential worker - concurrency in databases with many tables. - - - - - - Ensure client hostname is copied while copying - pg_stat_activity data to local memory - (Edmund Horner) - - - - Previously the supposedly-local snapshot contained a pointer into - shared memory, allowing the client hostname column to change - unexpectedly if any existing session disconnected. - - - - - - Fix incorrect processing of multiple compound affixes - in ispell dictionaries (Arthur Zakirov) - - - - - - Fix collation-aware searches (that is, indexscans using inequality - operators) in SP-GiST indexes on text columns (Tom Lane) - - - - Such searches would return the wrong set of rows in most non-C - locales. - - - - - - Count the number of index tuples correctly during initial build of an - SP-GiST index (Tomas Vondra) - - - - Previously, the tuple count was reported to be the same as that of - the underlying table, which is wrong if the index is partial. - - - - - - Count the number of index tuples correctly during vacuuming of a - GiST index (Andrey Borodin) - - - - Previously it reported the estimated number of heap tuples, - which might be inaccurate, and is certainly wrong if the - index is partial. - - - - - - Fix a corner case where a streaming standby gets stuck at a WAL - continuation record (Kyotaro Horiguchi) - - - - - - In logical decoding, avoid possible double processing of WAL data - when a walsender restarts (Craig Ringer) - - - - - - Allow scalarltsel - and scalargtsel to be used on non-core datatypes - (Tomas Vondra) - - - - - - Reduce libpq's memory consumption when a - server error is reported after a large amount of query output has - been collected (Tom Lane) - - - - Discard the previous output before, not after, processing the error - message. On some platforms, notably Linux, this can make a - difference in the application's subsequent memory footprint. - - - - - - Fix double-free crashes in ecpg - (Patrick Krecker, Jeevan Ladhe) - - - - - - Fix ecpg to handle long long - int variables correctly in MSVC builds (Michael Meskes, - Andrew Gierth) - - - - - - Fix mis-quoting of values for list-valued GUC variables in dumps - (Michael Paquier, Tom Lane) - - - - The local_preload_libraries, - session_preload_libraries, - shared_preload_libraries, - and temp_tablespaces variables were not correctly - quoted in pg_dump output. This would - cause problems if settings for these variables appeared in - CREATE FUNCTION ... SET or ALTER - DATABASE/ROLE ... SET clauses. - - - - - - Fix pg_recvlogical to not fail against - pre-v10 PostgreSQL servers - (Michael Paquier) - - - - A previous fix caused pg_recvlogical to - issue a command regardless of server version, but it should only be - issued to v10 and later servers. - - - - - - Ensure that pg_rewind deletes files on the - target server if they are deleted from the source server during the - run (Takayuki Tsunakawa) - - - - Failure to do this could result in data inconsistency on the target, - particularly if the file in question is a WAL segment. - - - - - - Fix pg_rewind to handle tables in - non-default tablespaces correctly (Takayuki Tsunakawa) - - - - - - Fix overflow handling in PL/pgSQL - integer FOR loops (Tom Lane) - - - - The previous coding failed to detect overflow of the loop variable - on some non-gcc compilers, leading to an infinite loop. - - - - - - Adjust PL/Python regression tests to pass - under Python 3.7 (Peter Eisentraut) - - - - - - Support testing PL/Python and related - modules when building with Python 3 and MSVC (Andrew Dunstan) - - - - - - - Support building with Microsoft Visual Studio 2015 (Michael Paquier) - - - - Various fixes needed for VS2015 compatibility were previously - back-patched into the 9.5 branch, but this one was missed. - - - - - - Rename internal b64_encode - and b64_decode functions to avoid conflict with - Solaris 11.4 built-in functions (Rainer Orth) - - - - - - Sync our copy of the timezone library with IANA tzcode release 2018e - (Tom Lane) - - - - This fixes the zic timezone data compiler - to cope with negative daylight-savings offsets. While - the PostgreSQL project will not - immediately ship such timezone data, zic - might be used with timezone data obtained directly from IANA, so it - seems prudent to update zic now. - - - - - - Update time zone data files to tzdata - release 2018d for DST law changes in Palestine and Antarctica (Casey - Station), plus historical corrections for Portugal and its colonies, - as well as Enderbury, Jamaica, Turks & Caicos Islands, and - Uruguay. - - - - - - - - - - Release 9.5.12 - - - Release date: - 2018-03-01 - - - - This release contains a variety of fixes from 9.5.11. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.12 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you run an installation in which not all users are mutually - trusting, or if you maintain an application or extension that is - intended for use in arbitrary situations, it is strongly recommended - that you read the documentation changes described in the first changelog - entry below, and take suitable steps to ensure that your installation or - code is secure. - - - - Also, the changes described in the second changelog entry below may - cause functions used in index expressions or materialized views to fail - during auto-analyze, or when reloading from a dump. After upgrading, - monitor the server logs for such problems, and fix affected functions. - - - - Also, if you are upgrading from a version earlier than 9.5.10, - see . - - - - - Changes - - - - - - Document how to configure installations and applications to guard - against search-path-dependent trojan-horse attacks from other users - (Noah Misch) - - - - Using a search_path setting that includes any - schemas writable by a hostile user enables that user to capture - control of queries and then run arbitrary SQL code with the - permissions of the attacked user. While it is possible to write - queries that are proof against such hijacking, it is notationally - tedious, and it's very easy to overlook holes. Therefore, we now - recommend configurations in which no untrusted schemas appear in - one's search path. Relevant documentation appears in - (for database administrators and users), - (for application authors), - (for extension authors), and - (for authors - of SECURITY DEFINER functions). - (CVE-2018-1058) - - - - - - Avoid use of insecure search_path settings - in pg_dump and other client programs - (Noah Misch, Tom Lane) - - - - pg_dump, - pg_upgrade, - vacuumdb and - other PostgreSQL-provided applications were - themselves vulnerable to the type of hijacking described in the previous - changelog entry; since these applications are commonly run by - superusers, they present particularly attractive targets. To make them - secure whether or not the installation as a whole has been secured, - modify them to include only the pg_catalog - schema in their search_path settings. - Autovacuum worker processes now do the same, as well. - - - - In cases where user-provided functions are indirectly executed by - these programs — for example, user-provided functions in index - expressions — the tighter search_path may - result in errors, which will need to be corrected by adjusting those - user-provided functions to not assume anything about what search path - they are invoked under. That has always been good practice, but now - it will be necessary for correct behavior. - (CVE-2018-1058) - - - - - - Fix misbehavior of concurrent-update rechecks with CTE references - appearing in subplans (Tom Lane) - - - - If a CTE (WITH clause reference) is used in an - InitPlan or SubPlan, and the query requires a recheck due to trying - to update or lock a concurrently-updated row, incorrect results could - be obtained. - - - - - - Fix planner failures with overlapping mergejoin clauses in an outer - join (Tom Lane) - - - - These mistakes led to left and right pathkeys do not match in - mergejoin or outer pathkeys do not match - mergeclauses planner errors in corner cases. - - - - - - Repair pg_upgrade's failure to - preserve relfrozenxid for materialized - views (Tom Lane, Andres Freund) - - - - This oversight could lead to data corruption in materialized views - after an upgrade, manifesting as could not access status of - transaction or found xmin from before - relfrozenxid errors. The problem would be more likely to - occur in seldom-refreshed materialized views, or ones that were - maintained only with REFRESH MATERIALIZED VIEW - CONCURRENTLY. - - - - If such corruption is observed, it can be repaired by refreshing the - materialized view (without CONCURRENTLY). - - - - - - Fix incorrect reporting of PL/Python function names in - error CONTEXT stacks (Tom Lane) - - - - An error occurring within a nested PL/Python function call (that is, - one reached via a SPI query from another PL/Python function) would - result in a stack trace showing the inner function's name twice, - rather than the expected results. Also, an error in a nested - PL/Python DO block could result in a null pointer - dereference crash on some platforms. - - - - - - Allow contrib/auto_explain's - log_min_duration setting to range up - to INT_MAX, or about 24 days instead of 35 minutes - (Tom Lane) - - - - - - - - - - Release 9.5.11 - - - Release date: - 2018-02-08 - - - - This release contains a variety of fixes from 9.5.10. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.11 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.10, - see . - - - - - Changes - - - - - - Ensure that all temporary files made - by pg_upgrade are non-world-readable - (Tom Lane, Noah Misch) - - - - pg_upgrade normally restricts its - temporary files to be readable and writable only by the calling user. - But the temporary file containing pg_dumpall -g - output would be group- or world-readable, or even writable, if the - user's umask setting allows. In typical usage on - multi-user machines, the umask and/or the working - directory's permissions would be tight enough to prevent problems; - but there may be people using pg_upgrade - in scenarios where this oversight would permit disclosure of database - passwords to unfriendly eyes. - (CVE-2018-1053) - - - - - - Fix vacuuming of tuples that were updated while key-share locked - (Andres Freund, Álvaro Herrera) - - - - In some cases VACUUM would fail to remove such - tuples even though they are now dead, leading to assorted data - corruption scenarios. - - - - - - Fix inadequate buffer locking in some LSN fetches (Jacob Champion, - Asim Praveen, Ashwin Agrawal) - - - - These errors could result in misbehavior under concurrent load. - The potential consequences have not been characterized fully. - - - - - - Fix incorrect query results from cases involving flattening of - subqueries whose outputs are used in GROUPING SETS - (Heikki Linnakangas) - - - - - - Avoid unnecessary failure in a query on an inheritance tree that - occurs concurrently with some child table being removed from the tree - by ALTER TABLE NO INHERIT (Tom Lane) - - - - - - Fix spurious deadlock failures when multiple sessions are - running CREATE INDEX CONCURRENTLY (Jeff Janes) - - - - - - Fix failures when an inheritance tree contains foreign child tables - (Etsuro Fujita) - - - - A mix of regular and foreign tables in an inheritance tree resulted in - creation of incorrect plans for UPDATE - and DELETE queries. This led to visible failures in - some cases, notably when there are row-level triggers on a foreign - child table. - - - - - - Repair failure with correlated sub-SELECT - inside VALUES inside a LATERAL - subquery (Tom Lane) - - - - - - Fix could not devise a query plan for the given query - planner failure for some cases involving nested UNION - ALL inside a lateral subquery (Tom Lane) - - - - - - Fix logical decoding to correctly clean up disk files for crashed - transactions (Atsushi Torikoshi) - - - - Logical decoding may spill WAL records to disk for transactions - generating many WAL records. Normally these files are cleaned up - after the transaction's commit or abort record arrives; but if - no such record is ever seen, the removal code misbehaved. - - - - - - Fix walsender timeout failure and failure to respond to interrupts - when processing a large transaction (Petr Jelinek) - - - - - - Fix has_sequence_privilege() to - support WITH GRANT OPTION tests, - as other privilege-testing functions do (Joe Conway) - - - - - - In databases using UTF8 encoding, ignore any XML declaration that - asserts a different encoding (Pavel Stehule, Noah Misch) - - - - We always store XML strings in the database encoding, so allowing - libxml to act on a declaration of another encoding gave wrong results. - In encodings other than UTF8, we don't promise to support non-ASCII - XML data anyway, so retain the previous behavior for bug compatibility. - This change affects only xpath() and related - functions; other XML code paths already acted this way. - - - - - - Provide for forward compatibility with future minor protocol versions - (Robert Haas, Badrul Chowdhury) - - - - Up to now, PostgreSQL servers simply - rejected requests to use protocol versions newer than 3.0, so that - there was no functional difference between the major and minor parts - of the protocol version number. Allow clients to request versions 3.x - without failing, sending back a message showing that the server only - understands 3.0. This makes no difference at the moment, but - back-patching this change should allow speedier introduction of future - minor protocol upgrades. - - - - - - Cope with failure to start a parallel worker process - (Amit Kapila, Robert Haas) - - - - Parallel query previously tended to hang indefinitely if a worker - could not be started, as the result of fork() - failure or other low-probability problems. - - - - - - Avoid unsafe alignment assumptions when working - with __int128 (Tom Lane) - - - - Typically, compilers assume that __int128 variables are - aligned on 16-byte boundaries, but our memory allocation - infrastructure isn't prepared to guarantee that, and increasing the - setting of MAXALIGN seems infeasible for multiple reasons. Adjust the - code to allow use of __int128 only when we can tell the - compiler to assume lesser alignment. The only known symptom of this - problem so far is crashes in some parallel aggregation queries. - - - - - - Prevent stack-overflow crashes when planning extremely deeply - nested set operations - (UNION/INTERSECT/EXCEPT) - (Tom Lane) - - - - - - Fix null-pointer crashes for some types of LDAP URLs appearing - in pg_hba.conf (Thomas Munro) - - - - - - Fix sample INSTR() functions in the PL/pgSQL - documentation (Yugo Nagata, Tom Lane) - - - - These functions are stated to - be Oracle compatible, but - they weren't exactly. In particular, there was a discrepancy in the - interpretation of a negative third parameter: Oracle thinks that a - negative value indicates the last place where the target substring can - begin, whereas our functions took it as the last place where the - target can end. Also, Oracle throws an error for a zero or negative - fourth parameter, whereas our functions returned zero. - - - - The sample code has been adjusted to match Oracle's behavior more - precisely. Users who have copied this code into their applications - may wish to update their copies. - - - - - - Fix pg_dump to make ACL (permissions), - comment, and security label entries reliably identifiable in archive - output formats (Tom Lane) - - - - The tag portion of an ACL archive entry was usually - just the name of the associated object. Make it start with the object - type instead, bringing ACLs into line with the convention already used - for comment and security label archive entries. Also, fix the - comment and security label entries for the whole database, if present, - to make their tags start with DATABASE so that they - also follow this convention. This prevents false matches in code that - tries to identify large-object-related entries by seeing if the tag - starts with LARGE OBJECT. That could have resulted - in misclassifying entries as data rather than schema, with undesirable - results in a schema-only or data-only dump. - - - - Note that this change has user-visible results in the output - of pg_restore --list. - - - - - - Rename pg_rewind's - copy_file_range function to avoid conflict - with new Linux system call of that name (Andres Freund) - - - - This change prevents build failures with newer glibc versions. - - - - - - In ecpg, detect indicator arrays that do - not have the correct length and report an error (David Rader) - - - - - - Avoid triggering a libc assertion - in contrib/hstore, due to use - of memcpy() with equal source and destination - pointers (Tomas Vondra) - - - - - - Provide modern examples of how to auto-start Postgres on macOS - (Tom Lane) - - - - The scripts in contrib/start-scripts/osx use - infrastructure that's been deprecated for over a decade, and which no - longer works at all in macOS releases of the last couple of years. - Add a new subdirectory contrib/start-scripts/macos - containing scripts that use the newer launchd - infrastructure. - - - - - - Fix incorrect selection of configuration-specific libraries for - OpenSSL on Windows (Andrew Dunstan) - - - - - - Support linking to MinGW-built versions of libperl (Noah Misch) - - - - This allows building PL/Perl with some common Perl distributions for - Windows. - - - - - - Fix MSVC build to test whether 32-bit libperl - needs -D_USE_32BIT_TIME_T (Noah Misch) - - - - Available Perl distributions are inconsistent about what they expect, - and lack any reliable means of reporting it, so resort to a build-time - test on what the library being used actually does. - - - - - - On Windows, install the crash dump handler earlier in postmaster - startup (Takayuki Tsunakawa) - - - - This may allow collection of a core dump for some early-startup - failures that did not produce a dump before. - - - - - - On Windows, avoid encoding-conversion-related crashes when emitting - messages very early in postmaster startup (Takayuki Tsunakawa) - - - - - - Use our existing Motorola 68K spinlock code on OpenBSD as - well as NetBSD (David Carlier) - - - - - - Add support for spinlocks on Motorola 88K (David Carlier) - - - - - - Update time zone data files to tzdata - release 2018c for DST law changes in Brazil, Sao Tome and Principe, - plus historical corrections for Bolivia, Japan, and South Sudan. - The US/Pacific-New zone has been removed (it was - only an alias for America/Los_Angeles anyway). - - - - - - - - - - Release 9.5.10 - - - Release date: - 2017-11-09 - - - - This release contains a variety of fixes from 9.5.9. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.10 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you use BRIN indexes, see the fourth changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.5.8, - see . - - - - - Changes - - - - - - Ensure that INSERT ... ON CONFLICT DO UPDATE checks - table permissions and RLS policies in all cases (Dean Rasheed) - - - - The update path of INSERT ... ON CONFLICT DO UPDATE - requires SELECT permission on the columns of the - arbiter index, but it failed to check for that in the case of an - arbiter specified by constraint name. - In addition, for a table with row level security enabled, it failed to - check updated rows against the table's SELECT - policies (regardless of how the arbiter index was specified). - (CVE-2017-15099) - - - - - - Fix crash due to rowtype mismatch - in json{b}_populate_recordset() - (Michael Paquier, Tom Lane) - - - - These functions used the result rowtype specified in the FROM - ... AS clause without checking that it matched the actual - rowtype of the supplied tuple value. If it didn't, that would usually - result in a crash, though disclosure of server memory contents seems - possible as well. - (CVE-2017-15098) - - - - - - Fix sample server-start scripts to become $PGUSER - before opening $PGLOG (Noah Misch) - - - - Previously, the postmaster log file was opened while still running as - root. The database owner could therefore mount an attack against - another system user by making $PGLOG be a symbolic - link to some other file, which would then become corrupted by appending - log messages. - - - - By default, these scripts are not installed anywhere. Users who have - made use of them will need to manually recopy them, or apply the same - changes to their modified versions. If the - existing $PGLOG file is root-owned, it will need to - be removed or renamed out of the way before restarting the server with - the corrected script. - (CVE-2017-12172) - - - - - - Fix BRIN index summarization to handle concurrent table extension - correctly (Álvaro Herrera) - - - - Previously, a race condition allowed some table rows to be omitted from - the index. It may be necessary to reindex existing BRIN indexes to - recover from past occurrences of this problem. - - - - - - Fix possible failures during concurrent updates of a BRIN index - (Tom Lane) - - - - These race conditions could result in errors like invalid index - offnum or inconsistent range map. - - - - - - Fix crash when logical decoding is invoked from a SPI-using function, - in particular any function written in a PL language - (Tom Lane) - - - - - - Fix json_build_array(), - json_build_object(), and their jsonb - equivalents to handle explicit VARIADIC arguments - correctly (Michael Paquier) - - - - - - Properly reject attempts to convert infinite float values to - type numeric (Tom Lane, KaiGai Kohei) - - - - Previously the behavior was platform-dependent. - - - - - - Fix corner-case crashes when columns have been added to the end of a - view (Tom Lane) - - - - - - Record proper dependencies when a view or rule - contains FieldSelect - or FieldStore expression nodes (Tom Lane) - - - - Lack of these dependencies could allow a column or data - type DROP to go through when it ought to fail, - thereby causing later uses of the view or rule to get errors. - This patch does not do anything to protect existing views/rules, - only ones created in the future. - - - - - - Correctly detect hashability of range data types (Tom Lane) - - - - The planner mistakenly assumed that any range type could be hashed - for use in hash joins or hash aggregation, but actually it must check - whether the range's subtype has hash support. This does not affect any - of the built-in range types, since they're all hashable anyway. - - - - - - Correctly ignore RelabelType expression nodes - when determining relation distinctness (David Rowley) - - - - This allows the intended optimization to occur when a subquery has - a result column of type varchar. - - - - - - Fix low-probability loss of NOTIFY messages due to - XID wraparound (Marko Tiikkaja, Tom Lane) - - - - If a session executed no queries, but merely listened for - notifications, for more than 2 billion transactions, it started to miss - some notifications from concurrently-committing transactions. - - - - - - Avoid SIGBUS crash on Linux when a DSM memory - request exceeds the space available in tmpfs - (Thomas Munro) - - - - - - Prevent low-probability crash in processing of nested trigger firings - (Tom Lane) - - - - - - Allow COPY's FREEZE option to - work when the transaction isolation level is REPEATABLE - READ or higher (Noah Misch) - - - - This case was unintentionally broken by a previous bug fix. - - - - - - Correctly restore the umask setting when file creation fails - in COPY or lo_export() - (Peter Eisentraut) - - - - - - Give a better error message for duplicate column names - in ANALYZE (Nathan Bossart) - - - - - - Fix mis-parsing of the last line in a - non-newline-terminated pg_hba.conf file - (Tom Lane) - - - - - - Fix pg_basebackup's matching of tablespace - paths to canonicalize both paths before comparing (Michael Paquier) - - - - This is particularly helpful on Windows. - - - - - - Fix libpq to not require user's home - directory to exist (Tom Lane) - - - - In v10, failure to find the home directory while trying to - read ~/.pgpass was treated as a hard error, - but it should just cause that file to not be found. Both v10 and - previous release branches made the same mistake when - reading ~/.pg_service.conf, though this was less - obvious since that file is not sought unless a service name is - specified. - - - - - - Fix libpq to guard against integer - overflow in the row count of a PGresult - (Michael Paquier) - - - - - - Fix ecpg's handling of out-of-scope cursor - declarations with pointer or array variables (Michael Meskes) - - - - - - In ecpglib, correctly handle backslashes in string literals depending - on whether standard_conforming_strings is set - (Tsunakawa Takayuki) - - - - - - Make ecpglib's Informix-compatibility mode ignore fractional digits in - integer input strings, as expected (Gao Zengqi, Michael Meskes) - - - - - - Fix missing temp-install prerequisites - for check-like Make targets (Noah Misch) - - - - Some non-default test procedures that are meant to work - like make check failed to ensure that the temporary - installation was up to date. - - - - - - Sync our copy of the timezone library with IANA release tzcode2017c - (Tom Lane) - - - - This fixes various issues; the only one likely to be user-visible - is that the default DST rules for a POSIX-style zone name, if - no posixrules file exists in the timezone data - directory, now match current US law rather than what it was a dozen - years ago. - - - - - - Update time zone data files to tzdata - release 2017c for DST law changes in Fiji, Namibia, Northern Cyprus, - Sudan, Tonga, and Turks & Caicos Islands, plus historical - corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, - Namibia, and Pago Pago. - - - - - - - - - - Release 9.5.9 - - - Release date: - 2017-08-31 - - - - This release contains a small number of fixes from 9.5.8. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.9 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.8, - see . - - - - - Changes - - - - - - Show foreign tables - in information_schema.table_privileges - view (Peter Eisentraut) - - - - All other relevant information_schema views include - foreign tables, but this one ignored them. - - - - Since this view definition is installed by initdb, - merely upgrading will not fix the problem. If you need to fix this - in an existing installation, you can, as a superuser, do this - in psql: - -SET search_path TO information_schema; -CREATE OR REPLACE VIEW table_privileges AS - SELECT CAST(u_grantor.rolname AS sql_identifier) AS grantor, - CAST(grantee.rolname AS sql_identifier) AS grantee, - CAST(current_database() AS sql_identifier) AS table_catalog, - CAST(nc.nspname AS sql_identifier) AS table_schema, - CAST(c.relname AS sql_identifier) AS table_name, - CAST(c.prtype AS character_data) AS privilege_type, - CAST( - CASE WHEN - -- object owner always has grant options - pg_has_role(grantee.oid, c.relowner, 'USAGE') - OR c.grantable - THEN 'YES' ELSE 'NO' END AS yes_or_no) AS is_grantable, - CAST(CASE WHEN c.prtype = 'SELECT' THEN 'YES' ELSE 'NO' END AS yes_or_no) AS with_hierarchy - - FROM ( - SELECT oid, relname, relnamespace, relkind, relowner, (aclexplode(coalesce(relacl, acldefault('r', relowner)))).* FROM pg_class - ) AS c (oid, relname, relnamespace, relkind, relowner, grantor, grantee, prtype, grantable), - pg_namespace nc, - pg_authid u_grantor, - ( - SELECT oid, rolname FROM pg_authid - UNION ALL - SELECT 0::oid, 'PUBLIC' - ) AS grantee (oid, rolname) - - WHERE c.relnamespace = nc.oid - AND c.relkind IN ('r', 'v', 'f') - AND c.grantee = grantee.oid - AND c.grantor = u_grantor.oid - AND c.prtype IN ('INSERT', 'SELECT', 'UPDATE', 'DELETE', 'TRUNCATE', 'REFERENCES', 'TRIGGER') - AND (pg_has_role(u_grantor.oid, 'USAGE') - OR pg_has_role(grantee.oid, 'USAGE') - OR grantee.rolname = 'PUBLIC'); - - This must be repeated in each database to be fixed, - including template0. - - - - - - Clean up handling of a fatal exit (e.g., due to receipt - of SIGTERM) that occurs while trying to execute - a ROLLBACK of a failed transaction (Tom Lane) - - - - This situation could result in an assertion failure. In production - builds, the exit would still occur, but it would log an unexpected - message about cannot drop active portal. - - - - - - Remove assertion that could trigger during a fatal exit (Tom Lane) - - - - - - Correctly identify columns that are of a range type or domain type over - a composite type or domain type being searched for (Tom Lane) - - - - Certain ALTER commands that change the definition of a - composite type or domain type are supposed to fail if there are any - stored values of that type in the database, because they lack the - infrastructure needed to update or check such values. Previously, - these checks could miss relevant values that are wrapped inside range - types or sub-domains, possibly allowing the database to become - inconsistent. - - - - - - Fix crash in pg_restore when using parallel mode and - using a list file to select a subset of items to restore - (Fabrízio de Royes Mello) - - - - - - Change ecpg's parser to allow RETURNING - clauses without attached C variables (Michael Meskes) - - - - This allows ecpg programs to contain SQL constructs - that use RETURNING internally (for example, inside a CTE) - rather than using it to define values to be returned to the client. - - - - - - Improve selection of compiler flags for PL/Perl on Windows (Tom Lane) - - - - This fix avoids possible crashes of PL/Perl due to inconsistent - assumptions about the width of time_t values. - A side-effect that may be visible to extension developers is - that _USE_32BIT_TIME_T is no longer defined globally - in PostgreSQL Windows builds. This is not expected - to cause problems, because type time_t is not used - in any PostgreSQL API definitions. - - - - - - Fix make check to behave correctly when invoked via a - non-GNU make program (Thomas Munro) - - - - - - - - - - Release 9.5.8 - - - Release date: - 2017-08-10 - - - - This release contains a variety of fixes from 9.5.7. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.8 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.5.7, - see . - - - - - Changes - - - - - - Further restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Noah Misch) - - - - The fix for CVE-2017-7486 was incorrect: it allowed a user - to see the options in her own user mapping, even if she did not - have USAGE permission on the associated foreign server. - Such options might include a password that had been provided by the - server owner rather than the user herself. - Since information_schema.user_mapping_options does not - show the options in such cases, pg_user_mappings - should not either. - (CVE-2017-7547) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - you will need to do the following: - - - - - - Restart the postmaster after adding allow_system_table_mods - = true to postgresql.conf. (In versions - supporting ALTER SYSTEM, you can use that to make the - configuration change, but you'll still need a restart.) - - - - - - In each database of the cluster, - run the following commands as superuser: - -SET search_path = pg_catalog; -CREATE OR REPLACE VIEW pg_user_mappings AS - SELECT - U.oid AS umid, - S.oid AS srvid, - S.srvname AS srvname, - U.umuser AS umuser, - CASE WHEN U.umuser = 0 THEN - 'public' - ELSE - A.rolname - END AS usename, - CASE WHEN (U.umuser <> 0 AND A.rolname = current_user - AND (pg_has_role(S.srvowner, 'USAGE') - OR has_server_privilege(S.oid, 'USAGE'))) - OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE')) - OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user) - THEN U.umoptions - ELSE NULL END AS umoptions - FROM pg_user_mapping U - LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN - pg_foreign_server S ON (U.umserver = S.oid); - - - - - - - Do not forget to include the template0 - and template1 databases, or the vulnerability will still - exist in databases you create later. To fix template0, - you'll need to temporarily make it accept connections. - In PostgreSQL 9.5 and later, you can use - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; - - and then after fixing template0, undo that with - -ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; - - In prior versions, instead use - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - - Finally, remove the allow_system_table_mods configuration - setting, and again restart the postmaster. - - - - - - - - Disallow empty passwords in all password-based authentication methods - (Heikki Linnakangas) - - - - libpq ignores empty password specifications, and does - not transmit them to the server. So, if a user's password has been - set to the empty string, it's impossible to log in with that password - via psql or other libpq-based - clients. An administrator might therefore believe that setting the - password to empty is equivalent to disabling password login. - However, with a modified or non-libpq-based client, - logging in could be possible, depending on which authentication - method is configured. In particular the most common - method, md5, accepted empty passwords. - Change the server to reject empty passwords in all cases. - (CVE-2017-7546) - - - - - - Make lo_put() check for UPDATE privilege on - the target large object (Tom Lane, Michael Paquier) - - - - lo_put() should surely require the same permissions - as lowrite(), but the check was missing, allowing any - user to change the data in a large object. - (CVE-2017-7548) - - - - - - Correct the documentation about the process for upgrading standby - servers with pg_upgrade (Bruce Momjian) - - - - The previous documentation instructed users to start/stop the primary - server after running pg_upgrade but before syncing - the standby servers. This sequence is unsafe. - - - - - - Fix concurrent locking of tuple update chains (Álvaro Herrera) - - - - If several sessions concurrently lock a tuple update chain with - nonconflicting lock modes using an old snapshot, and they all - succeed, it was possible for some of them to nonetheless fail (and - conclude there is no live tuple version) due to a race condition. - This had consequences such as foreign-key checks failing to see a - tuple that definitely exists but is being updated concurrently. - - - - - - Fix potential data corruption when freezing a tuple whose XMAX is a - multixact with exactly one still-interesting member (Teodor Sigaev) - - - - - - Avoid integer overflow and ensuing crash when sorting more than one - billion tuples in-memory (Sergey Koposov) - - - - - - On Windows, retry process creation if we fail to reserve the address - range for our shared memory in the new process (Tom Lane, Amit - Kapila) - - - - This is expected to fix infrequent child-process-launch failures that - are probably due to interference from antivirus products. - - - - - - Fix low-probability corruption of shared predicate-lock hash table - in Windows builds (Thomas Munro, Tom Lane) - - - - - - Avoid logging clean closure of an SSL connection as though - it were a connection reset (Michael Paquier) - - - - - - Prevent sending SSL session tickets to clients (Tom Lane) - - - - This fix prevents reconnection failures with ticket-aware client-side - SSL code. - - - - - - Fix code for setting on - Solaris (Tom Lane) - - - - - - Fix statistics collector to honor inquiry messages issued just after - a postmaster shutdown and immediate restart (Tom Lane) - - - - Statistics inquiries issued within half a second of the previous - postmaster shutdown were effectively ignored. - - - - - - Ensure that the statistics collector's receive buffer size is at - least 100KB (Tom Lane) - - - - This reduces the risk of dropped statistics data on older platforms - whose default receive buffer size is less than that. - - - - - - Fix possible creation of an invalid WAL segment when a standby is - promoted just after it processes an XLOG_SWITCH WAL - record (Andres Freund) - - - - - - Fix walsender to exit promptly when client requests - shutdown (Tom Lane) - - - - - - Fix SIGHUP and SIGUSR1 handling in - walsender processes (Petr Jelinek, Andres Freund) - - - - - - Prevent walsender-triggered panics during shutdown checkpoints - (Andres Freund, Michael Paquier) - - - - - - Fix unnecessarily slow restarts of walreceiver - processes due to race condition in postmaster (Tom Lane) - - - - - - Fix leakage of small subtransactions spilled to disk during logical - decoding (Andres Freund) - - - - This resulted in temporary files consuming excessive disk space. - - - - - - Reduce the work needed to build snapshots during creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - The previous algorithm was infeasibly expensive on a server with a - lot of open transactions. - - - - - - Fix race condition that could indefinitely delay creation of - logical-decoding slots (Andres Freund, Petr Jelinek) - - - - - - Reduce overhead in processing syscache invalidation events (Tom Lane) - - - - This is particularly helpful for logical decoding, which triggers - frequent cache invalidation. - - - - - - Fix cases where an INSERT or UPDATE assigns - to more than one element of a column that is of domain-over-array - type (Tom Lane) - - - - - - Allow window functions to be used in sub-SELECTs that - are within the arguments of an aggregate function (Tom Lane) - - - - - - Move autogenerated array types out of the way during - ALTER ... RENAME (Vik Fearing) - - - - Previously, we would rename a conflicting autogenerated array type - out of the way during CREATE; this fix extends that - behavior to renaming operations. - - - - - - Fix dangling pointer in ALTER TABLE when there is a - comment on a constraint belonging to the table (David Rowley) - - - - Re-applying the comment to the reconstructed constraint could fail - with a weird error message, or even crash. - - - - - - Ensure that ALTER USER ... SET accepts all the syntax - variants that ALTER ROLE ... SET does (Peter Eisentraut) - - - - - - Properly update dependency info when changing a datatype I/O - function's argument or return type from opaque to the - correct type (Heikki Linnakangas) - - - - CREATE TYPE updates I/O functions declared in this - long-obsolete style, but it forgot to record a dependency on the - type, allowing a subsequent DROP TYPE to leave broken - function definitions behind. - - - - - - Reduce memory usage when ANALYZE processes - a tsvector column (Heikki Linnakangas) - - - - - - Fix unnecessary precision loss and sloppy rounding when multiplying - or dividing money values by integers or floats (Tom Lane) - - - - - - Tighten checks for whitespace in functions that parse identifiers, - such as regprocedurein() (Tom Lane) - - - - Depending on the prevailing locale, these functions could - misinterpret fragments of multibyte characters as whitespace. - - - - - - Use relevant #define symbols from Perl while - compiling PL/Perl (Ashutosh Sharma, Tom Lane) - - - - This avoids portability problems, typically manifesting as - a handshake mismatch during library load, when working with - recent Perl versions. - - - - - - In libpq, reset GSS/SASL and SSPI authentication - state properly after a failed connection attempt (Michael Paquier) - - - - Failure to do this meant that when falling back from SSL to non-SSL - connections, a GSS/SASL failure in the SSL attempt would always cause - the non-SSL attempt to fail. SSPI did not fail, but it leaked memory. - - - - - - In psql, fix failure when COPY FROM STDIN - is ended with a keyboard EOF signal and then another COPY - FROM STDIN is attempted (Thomas Munro) - - - - This misbehavior was observed on BSD-derived platforms (including - macOS), but not on most others. - - - - - - Fix pg_dump and pg_restore to - emit REFRESH MATERIALIZED VIEW commands last (Tom Lane) - - - - This prevents errors during dump/restore when a materialized view - refers to tables owned by a different user. - - - - - - Improve pg_dump/pg_restore's - reporting of error conditions originating in zlib - (Vladimir Kunschikov, Álvaro Herrera) - - - - - - Fix pg_dump with the - - - It also now correctly assigns ownership of event triggers; before, - they were restored as being owned by the superuser running the - restore script. - - - - - - Fix pg_dump to not emit invalid SQL for an empty - operator class (Daniel Gustafsson) - - - - - - Fix pg_dump output to stdout on Windows (Kuntal Ghosh) - - - - A compressed plain-text dump written to stdout would contain corrupt - data due to failure to put the file descriptor into binary mode. - - - - - - Fix pg_get_ruledef() to print correct output for - the ON SELECT rule of a view whose columns have been - renamed (Tom Lane) - - - - In some corner cases, pg_dump relies - on pg_get_ruledef() to dump views, so that this error - could result in dump/reload failures. - - - - - - Fix dumping of outer joins with empty constraints, such as the result - of a NATURAL LEFT JOIN with no common columns (Tom Lane) - - - - - - Fix dumping of function expressions in the FROM clause in - cases where the expression does not deparse into something that looks - like a function call (Tom Lane) - - - - - - Fix pg_basebackup output to stdout on Windows - (Haribabu Kommi) - - - - A backup written to stdout would contain corrupt data due to failure - to put the file descriptor into binary mode. - - - - - - Fix pg_rewind to correctly handle files exceeding 2GB - (Kuntal Ghosh, Michael Paquier) - - - - Ordinarily such files won't appear in PostgreSQL data - directories, but they could be present in some cases. - - - - - - Fix pg_upgrade to ensure that the ending WAL record - does not have = minimum - (Bruce Momjian) - - - - This condition could prevent upgraded standby servers from - reconnecting. - - - - - - Fix pg_xlogdump's computation of WAL record length - (Andres Freund) - - - - - - In postgres_fdw, re-establish connections to remote - servers after ALTER SERVER or ALTER USER - MAPPING commands (Kyotaro Horiguchi) - - - - This ensures that option changes affecting connection parameters will - be applied promptly. - - - - - - In postgres_fdw, allow cancellation of remote - transaction control commands (Robert Haas, Rafia Sabih) - - - - This change allows us to quickly escape a wait for an unresponsive - remote server in many more cases than previously. - - - - - - Increase MAX_SYSCACHE_CALLBACKS to provide more room for - extensions (Tom Lane) - - - - - - Always use - - - This supports larger extension libraries on platforms where it makes - a difference. - - - - - - - Fix unescaped-braces issue in our build scripts for Microsoft MSVC, - to avoid a warning or error from recent Perl versions (Andrew - Dunstan) - - - - - - In MSVC builds, handle the case where the openssl - library is not within a VC subdirectory (Andrew Dunstan) - - - - - - In MSVC builds, add proper include path for libxml2 - header files (Andrew Dunstan) - - - - This fixes a former need to move things around in standard Windows - installations of libxml2. - - - - - - In MSVC builds, recognize a Tcl library that is - named tcl86.lib (Noah Misch) - - - - - - In MSVC builds, honor PROVE_FLAGS settings - on vcregress.pl's command line (Andrew Dunstan) - - - - - - - - - - Release 9.5.7 - - - Release date: - 2017-05-11 - - - - This release contains a variety of fixes from 9.5.6. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.7 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you use foreign data servers that make use of user - passwords for authentication, see the first changelog entry below. - - - - Also, if you are using third-party replication tools that depend - on logical decoding, see the fourth changelog entry below. - - - - Also, if you are upgrading from a version earlier than 9.5.6, - see . - - - - - Changes - - - - - - Restrict visibility - of pg_user_mappings.umoptions, to - protect passwords stored as user mapping options - (Michael Paquier, Feike Steenbergen) - - - - The previous coding allowed the owner of a foreign server object, - or anyone he has granted server USAGE permission to, - to see the options for all user mappings associated with that server. - This might well include passwords for other users. - Adjust the view definition to match the behavior of - information_schema.user_mapping_options, namely that - these options are visible to the user being mapped, or if the mapping - is for PUBLIC and the current user is the server - owner, or if the current user is a superuser. - (CVE-2017-7486) - - - - By itself, this patch will only fix the behavior in newly initdb'd - databases. If you wish to apply this change in an existing database, - follow the corrected procedure shown in the changelog entry for - CVE-2017-7547, in . - - - - - - Prevent exposure of statistical information via leaky operators - (Peter Eisentraut) - - - - Some selectivity estimation functions in the planner will apply - user-defined operators to values obtained - from pg_statistic, such as most common values and - histogram entries. This occurs before table permissions are checked, - so a nefarious user could exploit the behavior to obtain these values - for table columns he does not have permission to read. To fix, - fall back to a default estimate if the operator's implementation - function is not certified leak-proof and the calling user does not have - permission to read the table column whose statistics are needed. - At least one of these criteria is satisfied in most cases in practice. - (CVE-2017-7484) - - - - - - Restore libpq's recognition of - the PGREQUIRESSL environment variable (Daniel Gustafsson) - - - - Processing of this environment variable was unintentionally dropped - in PostgreSQL 9.3, but its documentation remained. - This creates a security hazard, since users might be relying on the - environment variable to force SSL-encrypted connections, but that - would no longer be guaranteed. Restore handling of the variable, - but give it lower priority than PGSSLMODE, to avoid - breaking configurations that work correctly with post-9.3 code. - (CVE-2017-7485) - - - - - - Fix possibly-invalid initial snapshot during logical decoding - (Petr Jelinek, Andres Freund) - - - - The initial snapshot created for a logical decoding replication slot - was potentially incorrect. This could cause third-party tools that - use logical decoding to copy incomplete/inconsistent initial data. - This was more likely to happen if the source server was busy at the - time of slot creation, or if another logical slot already existed. - - - - If you are using a replication tool that depends on logical decoding, - and it should have copied a nonempty data set at the start of - replication, it is advisable to recreate the replica after - installing this update, or to verify its contents against the source - server. - - - - - - Fix possible corruption of init forks of unlogged indexes - (Robert Haas, Michael Paquier) - - - - This could result in an unlogged index being set to an invalid state - after a crash and restart. Such a problem would persist until the - index was dropped and rebuilt. - - - - - - Fix incorrect reconstruction of pg_subtrans entries - when a standby server replays a prepared but uncommitted two-phase - transaction (Tom Lane) - - - - In most cases this turned out to have no visible ill effects, but in - corner cases it could result in circular references - in pg_subtrans, potentially causing infinite loops - in queries that examine rows modified by the two-phase transaction. - - - - - - Avoid possible crash in walsender due to failure - to initialize a string buffer (Stas Kelvich, Fujii Masao) - - - - - - Fix possible crash when rescanning a nearest-neighbor index-only scan - on a GiST index (Tom Lane) - - - - - - Fix postmaster's handling of fork() failure for a - background worker process (Tom Lane) - - - - Previously, the postmaster updated portions of its state as though - the process had been launched successfully, resulting in subsequent - confusion. - - - - - - - Fix crash or wrong answers when a GROUPING SETS column's - data type is hashable but not sortable (Pavan Deolasee) - - - - - - Avoid applying physical targetlist optimization to custom - scans (Dmitry Ivanov, Tom Lane) - - - - This optimization supposed that retrieving all columns of a tuple - is inexpensive, which is true for ordinary Postgres tuples; but it - might not be the case for a custom scan provider. - - - - - - Use the correct sub-expression when applying a FOR ALL - row-level-security policy (Stephen Frost) - - - - In some cases the WITH CHECK restriction would be applied - when the USING restriction is more appropriate. - - - - - - Ensure parsing of queries in extension scripts sees the results of - immediately-preceding DDL (Julien Rouhaud, Tom Lane) - - - - Due to lack of a cache flush step between commands in an extension - script file, non-utility queries might not see the effects of an - immediately preceding catalog change, such as ALTER TABLE - ... RENAME. - - - - - - Skip tablespace privilege checks when ALTER TABLE ... ALTER - COLUMN TYPE rebuilds an existing index (Noah Misch) - - - - The command failed if the calling user did not currently have - CREATE privilege for the tablespace containing the index. - That behavior seems unhelpful, so skip the check, allowing the - index to be rebuilt where it is. - - - - - - Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse - to child tables when the constraint is marked NO INHERIT - (Amit Langote) - - - - This fix prevents unwanted constraint does not exist failures - when no matching constraint is present in the child tables. - - - - - - Avoid dangling pointer in COPY ... TO when row-level - security is active for the source table (Tom Lane) - - - - Usually this had no ill effects, but sometimes it would cause - unexpected errors or crashes. - - - - - - Avoid accessing an already-closed relcache entry in CLUSTER - and VACUUM FULL (Tom Lane) - - - - With some bad luck, this could lead to indexes on the target - relation getting rebuilt with the wrong persistence setting. - - - - - - Fix VACUUM to account properly for pages that could not - be scanned due to conflicting page pins (Andrew Gierth) - - - - This tended to lead to underestimation of the number of tuples in - the table. In the worst case of a small heavily-contended - table, VACUUM could incorrectly report that the table - contained no tuples, leading to very bad planning choices. - - - - - - Ensure that bulk-tuple-transfer loops within a hash join are - interruptible by query cancel requests (Tom Lane, Thomas Munro) - - - - - - Fix integer-overflow problems in interval comparison (Kyotaro - Horiguchi, Tom Lane) - - - - The comparison operators for type interval could yield wrong - answers for intervals larger than about 296000 years. Indexes on - columns containing such large values should be reindexed, since they - may be corrupt. - - - - - - Fix cursor_to_xml() to produce valid output - with tableforest = false - (Thomas Munro, Peter Eisentraut) - - - - Previously it failed to produce a wrapping <table> - element. - - - - - - Fix roundoff problems in float8_timestamptz() - and make_interval() (Tom Lane) - - - - These functions truncated, rather than rounded, when converting a - floating-point value to integer microseconds; that could cause - unexpectedly off-by-one results. - - - - - - Fix pg_get_object_address() to handle members of operator - families correctly (Álvaro Herrera) - - - - - - Improve performance of pg_timezone_names view - (Tom Lane, David Rowley) - - - - - - Reduce memory management overhead for contexts containing many large - blocks (Tom Lane) - - - - - - Fix sloppy handling of corner-case errors from lseek() - and close() (Tom Lane) - - - - Neither of these system calls are likely to fail in typical situations, - but if they did, fd.c could get quite confused. - - - - - - Fix incorrect check for whether postmaster is running as a Windows - service (Michael Paquier) - - - - This could result in attempting to write to the event log when that - isn't accessible, so that no logging happens at all. - - - - - - Fix ecpg to support COMMIT PREPARED - and ROLLBACK PREPARED (Masahiko Sawada) - - - - - - Fix a double-free error when processing dollar-quoted string literals - in ecpg (Michael Meskes) - - - - - - In pg_dump, fix incorrect schema and owner marking for - comments and security labels of some types of database objects - (Giuseppe Broccolo, Tom Lane) - - - - In simple cases this caused no ill effects; but for example, a - schema-selective restore might omit comments it should include, because - they were not marked as belonging to the schema of their associated - object. - - - - - - Avoid emitting an invalid list file in pg_restore -l - when SQL object names contain newlines (Tom Lane) - - - - Replace newlines by spaces, which is sufficient to make the output - valid for pg_restore -L's purposes. - - - - - - Fix pg_upgrade to transfer comments and security labels - attached to large objects (blobs) (Stephen Frost) - - - - Previously, blobs were correctly transferred to the new database, but - any comments or security labels attached to them were lost. - - - - - - Improve error handling - in contrib/adminpack's pg_file_write() - function (Noah Misch) - - - - Notably, it failed to detect errors reported - by fclose(). - - - - - - In contrib/dblink, avoid leaking the previous unnamed - connection when establishing a new unnamed connection (Joe Conway) - - - - - - Fix contrib/pg_trgm's extraction of trigrams from regular - expressions (Tom Lane) - - - - In some cases it would produce a broken data structure that could never - match anything, leading to GIN or GiST indexscans that use a trigram - index not finding any matches to the regular expression. - - - - - - - In contrib/postgres_fdw, - transmit query cancellation requests to the remote server - (Michael Paquier, Etsuro Fujita) - - - - Previously, a local query cancellation request did not cause an - already-sent remote query to terminate early. This is a back-patch - of work originally done for 9.6. - - - - - - Support Tcl 8.6 in MSVC builds (Álvaro Herrera) - - - - - - Sync our copy of the timezone library with IANA release tzcode2017b - (Tom Lane) - - - - This fixes a bug affecting some DST transitions in January 2038. - - - - - - Update time zone data files to tzdata release 2017b - for DST law changes in Chile, Haiti, and Mongolia, plus historical - corrections for Ecuador, Kazakhstan, Liberia, and Spain. - Switch to numeric abbreviations for numerous time zones in South - America, the Pacific and Indian oceans, and some Asian and Middle - Eastern countries. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - - - Use correct daylight-savings rules for POSIX-style time zone names - in MSVC builds (David Rowley) - - - - The Microsoft MSVC build scripts neglected to install - the posixrules file in the timezone directory tree. - This resulted in the timezone code falling back to its built-in - rule about what DST behavior to assume for a POSIX-style time zone - name. For historical reasons that still corresponds to the DST rules - the USA was using before 2007 (i.e., change on first Sunday in April - and last Sunday in October). With this fix, a POSIX-style zone name - will use the current and historical DST transition dates of - the US/Eastern zone. If you don't want that, remove - the posixrules file, or replace it with a copy of some - other zone file (see ). Note that - due to caching, you may need to restart the server to get such changes - to take effect. - - - - - - - - - - Release 9.5.6 - - - Release date: - 2017-02-09 - - - - This release contains a variety of fixes from 9.5.5. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.6 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted indexes. - - - - Also, if you are upgrading from a version earlier than 9.5.5, - see . - - - - - Changes - - - - - - Fix a race condition that could cause indexes built - with CREATE INDEX CONCURRENTLY to be corrupt - (Pavan Deolasee, Tom Lane) - - - - If CREATE INDEX CONCURRENTLY was used to build an index - that depends on a column not previously indexed, then rows - updated by transactions that ran concurrently with - the CREATE INDEX command could have received incorrect - index entries. If you suspect this may have happened, the most - reliable solution is to rebuild affected indexes after installing - this update. - - - - - - Ensure that the special snapshot used for catalog scans is not - invalidated by premature data pruning (Tom Lane) - - - - Backends failed to account for this snapshot when advertising their - oldest xmin, potentially allowing concurrent vacuuming operations to - remove data that was still needed. This led to transient failures - along the lines of cache lookup failed for relation 1255. - - - - - - Fix incorrect WAL logging for BRIN indexes (Kuntal Ghosh) - - - - The WAL record emitted for a BRIN revmap page when moving an - index tuple to a different page was incorrect. Replay would make the - related portion of the index useless, forcing it to be recomputed. - - - - - - Unconditionally WAL-log creation of the init fork for an - unlogged table (Michael Paquier) - - - - Previously, this was skipped when - = minimal, but actually it's necessary even in that case - to ensure that the unlogged table is properly reset to empty after a - crash. - - - - - - - Reduce interlocking on standby servers during the replay of btree - index vacuuming operations (Simon Riggs) - - - - This change avoids substantial replication delays that sometimes - occurred while replaying such operations. - - - - - - If the stats collector dies during hot standby, restart it (Takayuki - Tsunakawa) - - - - - - Ensure that hot standby feedback works correctly when it's enabled at - standby server start (Ants Aasma, Craig Ringer) - - - - - - Check for interrupts while hot standby is waiting for a conflicting - query (Simon Riggs) - - - - - - Avoid constantly respawning the autovacuum launcher in a corner case - (Amit Khandekar) - - - - This fix avoids problems when autovacuum is nominally off and there - are some tables that require freezing, but all such tables are - already being processed by autovacuum workers. - - - - - - Fix check for when an extension member object can be dropped (Tom Lane) - - - - Extension upgrade scripts should be able to drop member objects, - but this was disallowed for serial-column sequences, and possibly - other cases. - - - - - - Make sure ALTER TABLE preserves index tablespace - assignments when rebuilding indexes (Tom Lane, Michael Paquier) - - - - Previously, non-default settings - of could result in broken - indexes. - - - - - - Fix incorrect updating of trigger function properties when changing a - foreign-key constraint's deferrability properties with ALTER - TABLE ... ALTER CONSTRAINT (Tom Lane) - - - - This led to odd failures during subsequent exercise of the foreign - key, as the triggers were fired at the wrong times. - - - - - - Prevent dropping a foreign-key constraint if there are pending - trigger events for the referenced relation (Tom Lane) - - - - This avoids could not find trigger NNN - or relation NNN has no triggers errors. - - - - - - Fix ALTER TABLE ... SET DATA TYPE ... USING when child - table has different column ordering than the parent - (Álvaro Herrera) - - - - Failure to adjust the column numbering in the USING - expression led to errors, - typically attribute N has wrong type. - - - - - - Fix processing of OID column when a table with OIDs is associated to - a parent with OIDs via ALTER TABLE ... INHERIT (Amit - Langote) - - - - The OID column should be treated the same as regular user columns in - this case, but it wasn't, leading to odd behavior in later - inheritance changes. - - - - - - Fix CREATE OR REPLACE VIEW to update the view query - before attempting to apply the new view options (Dean Rasheed) - - - - Previously the command would fail if the new options were - inconsistent with the old view definition. - - - - - - Report correct object identity during ALTER TEXT SEARCH - CONFIGURATION (Artur Zakirov) - - - - The wrong catalog OID was reported to extensions such as logical - decoding. - - - - - - Fix commit timestamp mechanism to not fail when queried about - the special XIDs FrozenTransactionId - and BootstrapTransactionId (Craig Ringer) - - - - - - - Check for serializability conflicts before reporting - constraint-violation failures (Thomas Munro) - - - - When using serializable transaction isolation, it is desirable - that any error due to concurrent transactions should manifest - as a serialization failure, thereby cueing the application that - a retry might succeed. Unfortunately, this does not reliably - happen for duplicate-key failures caused by concurrent insertions. - This change ensures that such an error will be reported as a - serialization error if the application explicitly checked for - the presence of a conflicting key (and did not find it) earlier - in the transaction. - - - - - - Fix incorrect use of view reloptions as regular table reloptions (Tom - Lane) - - - - The symptom was spurious ON CONFLICT is not supported on table - ... used as a catalog table errors when the target - of INSERT ... ON CONFLICT is a view with cascade option. - - - - - - Fix incorrect target lists can have at most N - entries complaint when using ON CONFLICT with - wide tables (Tom Lane) - - - - - - Prevent multicolumn expansion of foo.* in - an UPDATE source expression (Tom Lane) - - - - This led to UPDATE target count mismatch --- internal - error. Now the syntax is understood as a whole-row variable, - as it would be in other contexts. - - - - - - Ensure that column typmods are determined accurately for - multi-row VALUES constructs (Tom Lane) - - - - This fixes problems occurring when the first value in a column has a - determinable typmod (e.g., length for a varchar value) but - later values don't share the same limit. - - - - - - Throw error for an unfinished Unicode surrogate pair at the end of a - Unicode string (Tom Lane) - - - - Normally, a Unicode surrogate leading character must be followed by a - Unicode surrogate trailing character, but the check for this was - missed if the leading character was the last character in a Unicode - string literal (U&'...') or Unicode identifier - (U&"..."). - - - - - - Ensure that a purely negative text search query, such - as !foo, matches empty tsvectors (Tom Dunstan) - - - - Such matches were found by GIN index searches, but not by sequential - scans or GiST index searches. - - - - - - Prevent crash when ts_rewrite() replaces a non-top-level - subtree with an empty query (Artur Zakirov) - - - - - - Fix performance problems in ts_rewrite() (Tom Lane) - - - - - - Fix ts_rewrite()'s handling of nested NOT operators - (Tom Lane) - - - - - - Improve speed of user-defined aggregates that - use array_append() as transition function (Tom Lane) - - - - - - Fix array_fill() to handle empty arrays properly (Tom Lane) - - - - - - Fix possible crash in array_position() - or array_positions() when processing arrays of records - (Junseok Yang) - - - - - - Fix one-byte buffer overrun in quote_literal_cstr() - (Heikki Linnakangas) - - - - The overrun occurred only if the input consisted entirely of single - quotes and/or backslashes. - - - - - - Prevent multiple calls of pg_start_backup() - and pg_stop_backup() from running concurrently (Michael - Paquier) - - - - This avoids an assertion failure, and possibly worse things, if - someone tries to run these functions in parallel. - - - - - - Disable transform that attempted to remove no-op AT TIME - ZONE conversions (Tom Lane) - - - - This resulted in wrong answers when the simplified expression was - used in an index condition. - - - - - - Avoid discarding interval-to-interval casts - that aren't really no-ops (Tom Lane) - - - - In some cases, a cast that should result in zeroing out - low-order interval fields was mistakenly deemed to be a - no-op and discarded. An example is that casting from INTERVAL - MONTH to INTERVAL YEAR failed to clear the months field. - - - - - - Fix bugs in transmitting GUC parameter values to parallel workers - (Michael Paquier, Tom Lane) - - - - - - Ensure that cached plans are invalidated by changes in foreign-table - options (Amit Langote, Etsuro Fujita, Ashutosh Bapat) - - - - - - Fix pg_dump to dump user-defined casts and transforms - that use built-in functions (Stephen Frost) - - - - - - Fix pg_restore with - - - This doesn't fix any live bug, but it may improve the behavior in - future if pg_restore is used with an archive - generated by a later pg_dump version. - - - - - - Fix pg_basebackup's rate limiting in the presence of - slow I/O (Antonin Houska) - - - - If disk I/O was transiently much slower than the specified rate - limit, the calculation overflowed, effectively disabling the rate - limit for the rest of the run. - - - - - - Fix pg_basebackup's handling of - symlinked pg_stat_tmp and pg_replslot - subdirectories (Magnus Hagander, Michael Paquier) - - - - - - Fix possible pg_basebackup failure on standby - server when including WAL files (Amit Kapila, Robert Haas) - - - - - - Fix possible mishandling of expanded arrays in domain check - constraints and CASE execution (Tom Lane) - - - - It was possible for a PL/pgSQL function invoked in these contexts to - modify or even delete an array value that needs to be preserved for - additional operations. - - - - - - Fix nested uses of PL/pgSQL functions in contexts such as domain - check constraints evaluated during assignment to a PL/pgSQL variable - (Tom Lane) - - - - - - Ensure that the Python exception objects we create for PL/Python are - properly reference-counted (Rafa de la Torre, Tom Lane) - - - - This avoids failures if the objects are used after a Python garbage - collection cycle has occurred. - - - - - - Fix PL/Tcl to support triggers on tables that have .tupno - as a column name (Tom Lane) - - - - This matches the (previously undocumented) behavior of - PL/Tcl's spi_exec and spi_execp commands, - namely that a magic .tupno column is inserted only if - there isn't a real column named that. - - - - - - Allow DOS-style line endings in ~/.pgpass files, - even on Unix (Vik Fearing) - - - - This change simplifies use of the same password file across Unix and - Windows machines. - - - - - - Fix one-byte buffer overrun if ecpg is given a file - name that ends with a dot (Takayuki Tsunakawa) - - - - - - Fix psql's tab completion for ALTER DEFAULT - PRIVILEGES (Gilles Darold, Stephen Frost) - - - - - - In psql, treat an empty or all-blank setting of - the PAGER environment variable as meaning no - pager (Tom Lane) - - - - Previously, such a setting caused output intended for the pager to - vanish entirely. - - - - - - Improve contrib/dblink's reporting of - low-level libpq errors, such as out-of-memory - (Joe Conway) - - - - - - Teach contrib/dblink to ignore irrelevant server options - when it uses a contrib/postgres_fdw foreign server as - the source of connection options (Corey Huinker) - - - - Previously, if the foreign server object had options that were not - also libpq connection options, an error occurred. - - - - - - Fix portability problems in contrib/pageinspect's - functions for GIN indexes (Peter Eisentraut, Tom Lane) - - - - - - On Windows, ensure that environment variable changes are propagated - to DLLs built with debug options (Christian Ullrich) - - - - - - Sync our copy of the timezone library with IANA release tzcode2016j - (Tom Lane) - - - - This fixes various issues, most notably that timezone data - installation failed if the target directory didn't support hard - links. - - - - - - Update time zone data files to tzdata release 2016j - for DST law changes in northern Cyprus (adding a new zone - Asia/Famagusta), Russia (adding a new zone Europe/Saratov), Tonga, - and Antarctica/Casey. - Historical corrections for Italy, Kazakhstan, Malta, and Palestine. - Switch to preferring numeric zone abbreviations for Tonga. - - - - - - - - - - Release 9.5.5 - - - Release date: - 2016-10-27 - - - - This release contains a variety of fixes from 9.5.4. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.5 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if your installation has been affected by the bug described in - the first changelog entry below, then after updating you may need - to take action to repair corrupted free space maps. - - - - Also, if you are upgrading from a version earlier than 9.5.2, - see . - - - - - Changes - - - - - - Fix WAL-logging of truncation of relation free space maps and - visibility maps (Pavan Deolasee, Heikki Linnakangas) - - - - It was possible for these files to not be correctly restored during - crash recovery, or to be written incorrectly on a standby server. - Bogus entries in a free space map could lead to attempts to access - pages that have been truncated away from the relation itself, typically - producing errors like could not read block XXX: - read only 0 of 8192 bytes. Checksum failures in the - visibility map are also possible, if checksumming is enabled. - - - - Procedures for determining whether there is a problem and repairing it - if so are discussed at - . - - - - - - - Fix incorrect creation of GIN index WAL records on big-endian machines - (Tom Lane) - - - - The typical symptom was unexpected GIN leaf action errors - during WAL replay. - - - - - - - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that - have been updated by a subsequently-aborted transaction - (Álvaro Herrera) - - - - In 9.5 and later, the SELECT would sometimes fail to - return such tuples at all. A failure has not been proven to occur in - earlier releases, but might be possible with concurrent updates. - - - - - - - Fix EvalPlanQual rechecks involving CTE scans (Tom Lane) - - - - The recheck would always see the CTE as returning no rows, typically - leading to failure to update rows that were recently updated. - - - - - - - Fix deletion of speculatively inserted TOAST tuples when backing out - of INSERT ... ON CONFLICT (Oskari Saarenmaa) - - - - In the race condition where two transactions try to insert conflicting - tuples at about the same time, the loser would fail with - an attempted to delete invisible tuple error if its - insertion included any TOAST'ed fields. - - - - - - Don't throw serialization errors for self-conflicting insertions - in INSERT ... ON CONFLICT (Thomas Munro, Peter Geoghegan) - - - - - - - Fix improper repetition of previous results from hashed aggregation in - a subquery (Andrew Gierth) - - - - The test to see if we can reuse a previously-computed hash table of - the aggregate state values neglected the possibility of an outer query - reference appearing in an aggregate argument expression. A change in - the value of such a reference should lead to recalculating the hash - table, but did not. - - - - - - - Fix query-lifespan memory leak in a bulk UPDATE on a table - with a PRIMARY KEY or REPLICA IDENTITY index - (Tom Lane) - - - - - - Fix COPY with a column name list from a table that has - row-level security enabled (Adam Brightwell) - - - - - - Fix EXPLAIN to emit valid XML when - is on (Markus Winand) - - - - Previously the XML output-format option produced syntactically invalid - tags such as <I/O-Read-Time>. That is now - rendered as <I-O-Read-Time>. - - - - - - - Suppress printing of zeroes for unmeasured times - in EXPLAIN (Maksim Milyutin) - - - - Certain option combinations resulted in printing zero values for times - that actually aren't ever measured in that combination. Our general - policy in EXPLAIN is not to print such fields at all, so - do that consistently in all cases. - - - - - - Fix statistics update for TRUNCATE in a prepared - transaction (Stas Kelvich) - - - - - - - Fix timeout length when VACUUM is waiting for exclusive - table lock so that it can truncate the table (Simon Riggs) - - - - The timeout was meant to be 50 milliseconds, but it was actually only - 50 microseconds, causing VACUUM to give up on truncation - much more easily than intended. Set it to the intended value. - - - - - - Fix bugs in merging inherited CHECK constraints while - creating or altering a table (Tom Lane, Amit Langote) - - - - Allow identical CHECK constraints to be added to a parent - and child table in either order. Prevent merging of a valid - constraint from the parent table with a NOT VALID - constraint on the child. Likewise, prevent merging of a NO - INHERIT child constraint with an inherited constraint. - - - - - - Show a sensible value - in pg_settings.unit - for min_wal_size and max_wal_size (Tom Lane) - - - - - - - Remove artificial restrictions on the values accepted - by numeric_in() and numeric_recv() - (Tom Lane) - - - - We allow numeric values up to the limit of the storage format (more - than 1e100000), so it seems fairly pointless - that numeric_in() rejected scientific-notation exponents - above 1000. Likewise, it was silly for numeric_recv() to - reject more than 1000 digits in an input value. - - - - - - Avoid very-low-probability data corruption due to testing tuple - visibility without holding buffer lock (Thomas Munro, Peter Geoghegan, - Tom Lane) - - - - - - Preserve commit timestamps across server restart - (Julien Rouhaud, Craig Ringer) - - - - With turned on, old - commit timestamps became inaccessible after a clean server restart. - - - - - - Fix logical WAL decoding to work properly when a subtransaction's WAL - output is large enough to spill to disk (Andres Freund) - - - - - - - Fix possible sorting error when aborting use of abbreviated keys - (Peter Geoghegan) - - - - In the worst case, this could result in a corrupt btree index, which - would need to be rebuilt using REINDEX. However, the - situation is believed to be rare. - - - - - - - Fix file descriptor leakage when truncating a temporary relation of - more than 1GB (Andres Freund) - - - - - - - Disallow starting a standalone backend with standby_mode - turned on (Michael Paquier) - - - - This can't do anything useful, since there will be no WAL receiver - process to fetch more WAL data; and it could result in misbehavior - in code that wasn't designed with this situation in mind. - - - - - - - Properly initialize replication slot state when recycling a - previously-used slot (Michael Paquier) - - - - This failure to reset all of the fields of the slot could - prevent VACUUM from removing dead tuples. - - - - - - Round shared-memory allocation request to a multiple of the actual - huge page size when attempting to use huge pages on Linux (Tom Lane) - - - - This avoids possible failures during munmap() on systems - with atypical default huge page sizes. Except in crash-recovery - cases, there were no ill effects other than a log message. - - - - - - - Use a more random value for the dynamic shared memory control - segment's ID (Robert Haas, Tom Lane) - - - - Previously, the same value would be chosen every time, because it was - derived from random() but srandom() had not - yet been called. While relatively harmless, this was not the intended - behavior. - - - - - - - On Windows, retry creation of the dynamic shared memory control - segment after an access-denied error (Kyotaro Horiguchi, Amit Kapila) - - - - Windows sometimes returns ERROR_ACCESS_DENIED rather - than ERROR_ALREADY_EXISTS when there is an existing - segment. This led to postmaster startup failure due to believing that - the former was an unrecoverable error. - - - - - - - Fix PL/pgSQL to not misbehave with parameters and - local variables of type int2vector or oidvector - (Tom Lane) - - - - - - Don't try to share SSL contexts across multiple connections - in libpq (Heikki Linnakangas) - - - - This led to assorted corner-case bugs, particularly when trying to use - different SSL parameters for different connections. - - - - - - Avoid corner-case memory leak in libpq (Tom Lane) - - - - The reported problem involved leaking an error report - during PQreset(), but there might be related cases. - - - - - - - Make ecpg's - - - - - - Fix pgbench's calculation of average latency - (Fabien Coelho) - - - - The calculation was incorrect when there were \sleep - commands in the script, or when the test duration was specified in - number of transactions rather than total time. - - - - - - In pg_upgrade, check library loadability in name order - (Tom Lane) - - - - This is a workaround to deal with cross-extension dependencies from - language transform modules to their base language and data type - modules. - - - - - - - In pg_dump, never dump range constructor functions - (Tom Lane) - - - - This oversight led to pg_upgrade failures with - extensions containing range types, due to duplicate creation of the - constructor functions. - - - - - - - In pg_dump with - - - - - - Make pg_receivexlog work correctly - with - - - - - Disallow specifying both - - - - - Make pg_rewind turn off synchronous_commit - in its session on the source server (Michael Banck, Michael Paquier) - - - - This allows pg_rewind to work even when the source - server is using synchronous replication that is not working for some - reason. - - - - - - In pg_xlogdump, retry opening new WAL segments when - using - - - This allows for a possible delay in the server's creation of the next - segment. - - - - - - - Fix pg_xlogdump to cope with a WAL file that begins - with a continuation record spanning more than one page (Pavan - Deolasee) - - - - - - - Fix contrib/pg_buffercache to work - when shared_buffers exceeds 256GB (KaiGai Kohei) - - - - - - - Fix contrib/intarray/bench/bench.pl to print the results - of the EXPLAIN it does when given the - - - - - - Support OpenSSL 1.1.0 (Heikki Linnakangas) - - - - - - - Install TAP test infrastructure so that it's available for extension - testing (Craig Ringer) - - - - When PostgreSQL has been configured - with - - - - - - In MSVC builds, include pg_recvlogical in a - client-only installation (MauMau) - - - - - - - Update Windows time zone mapping to recognize some time zone names - added in recent Windows versions (Michael Paquier) - - - - - - - Prevent failure of obsolete dynamic time zone abbreviations (Tom Lane) - - - - If a dynamic time zone abbreviation does not match any entry in the - referenced time zone, treat it as equivalent to the time zone name. - This avoids unexpected failures when IANA removes abbreviations from - their time zone database, as they did in tzdata - release 2016f and seem likely to do again in the future. The - consequences were not limited to not recognizing the individual - abbreviation; any mismatch caused - the pg_timezone_abbrevs view to fail altogether. - - - - - - Update time zone data files to tzdata release 2016h - for DST law changes in Palestine and Turkey, plus historical - corrections for Turkey and some regions of Russia. - Switch to numeric abbreviations for some time zones in Antarctica, - the former Soviet Union, and Sri Lanka. - - - - The IANA time zone database previously provided textual abbreviations - for all time zones, sometimes making up abbreviations that have little - or no currency among the local population. They are in process of - reversing that policy in favor of using numeric UTC offsets in zones - where there is no evidence of real-world use of an English - abbreviation. At least for the time being, PostgreSQL - will continue to accept such removed abbreviations for timestamp input. - But they will not be shown in the pg_timezone_names - view nor used for output. - - - - In this update, AMT is no longer shown as being in use to - mean Armenia Time. Therefore, we have changed the Default - abbreviation set to interpret it as Amazon Time, thus UTC-4 not UTC+4. - - - - - - - - - - Release 9.5.4 - - - Release date: - 2016-08-11 - - - - This release contains a variety of fixes from 9.5.3. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.4 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.2, - see . - - - - - Changes - - - - - - - Fix possible mis-evaluation of - nested CASE-WHEN expressions (Heikki - Linnakangas, Michael Paquier, Tom Lane) - - - - A CASE expression appearing within the test value - subexpression of another CASE could become confused about - whether its own test value was null or not. Also, inlining of a SQL - function implementing the equality operator used by - a CASE expression could result in passing the wrong test - value to functions called within a CASE expression in the - SQL function's body. If the test values were of different data - types, a crash might result; moreover such situations could be abused - to allow disclosure of portions of server memory. (CVE-2016-5423) - - - - - - - Fix client programs' handling of special characters in database and - role names (Noah Misch, Nathan Bossart, Michael Paquier) - - - - Numerous places in vacuumdb and other client programs - could become confused by database and role names containing double - quotes or backslashes. Tighten up quoting rules to make that safe. - Also, ensure that when a conninfo string is used as a database name - parameter to these programs, it is correctly treated as such throughout. - - - - Fix handling of paired double quotes - in psql's \connect - and \password commands to match the documentation. - - - - Introduce a new - - - pg_dumpall now refuses to deal with database and role - names containing carriage returns or newlines, as it seems impractical - to quote those characters safely on Windows. In future we may reject - such names on the server side, but that step has not been taken yet. - - - - These are considered security fixes because crafted object names - containing special characters could have been used to execute - commands with superuser privileges the next time a superuser - executes pg_dumpall or other routine maintenance - operations. (CVE-2016-5424) - - - - - - - Fix corner-case misbehaviors for IS NULL/IS NOT - NULL applied to nested composite values (Andrew Gierth, Tom Lane) - - - - The SQL standard specifies that IS NULL should return - TRUE for a row of all null values (thus ROW(NULL,NULL) IS - NULL yields TRUE), but this is not meant to apply recursively - (thus ROW(NULL, ROW(NULL,NULL)) IS NULL yields FALSE). - The core executor got this right, but certain planner optimizations - treated the test as recursive (thus producing TRUE in both cases), - and contrib/postgres_fdw could produce remote queries - that misbehaved similarly. - - - - - - - Fix unrecognized node type error for INSERT ... ON - CONFLICT within a recursive CTE (a WITH item) (Peter - Geoghegan) - - - - - - - Fix INSERT ... ON CONFLICT to successfully match index - expressions or index predicates that are simplified during the - planner's expression preprocessing phase (Tom Lane) - - - - - - - Correctly handle violations of exclusion constraints that apply to - the target table of an INSERT ... ON CONFLICT command, - but are not one of the selected arbiter indexes (Tom Lane) - - - - Such a case should raise a normal constraint-violation error, but it - got into an infinite loop instead. - - - - - - - Fix INSERT ... ON CONFLICT to not fail if the target - table has a unique index on OID (Tom Lane) - - - - - - - Make the inet and cidr data types properly reject - IPv6 addresses with too many colon-separated fields (Tom Lane) - - - - - - - Prevent crash in close_ps() - (the point ## lseg operator) - for NaN input coordinates (Tom Lane) - - - - Make it return NULL instead of crashing. - - - - - - - Avoid possible crash in pg_get_expr() when inconsistent - values are passed to it (Michael Paquier, Thomas Munro) - - - - - - - Fix several one-byte buffer over-reads in to_number() - (Peter Eisentraut) - - - - In several cases the to_number() function would read one - more character than it should from the input string. There is a - small chance of a crash, if the input happens to be adjacent to the - end of memory. - - - - - - - Do not run the planner on the query contained in CREATE - MATERIALIZED VIEW or CREATE TABLE AS - when WITH NO DATA is specified (Michael Paquier, - Tom Lane) - - - - This avoids some unnecessary failure conditions, for example if a - stable function invoked by the materialized view depends on a table - that doesn't exist yet. - - - - - - - Avoid unsafe intermediate state during expensive paths - through heap_update() (Masahiko Sawada, Andres Freund) - - - - Previously, these cases locked the target tuple (by setting its XMAX) - but did not WAL-log that action, thus risking data integrity problems - if the page were spilled to disk and then a database crash occurred - before the tuple update could be completed. - - - - - - - Fix hint bit update during WAL replay of row locking operations - (Andres Freund) - - - - The only known consequence of this problem is that row locks held by - a prepared, but uncommitted, transaction might fail to be enforced - after a crash and restart. - - - - - - - Avoid unnecessary could not serialize access errors when - acquiring FOR KEY SHARE row locks in serializable mode - (Álvaro Herrera) - - - - - - - Make sure expanded datums returned by a plan node are - read-only (Tom Lane) - - - - This avoids failures in some cases where the result of a lower plan - node is referenced in multiple places in upper nodes. So far as - core PostgreSQL is concerned, only array values - returned by PL/pgSQL functions are at risk; but extensions might - use expanded datums for other things. - - - - - - - Avoid crash in postgres -C when the specified variable - has a null string value (Michael Paquier) - - - - - - - Prevent unintended waits for the receiver in WAL sender processes - (Kyotaro Horiguchi) - - - - - - - Fix possible loss of large subtransactions in logical decoding - (Petru-Florin Mihancea) - - - - - - - Fix failure of logical decoding when a subtransaction contains no - actual changes (Marko Tiikkaja, Andrew Gierth) - - - - - - - Ensure that backends see up-to-date statistics for shared catalogs - (Tom Lane) - - - - The statistics collector failed to update the statistics file for - shared catalogs after a request from a regular backend. This problem - was partially masked because the autovacuum launcher regularly makes - requests that did cause such updates; however, it became obvious with - autovacuum disabled. - - - - - - - Avoid redundant writes of the statistics files when multiple - backends request updates close together (Tom Lane, Tomas Vondra) - - - - - - - Avoid consuming a transaction ID during VACUUM - (Alexander Korotkov) - - - - Some cases in VACUUM unnecessarily caused an XID to be - assigned to the current transaction. Normally this is negligible, - but if one is up against the XID wraparound limit, consuming more - XIDs during anti-wraparound vacuums is a very bad thing. - - - - - - - Prevent possible failure when vacuuming multixact IDs in an - installation that has been pg_upgrade'd from pre-9.3 (Andrew Gierth, - Álvaro Herrera) - - - - The usual symptom of this bug is errors - like MultiXactId NNN has not been created - yet -- apparent wraparound. - - - - - - - When a manual ANALYZE specifies a column list, don't - reset the table's changes_since_analyze counter - (Tom Lane) - - - - If we're only analyzing some columns, we should not prevent routine - auto-analyze from happening for the other columns. - - - - - - - Fix ANALYZE's overestimation of n_distinct - for a unique or nearly-unique column with many null entries (Tom - Lane) - - - - The nulls could get counted as though they were themselves distinct - values, leading to serious planner misestimates in some types of - queries. - - - - - - - Prevent autovacuum from starting multiple workers for the same shared - catalog (Álvaro Herrera) - - - - Normally this isn't much of a problem because the vacuum doesn't take - long anyway; but in the case of a severely bloated catalog, it could - result in all but one worker uselessly waiting instead of doing - useful work on other tables. - - - - - - - Fix bug in b-tree mark/restore processing (Kevin Grittner) - - - - This error could lead to incorrect join results or assertion failures - in a merge join whose inner source node is a b-tree indexscan. - - - - - - - Avoid duplicate buffer lock release when abandoning a b-tree index - page deletion attempt (Tom Lane) - - - - This mistake prevented VACUUM from completing in some - cases involving corrupt b-tree indexes. - - - - - - - Fix building of large (bigger than shared_buffers) - hash indexes (Tom Lane) - - - - The code path used for large indexes contained a bug causing - incorrect hash values to be inserted into the index, so that - subsequent index searches always failed, except for tuples inserted - into the index after the initial build. - - - - - - - Prevent infinite loop in GiST index build for geometric columns - containing NaN component values (Tom Lane) - - - - - - - Fix possible crash during a nearest-neighbor (ORDER BY - distance) indexscan on a contrib/btree_gist index on - an interval column (Peter Geoghegan) - - - - - - - Fix PANIC: failed to add BRIN tuple error when attempting - to update a BRIN index entry (Álvaro Herrera) - - - - - - - Fix possible crash during background worker shutdown (Dmitry Ivanov) - - - - - - - Fix PL/pgSQL's handling of the INTO clause - within IMPORT FOREIGN SCHEMA commands (Tom Lane) - - - - - - - Fix contrib/btree_gin to handle the smallest - possible bigint value correctly (Peter Eisentraut) - - - - - - - Teach libpq to correctly decode server version from future servers - (Peter Eisentraut) - - - - It's planned to switch to two-part instead of three-part server - version numbers for releases after 9.6. Make sure - that PQserverVersion() returns the correct value for - such cases. - - - - - - - Fix ecpg's code for unsigned long long - array elements (Michael Meskes) - - - - - - - In pg_dump with both - - - - - - Improve handling of SIGTERM/control-C in - parallel pg_dump and pg_restore (Tom - Lane) - - - - Make sure that the worker processes will exit promptly, and also arrange - to send query-cancel requests to the connected backends, in case they - are doing something long-running such as a CREATE INDEX. - - - - - - - Fix error reporting in parallel pg_dump - and pg_restore (Tom Lane) - - - - Previously, errors reported by pg_dump - or pg_restore worker processes might never make it to - the user's console, because the messages went through the master - process, and there were various deadlock scenarios that would prevent - the master process from passing on the messages. Instead, just print - everything to stderr. In some cases this will result in - duplicate messages (for instance, if all the workers report a server - shutdown), but that seems better than no message. - - - - - - - Ensure that parallel pg_dump - or pg_restore on Windows will shut down properly - after an error (Kyotaro Horiguchi) - - - - Previously, it would report the error, but then just sit until - manually stopped by the user. - - - - - - - Make parallel pg_dump fail cleanly when run against a - standby server (Magnus Hagander) - - - - This usage is not supported - unless - - - - - - Make pg_dump behave better when built without zlib - support (Kyotaro Horiguchi) - - - - It didn't work right for parallel dumps, and emitted some rather - pointless warnings in other cases. - - - - - - - Make pg_basebackup accept -Z 0 as - specifying no compression (Fujii Masao) - - - - - - - Fix makefiles' rule for building AIX shared libraries to be safe for - parallel make (Noah Misch) - - - - - - - Fix TAP tests and MSVC scripts to work when build directory's path - name contains spaces (Michael Paquier, Kyotaro Horiguchi) - - - - - - - Be more predictable about reporting statement timeout - versus lock timeout (Tom Lane) - - - - On heavily loaded machines, the regression tests sometimes failed due - to reporting lock timeout even though the statement timeout - should have occurred first. - - - - - - - Make regression tests safe for Danish and Welsh locales (Jeff Janes, - Tom Lane) - - - - Change some test data that triggered the unusual sorting rules of - these locales. - - - - - - - Update our copy of the timezone code to match - IANA's tzcode release 2016c (Tom Lane) - - - - This is needed to cope with anticipated future changes in the time - zone data files. It also fixes some corner-case bugs in coping with - unusual time zones. - - - - - - - Update time zone data files to tzdata release 2016f - for DST law changes in Kemerovo and Novosibirsk, plus historical - corrections for Azerbaijan, Belarus, and Morocco. - - - - - - - - - - Release 9.5.3 - - - Release date: - 2016-05-12 - - - - This release contains a variety of fixes from 9.5.2. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.3 - - - A dump/restore is not required for those running 9.5.X. - - - - However, if you are upgrading from a version earlier than 9.5.2, - see . - - - - - Changes - - - - - - - Clear the OpenSSL error queue before OpenSSL calls, rather than - assuming it's clear already; and make sure we leave it clear - afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) - - - - This change prevents problems when there are multiple connections - using OpenSSL within a single process and not all the code involved - follows the same rules for when to clear the error queue. - Failures have been reported specifically when a client application - uses SSL connections in libpq concurrently with - SSL connections using the PHP, Python, or Ruby wrappers for OpenSSL. - It's possible for similar problems to arise within the server as well, - if an extension module establishes an outgoing SSL connection. - - - - - - - Fix failed to build any N-way joins - planner error with a full join enclosed in the right-hand side of a - left join (Tom Lane) - - - - - - - Fix incorrect handling of equivalence-class tests in multilevel - nestloop plans (Tom Lane) - - - - Given a three-or-more-way equivalence class of variables, such - as X.X = Y.Y = Z.Z, it was possible for the planner to omit - some of the tests needed to enforce that all the variables are actually - equal, leading to join rows being output that didn't satisfy - the WHERE clauses. For various reasons, erroneous plans - were seldom selected in practice, so that this bug has gone undetected - for a long time. - - - - - - - Fix corner-case parser failures occurring - when is turned on - (Tom Lane) - - - - An example is that SELECT (ARRAY[])::text[] gave an error, - though it worked without the parentheses. - - - - - - - Fix query-lifespan memory leak in GIN index scans (Julien Rouhaud) - - - - - - - Fix query-lifespan memory leak and potential index corruption hazard in - GIN index insertion (Tom Lane) - - - - The memory leak would typically not amount to much in simple queries, - but it could be very substantial during a large GIN index build with - high maintenance_work_mem. - - - - - - - Fix possible misbehavior of TH, th, - and Y,YYY format codes in to_timestamp() - (Tom Lane) - - - - These could advance off the end of the input string, causing subsequent - format codes to read garbage. - - - - - - - Fix dumping of rules and views in which the array - argument of a value operator - ANY (array) construct is a sub-SELECT - (Tom Lane) - - - - - - - Disallow newlines in ALTER SYSTEM parameter values - (Tom Lane) - - - - The configuration-file parser doesn't support embedded newlines in - string literals, so we mustn't allow them in values to be inserted - by ALTER SYSTEM. - - - - - - - Fix ALTER TABLE ... REPLICA IDENTITY USING INDEX to - work properly if an index on OID is selected (David Rowley) - - - - - - - Avoid possible misbehavior after failing to remove a tablespace symlink - (Tom Lane) - - - - - - - Fix crash in logical decoding on alignment-picky platforms (Tom Lane, - Andres Freund) - - - - The failure occurred only with a transaction large enough to spill to - disk and a primary-key change within that transaction. - - - - - - - Avoid repeated requests for feedback from receiver while shutting down - walsender (Nick Cleaton) - - - - - - - Make pg_regress use a startup timeout from the - PGCTLTIMEOUT environment variable, if that's set (Tom Lane) - - - - This is for consistency with a behavior recently added - to pg_ctl; it eases automated testing on slow machines. - - - - - - - Fix pg_upgrade to correctly restore extension - membership for operator families containing only one operator class - (Tom Lane) - - - - In such a case, the operator family was restored into the new database, - but it was no longer marked as part of the extension. This had no - immediate ill effects, but would cause later pg_dump - runs to emit output that would cause (harmless) errors on restore. - - - - - - - Fix pg_upgrade to not fail when new-cluster TOAST rules - differ from old (Tom Lane) - - - - pg_upgrade had special-case code to handle the - situation where the new PostgreSQL version thinks that - a table should have a TOAST table while the old version did not. That - code was broken, so remove it, and instead do nothing in such cases; - there seems no reason to believe that we can't get along fine without - a TOAST table if that was okay according to the old version's rules. - - - - - - - Fix atomic operations for PPC when using IBM's XLC compiler (Noah Misch) - - - - - - - Reduce the number of SysV semaphores used by a build configured with - - - - - - - Rename internal function strtoi() - to strtoint() to avoid conflict with a NetBSD library - function (Thomas Munro) - - - - - - - Fix reporting of errors from bind() - and listen() system calls on Windows (Tom Lane) - - - - - - - Reduce verbosity of compiler output when building with Microsoft Visual - Studio (Christian Ullrich) - - - - - - - Support building with Visual Studio 2015 - (Michael Paquier, Petr Jelínek) - - - - Note that builds made with VS2015 will not run on Windows versions - before Windows Vista. - - - - - - - Fix putenv() to work properly with Visual Studio 2013 - (Michael Paquier) - - - - - - - Avoid possibly-unsafe use of Windows' FormatMessage() - function (Christian Ullrich) - - - - Use the FORMAT_MESSAGE_IGNORE_INSERTS flag where - appropriate. No live bug is known to exist here, but it seems like a - good idea to be careful. - - - - - - - Update time zone data files to tzdata release 2016d - for DST law changes in Russia and Venezuela. There are new zone - names Europe/Kirov and Asia/Tomsk to reflect - the fact that these regions now have different time zone histories from - adjacent regions. - - - - - - - - - - Release 9.5.2 - - - Release date: - 2016-03-31 - - - - This release contains a variety of fixes from 9.5.1. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.2 - - - A dump/restore is not required for those running 9.5.X. - - - - However, you may need to REINDEX some indexes after applying - the update, as per the first changelog entry below. - - - - - Changes - - - - - - - - Disable abbreviated keys for string sorting in non-C - locales (Robert Haas) - - - - PostgreSQL 9.5 introduced logic for speeding up - comparisons of string data types by using the standard C library - function strxfrm() as a substitute - for strcoll(). It now emerges that most versions of - glibc (Linux's implementation of the C library) have buggy - implementations of strxfrm() that, in some locales, - can produce string comparison results that do not - match strcoll(). Until this problem can be better - characterized, disable the optimization in all non-C - locales. (C locale is safe since it uses - neither strcoll() nor strxfrm().) - - - - Unfortunately, this problem affects not only sorting but also entry - ordering in B-tree indexes, which means that B-tree indexes - on text, varchar, or char columns may now - be corrupt if they sort according to an affected locale and were - built or modified under PostgreSQL 9.5.0 or 9.5.1. - Users should REINDEX indexes that might be affected. - - - - It is not possible at this time to give an exhaustive list of - known-affected locales. C locale is known safe, and - there is no evidence of trouble in English-based locales such - as en_US, but some other popular locales such - as de_DE are affected in most glibc versions. - - - - - - - - Maintain row-security status properly in cached plans (Stephen Frost) - - - - In a session that performs queries as more than one role, the plan - cache might incorrectly re-use a plan that was generated for another - role ID, thus possibly applying the wrong set of policies when - row-level security (RLS) is in use. - (CVE-2016-2193) - - - - - - - - Add must-be-superuser checks to some - new contrib/pageinspect functions (Andreas Seltenreich) - - - - Most functions in the pageinspect extension that - inspect bytea values disallow calls by non-superusers, - but brin_page_type() and brin_metapage_info() - failed to do so. Passing contrived bytea values to them might - crash the server or disclose a few bytes of server memory. Add the - missing permissions checks to prevent misuse. - (CVE-2016-3065) - - - - - - - - Fix incorrect handling of indexed ROW() comparisons - (Simon Riggs) - - - - Flaws in a minor optimization introduced in 9.5 caused incorrect - results if the ROW() comparison matches the index ordering - partially but not exactly (for example, differing column order, or the - index contains both ASC and DESC columns). - Pending a better solution, the optimization has been removed. - - - - - - - - Fix incorrect handling of NULL index entries in - indexed ROW() comparisons (Tom Lane) - - - - An index search using a row comparison such as ROW(a, b) > - ROW('x', 'y') would stop upon reaching a NULL entry in - the b column, ignoring the fact that there might be - non-NULL b values associated with later values - of a. - - - - - - - - Avoid unlikely data-loss scenarios due to renaming files without - adequate fsync() calls before and after (Michael Paquier, - Tomas Vondra, Andres Freund) - - - - - - - - Fix incorrect behavior when rechecking a just-modified row in a query - that does SELECT FOR UPDATE/SHARE and contains some - relations that need not be locked (Tom Lane) - - - - Rows from non-locked relations were incorrectly treated as containing - all NULLs during the recheck, which could result in incorrectly - deciding that the updated row no longer passes the WHERE - condition, or in incorrectly outputting NULLs. - - - - - - - - Fix bug in json_to_record() when a field of its input - object contains a sub-object with a field name matching one of the - requested output column names (Tom Lane) - - - - - - - - Fix nonsense result from two-argument form - of jsonb_object() when called with empty arrays - (Michael Paquier, Andrew Dunstan) - - - - - - - - Fix misbehavior in jsonb_set() when converting a path - array element into an integer for use as an array subscript - (Michael Paquier) - - - - - - - - Fix misformatting of negative time zone offsets - by to_char()'s OF format code - (Thomas Munro, Tom Lane) - - - - - - - - Fix possible incorrect logging of waits done by - INSERT ... ON CONFLICT (Peter Geoghegan) - - - - Log messages would sometimes claim that the wait was due to an - exclusion constraint although no such constraint was responsible. - - - - - - - - Ignore parameter until - recovery has reached a consistent state (Michael Paquier) - - - - Previously, standby servers would delay application of WAL records in - response to recovery_min_apply_delay even while replaying - the initial portion of WAL needed to make their database state valid. - Since the standby is useless until it's reached a consistent database - state, this was deemed unhelpful. - - - - - - - - Correctly handle cases where pg_subtrans is close to XID - wraparound during server startup (Jeff Janes) - - - - - - - - Fix assorted bugs in logical decoding (Andres Freund) - - - - Trouble cases included tuples larger than one page when replica - identity is FULL, UPDATEs that change a - primary key within a transaction large enough to be spooled to disk, - incorrect reports of subxact logged without previous toplevel - record, and incorrect reporting of a transaction's commit time. - - - - - - - - Fix planner error with nested security barrier views when the outer - view has a WHERE clause containing a correlated subquery - (Dean Rasheed) - - - - - - - - Fix memory leak in GIN index searches (Tom Lane) - - - - - - - - Fix corner-case crash due to trying to free localeconv() - output strings more than once (Tom Lane) - - - - - - - - Fix parsing of affix files for ispell dictionaries - (Tom Lane) - - - - The code could go wrong if the affix file contained any characters - whose byte length changes during case-folding, for - example I in Turkish UTF8 locales. - - - - - - - - Avoid use of sscanf() to parse ispell - dictionary files (Artur Zakirov) - - - - This dodges a portability problem on FreeBSD-derived platforms - (including macOS). - - - - - - - - Fix atomic-operations code used on PPC with IBM's xlc compiler - (Noah Misch) - - - - This error led to rare failures of concurrent operations on that - platform. - - - - - - - - Avoid a crash on old Windows versions (before 7SP1/2008R2SP1) with an - AVX2-capable CPU and a Postgres build done with Visual Studio 2013 - (Christian Ullrich) - - - - This is a workaround for a bug in Visual Studio 2013's runtime - library, which Microsoft have stated they will not fix in that - version. - - - - - - - - Fix psql's tab completion logic to handle multibyte - characters properly (Kyotaro Horiguchi, Robert Haas) - - - - - - - - Fix psql's tab completion for - SECURITY LABEL (Tom Lane) - - - - Pressing TAB after SECURITY LABEL might cause a crash - or offering of inappropriate keywords. - - - - - - - - Make pg_ctl accept a wait timeout from the - PGCTLTIMEOUT environment variable, if none is specified on - the command line (Noah Misch) - - - - This eases testing of slower buildfarm members by allowing them - to globally specify a longer-than-normal timeout for postmaster - startup and shutdown. - - - - - - - - Fix incorrect test for Windows service status - in pg_ctl (Manuel Mathar) - - - - The previous set of minor releases attempted to - fix pg_ctl to properly determine whether to send log - messages to Window's Event Log, but got the test backwards. - - - - - - - - Fix pgbench to correctly handle the combination - of -C and -M prepared options (Tom Lane) - - - - - - - - In pg_upgrade, skip creating a deletion script when - the new data directory is inside the old data directory (Bruce - Momjian) - - - - Blind application of the script in such cases would result in loss of - the new data directory. - - - - - - - - In PL/Perl, properly translate empty Postgres arrays into empty Perl - arrays (Alex Hunsaker) - - - - - - - - Make PL/Python cope with function names that aren't valid Python - identifiers (Jim Nasby) - - - - - - - - Fix multiple mistakes in the statistics returned - by contrib/pgstattuple's pgstatindex() - function (Tom Lane) - - - - - - - - Remove dependency on psed in MSVC builds, since it's no - longer provided by core Perl (Michael Paquier, Andrew Dunstan) - - - - - - - - Update time zone data files to tzdata release 2016c - for DST law changes in Azerbaijan, Chile, Haiti, Palestine, and Russia - (Altai, Astrakhan, Kirov, Sakhalin, Ulyanovsk regions), plus - historical corrections for Lithuania, Moldova, and Russia - (Kaliningrad, Samara, Volgograd). - - - - - - - - - - Release 9.5.1 - - - Release date: - 2016-02-11 - - - - This release contains a variety of fixes from 9.5.0. - For information about new features in the 9.5 major release, see - . - - - - Migration to Version 9.5.1 - - - A dump/restore is not required for those running 9.5.X. - - - - - Changes - - - - - - - - Fix infinite loops and buffer-overrun problems in regular expressions - (Tom Lane) - - - - Very large character ranges in bracket expressions could cause - infinite loops in some cases, and memory overwrites in other cases. - (CVE-2016-0773) - - - - - - - - Fix an oversight that caused hash joins to miss joining to some tuples - of the inner relation in rare cases (Tomas Vondra, Tom Lane) - - - - - - - - Avoid pushdown of HAVING clauses when grouping sets are - used (Andrew Gierth) - - - - - - - - Fix deparsing of ON CONFLICT arbiter WHERE - clauses (Peter Geoghegan) - - - - - - - - Make %h and %r escapes - in log_line_prefix work for messages emitted due - to log_connections (Tom Lane) - - - - Previously, %h/%r started to work just after a - new session had emitted the connection received log message; - now they work for that message too. - - - - - - - - Avoid leaking a token handle during SSPI authentication - (Christian Ullrich) - - - - - - - - Fix psql's \det command to interpret its - pattern argument the same way as other \d commands with - potentially schema-qualified patterns do (Reece Hart) - - - - - - - - In pg_ctl on Windows, check service status to decide - where to send output, rather than checking if standard output is a - terminal (Michael Paquier) - - - - - - - - Fix assorted corner-case bugs in pg_dump's processing - of extension member objects (Tom Lane) - - - - - - - - Fix improper quoting of domain constraint names - in pg_dump (Elvis Pranskevichus) - - - - - - - - Make pg_dump mark a view's triggers as needing to be - processed after its rule, to prevent possible failure during - parallel pg_restore (Tom Lane) - - - - - - - - Install guards in pgbench against corner-case overflow - conditions during evaluation of script-specified division or modulo - operators (Fabien Coelho, Michael Paquier) - - - - - - - - Suppress useless warning message when pg_receivexlog - connects to a pre-9.4 server (Marco Nenciarini) - - - - - - - - Avoid dump/reload problems when using both plpython2 - and plpython3 (Tom Lane) - - - - In principle, both versions of PL/Python can be used in - the same database, though not in the same session (because the two - versions of libpython cannot safely be used concurrently). - However, pg_restore and pg_upgrade both - do things that can fall foul of the same-session restriction. Work - around that by changing the timing of the check. - - - - - - - - Fix PL/Python regression tests to pass with Python 3.5 - (Peter Eisentraut) - - - - - - - - Prevent certain PL/Java parameters from being set by - non-superusers (Noah Misch) - - - - This change mitigates a PL/Java security bug - (CVE-2016-0766), which was fixed in PL/Java by marking - these parameters as superuser-only. To fix the security hazard for - sites that update PostgreSQL more frequently - than PL/Java, make the core code aware of them also. - - - - - - - - Fix ecpg-supplied header files to not contain comments - continued from a preprocessor directive line onto the next line - (Michael Meskes) - - - - Such a comment is rejected by ecpg. It's not yet clear - whether ecpg itself should be changed. - - - - - - - - Fix hstore_to_json_loose()'s test for whether - an hstore value can be converted to a JSON number (Tom Lane) - - - - Previously this function could be fooled by non-alphanumeric trailing - characters, leading to emitting syntactically-invalid JSON. - - - - - - - - In contrib/postgres_fdw, fix bugs triggered by use - of tableoid in data-modifying commands (Etsuro Fujita, - Robert Haas) - - - - - - - - Fix ill-advised restriction of NAMEDATALEN to be less - than 256 (Robert Haas, Tom Lane) - - - - - - - - Improve reproducibility of build output by ensuring filenames are given - to the linker in a fixed order (Christoph Berg) - - - - This avoids possible bitwise differences in the produced executable - files from one build to the next. - - - - - - - - Ensure that dynloader.h is included in the installed - header files in MSVC builds (Bruce Momjian, Michael Paquier) - - - - - - - - Update time zone data files to tzdata release 2016a for - DST law changes in Cayman Islands, Metlakatla, and Trans-Baikal - Territory (Zabaykalsky Krai), plus historical corrections for Pakistan. - - - - - - - - - - Release 9.5 - - - Release date: - 2016-01-07 - - - - Overview - - - Major enhancements in PostgreSQL 9.5 include: - - - - - - - - - Allow INSERTs - that would generate constraint conflicts to be turned into - UPDATEs or ignored - - - - - - Add GROUP BY analysis features GROUPING SETS, - CUBE and - ROLLUP - - - - - - Add row-level security control - - - - - - Create mechanisms for tracking - the progress of replication, - including methods for identifying the origin of individual changes - during logical replication - - - - - - Add Block Range Indexes (BRIN) - - - - - - Substantial performance improvements for sorting - - - - - - Substantial performance improvements for multi-CPU machines - - - - - - - The above items are explained in more detail in the sections below. - - - - - - - Migration to Version 9.5 - - - A dump/restore using , or use - of , is required for those wishing to migrate - data from any previous release. - - - - Version 9.5 contains a number of changes that may affect compatibility - with previous releases. Observe the following incompatibilities: - - - - - - - - Adjust operator precedence - to match the SQL standard (Tom Lane) - - - - The precedence of <=, >= - and <> has been reduced to match that of - <, > - and =. The precedence of IS tests - (e.g., x IS NULL) has been reduced to be - just below these six comparison operators. - Also, multi-keyword operators beginning with NOT now have - the precedence of their base operator (for example, NOT - BETWEEN now has the same precedence as BETWEEN) whereas - before they had inconsistent precedence, behaving like NOT - with respect to their left operand but like their base operator with - respect to their right operand. The new configuration - parameter can be - enabled to warn about queries in which these precedence changes result - in different parsing choices. - - - - - - - Change 's default shutdown mode from - smart to fast (Bruce Momjian) - - - - This means the default behavior will be to forcibly cancel existing - database sessions, not simply wait for them to exit. - - - - - - - Use assignment cast behavior for data type conversions - in PL/pgSQL assignments, rather than converting to and - from text (Tom Lane) - - - - This change causes conversions of Booleans to strings to - produce true or false, not t - or f. Other type conversions may succeed in more cases - than before; for example, assigning a numeric value 3.9 to - an integer variable will now assign 4 rather than failing. If no - assignment-grade cast is defined for the particular source and - destination types, PL/pgSQL will fall back to its old - I/O conversion behavior. - - - - - - - Allow characters in server - command-line options to be escaped with a backslash (Andres Freund) - - - - Formerly, spaces in the options string always separated options, so - there was no way to include a space in an option value. Including - a backslash in an option value now requires writing \\. - - - - - - - Change the default value of the GSSAPI include_realm parameter to 1, so - that by default the realm is not removed from a GSS - or SSPI principal name (Stephen Frost) - - - - - - - Replace configuration parameter checkpoint_segments - with - and (Heikki Linnakangas) - - - - If you previously adjusted checkpoint_segments, the - following formula will give you an approximately equivalent setting: - -max_wal_size = (3 * checkpoint_segments) * 16MB - - Note that the default setting for max_wal_size is - much higher than the default checkpoint_segments used - to be, so adjusting it might no longer be necessary. - - - - - - - Control the Linux OOM killer via new environment - variables PG_OOM_ADJUST_FILE - and PG_OOM_ADJUST_VALUE, - instead of compile-time options LINUX_OOM_SCORE_ADJ and - LINUX_OOM_ADJ - (Gurjeet Singh) - - - - - - - Decommission server configuration - parameter ssl_renegotiation_limit, which was deprecated - in earlier releases (Andres Freund) - - - - While SSL renegotiation is a good idea in theory, it has caused enough - bugs to be considered a net negative in practice, and it is due to be - removed from future versions of the relevant standards. We have - therefore removed support for it from PostgreSQL. - The ssl_renegotiation_limit parameter still exists, but - cannot be set to anything but zero (disabled). It's not documented - anymore, either. - - - - - - - Remove server configuration parameter autocommit, which - was already deprecated and non-operational (Tom Lane) - - - - - - - Remove the pg_authid - catalog's rolcatupdate field, as it had no usefulness - (Adam Brightwell) - - - - - - - The pg_stat_replication - system view's sent field is now NULL, not zero, when - it has no valid value (Magnus Hagander) - - - - - - - Allow json and jsonb array extraction operators to - accept negative subscripts, which count from the end of JSON arrays - (Peter Geoghegan, Andrew Dunstan) - - - - Previously, these operators returned NULL for negative - subscripts. - - - - - - - - - Changes - - - Below you will find a detailed account of the changes between - PostgreSQL 9.5 and the previous major - release. - - - - Server - - - Indexes - - - - - - - Add Block Range Indexes (BRIN) - (Álvaro Herrera) - - - - BRIN indexes store only summary data (such as minimum - and maximum values) for ranges of heap blocks. They are therefore - very compact and cheap to update; but if the data is naturally - clustered, they can still provide substantial speedup of searches. - - - - - - - Allow queries to perform accurate distance filtering of - bounding-box-indexed objects (polygons, circles) using GiST indexes (Alexander Korotkov, Heikki - Linnakangas) - - - - Previously, to exploit such an index a subquery had to be used to - select a large number of rows ordered by bounding-box distance, and - the result then had to be filtered further with a more accurate - distance calculation. - - - - - - - Allow GiST indexes to perform index-only - scans (Anastasia Lubennikova, Heikki Linnakangas, Andreas Karlsson) - - - - - - - Add configuration parameter - to control the size of GIN pending lists (Fujii Masao) - - - - This value can also be set on a per-index basis as an index storage - parameter. Previously the pending-list size was controlled - by , which was awkward because - appropriate values for work_mem are often much too large - for this purpose. - - - - - - - Issue a warning during the creation of hash indexes because they are not - crash-safe (Bruce Momjian) - - - - - - - - - General Performance - - - - - - - Improve the speed of sorting of varchar, text, - and numeric fields via abbreviated keys - (Peter Geoghegan, Andrew Gierth, Robert Haas) - - - - - - - Extend the infrastructure that allows sorting to be performed by - inlined, non-SQL-callable comparison functions to - cover CREATE INDEX, REINDEX, and - CLUSTER (Peter Geoghegan) - - - - - - - Improve performance of hash joins (Tomas Vondra, Robert Haas) - - - - - - - Improve concurrency of shared buffer replacement - (Robert Haas, Amit Kapila, Andres Freund) - - - - - - - Reduce the number of page locks and pins during index scans (Kevin Grittner) - - - - The primary benefit of this is to allow index vacuums to be blocked - less often. - - - - - - - Make per-backend tracking of buffer pins more memory-efficient - (Andres Freund) - - - - - - - Improve lock scalability (Andres Freund) - - - - This particularly addresses scalability problems when running on - systems with multiple CPU sockets. - - - - - - - Allow the optimizer to remove unnecessary references to left-joined - subqueries (David Rowley) - - - - - - - Allow pushdown of query restrictions into subqueries with window functions, where appropriate - (David Rowley) - - - - - - - Allow a non-leakproof function to be pushed down into a security - barrier view if the function does not receive any view output - columns (Dean Rasheed) - - - - - - - Teach the planner to use statistics obtained from an expression - index on a boolean-returning function, when a matching function call - appears in WHERE (Tom Lane) - - - - - - - Make ANALYZE compute basic statistics (null fraction and - average column width) even for columns whose data type lacks an - equality function (Oleksandr Shulgin) - - - - - - - Speed up CRC (cyclic redundancy check) computations - and switch to CRC-32C (Abhijit Menon-Sen, Heikki Linnakangas) - - - - - - - Improve bitmap index scan performance (Teodor Sigaev, Tom Lane) - - - - - - - Speed up CREATE INDEX by avoiding unnecessary memory - copies (Robert Haas) - - - - - - - Increase the number of buffer mapping partitions (Amit Kapila, - Andres Freund, Robert Haas) - - - - This improves performance for highly concurrent workloads. - - - - - - - - - Monitoring - - - - - - - Add per-table autovacuum logging control via new - log_autovacuum_min_duration storage parameter - (Michael Paquier) - - - - - - - Add new configuration parameter - (Thomas Munro) - - - - This string, typically set in postgresql.conf, - allows clients to identify the cluster. This name also appears - in the process title of all server processes, allowing for easier - identification of processes belonging to the same cluster. - - - - - - - Prevent non-superusers from changing on connection startup (Fujii Masao) - - - - - - - - - <acronym>SSL</> - - - - - - - Check Subject Alternative - Names in SSL server certificates, if present - (Alexey Klyukin) - - - - When they are present, this replaces checks against the certificate's - Common Name. - - - - - - - Add system view pg_stat_ssl to report - SSL connection information (Magnus Hagander) - - - - - - - Add libpq functions to return SSL - information in an implementation-independent way (Heikki Linnakangas) - - - - While PQgetssl() can - still be used to call OpenSSL functions, it is now - considered deprecated because future versions - of libpq might support other SSL - implementations. When possible, use the new - functions PQsslAttribute(), PQsslAttributeNames(), - and PQsslInUse() - to obtain SSL information in - an SSL-implementation-independent way. - - - - - - - Make libpq honor any OpenSSL - thread callbacks (Jan Urbanski) - - - - Previously they were overwritten. - - - - - - - - - Server Settings - - - - - - - Replace configuration parameter checkpoint_segments - with - and (Heikki Linnakangas) - - - - This change allows the allocation of a large number of WAL - files without keeping them after they are no longer needed. - Therefore the default for max_wal_size has been set - to 1GB, much larger than the old default - for checkpoint_segments. - Also note that standby servers perform restartpoints to try to limit - their WAL space consumption to max_wal_size; previously - they did not pay any attention to checkpoint_segments. - - - - - - - Control the Linux OOM killer via new environment - variables PG_OOM_ADJUST_FILE - and PG_OOM_ADJUST_VALUE - (Gurjeet Singh) - - - - The previous OOM control infrastructure involved - compile-time options LINUX_OOM_SCORE_ADJ and - LINUX_OOM_ADJ, which are no longer supported. - The new behavior is available in all builds. - - - - - - - Allow recording of transaction - commit time stamps when configuration parameter - is enabled (Álvaro Herrera, Petr Jelínek) - - - - Time stamp information can be accessed using functions pg_xact_commit_timestamp() - and pg_last_committed_xact(). - - - - - - - Allow to be set - by ALTER ROLE SET (Peter Eisentraut, Kyotaro Horiguchi) - - - - - - - Allow autovacuum workers - to respond to configuration parameter changes during a run - (Michael Paquier) - - - - - - - Make configuration parameter - read-only (Andres Freund) - - - - This means that assertions can no longer be turned - off if they were enabled at compile time, allowing for more - efficient code optimization. This change also removes the postgres - - - - - - Allow setting on - systems where it has no effect (Peter Eisentraut) - - - - - - - Add system view pg_file_settings - to show the contents of the server's configuration files - (Sawada Masahiko) - - - - - - - Add pending_restart to the system view pg_settings to - indicate a change has been made but will not take effect until a - database restart (Peter Eisentraut) - - - - - - - Allow ALTER SYSTEM - values to be reset with ALTER SYSTEM RESET (Vik - Fearing) - - - - This command removes the specified setting - from postgresql.auto.conf. - - - - - - - - - - - Replication and Recovery - - - - - - - Create mechanisms for tracking - the progress of replication, - including methods for identifying the origin of individual changes - during logical replication (Andres Freund) - - - - This is helpful when implementing replication solutions. - - - - - - - Rework truncation of the multixact commit log to be properly - WAL-logged (Andres Freund) - - - - This makes things substantially simpler and more robust. - - - - - - - Add recovery.conf - parameter recovery_target_action - to control post-recovery activity (Petr Jelínek) - - - - This replaces the old parameter pause_at_recovery_target. - - - - - - - Add new value - always to allow standbys to always archive received - WAL files (Fujii Masao) - - - - - - - Add configuration - parameter to - control WAL read retry after failure - (Alexey Vasiliev, Michael Paquier) - - - - This is particularly helpful for warm standbys. - - - - - - - Allow compression of full-page images stored in WAL - (Rahila Syed, Michael Paquier) - - - - This feature reduces WAL volume, at the cost of more CPU time spent - on WAL logging and WAL replay. It is controlled by a new - configuration parameter , which - currently is off by default. - - - - - - - Archive WAL files with suffix .partial - during standby promotion (Heikki Linnakangas) - - - - - - - Add configuration parameter - to log replication commands (Fujii Masao) - - - - By default, replication commands, e.g. IDENTIFY_SYSTEM, - are not logged, even when is set - to all. - - - - - - - Report the processes holding replication slots in pg_replication_slots - (Craig Ringer) - - - - The new output column is active_pid. - - - - - - - Allow recovery.conf's primary_conninfo setting to - use connection URIs, e.g. postgres:// - (Alexander Shulgin) - - - - - - - - - Queries - - - - - - - Allow INSERTs - that would generate constraint conflicts to be turned into - UPDATEs or ignored (Peter Geoghegan, Heikki - Linnakangas, Andres Freund) - - - - The syntax is INSERT ... ON CONFLICT DO NOTHING/UPDATE. - This is the Postgres implementation of the popular - UPSERT command. - - - - - - - Add GROUP BY analysis features GROUPING SETS, - CUBE and - ROLLUP - (Andrew Gierth, Atri Sharma) - - - - - - - Allow setting multiple target columns in - an UPDATE from the result of - a single sub-SELECT (Tom Lane) - - - - This is accomplished using the syntax UPDATE tab SET - (col1, col2, ...) = (SELECT ...). - - - - - - - Add SELECT option - SKIP LOCKED to skip locked rows (Thomas Munro) - - - - This does not throw an error for locked rows like - NOWAIT does. - - - - - - - Add SELECT option - TABLESAMPLE to return a subset of a table (Petr - Jelínek) - - - - This feature supports the SQL-standard table sampling methods. - In addition, there are provisions - for user-defined - table sampling methods. - - - - - - - Suggest possible matches for mistyped column names (Peter - Geoghegan, Robert Haas) - - - - - - - - - Utility Commands - - - - - - - Add more details about sort ordering in EXPLAIN output (Marius Timmer, - Lukas Kreft, Arne Scheffer) - - - - Details include COLLATE, DESC, - USING, and NULLS FIRST/LAST. - - - - - - - Make VACUUM log the - number of pages skipped due to pins (Jim Nasby) - - - - - - - Make TRUNCATE properly - update the pg_stat* tuple counters (Alexander Shulgin) - - - - - - - <xref linkend="SQL-REINDEX"> - - - - - - - Allow REINDEX to reindex an entire schema using the - SCHEMA option (Sawada Masahiko) - - - - - - - Add VERBOSE option to REINDEX (Sawada - Masahiko) - - - - - - - Prevent REINDEX DATABASE and SCHEMA - from outputting object names, unless VERBOSE is used - (Simon Riggs) - - - - - - - Remove obsolete FORCE option from REINDEX - (Fujii Masao) - - - - - - - - - - Object Manipulation - - - - - - - Add row-level security control - (Craig Ringer, KaiGai Kohei, Adam Brightwell, Dean Rasheed, - Stephen Frost) - - - - This feature allows row-by-row control over which users can add, - modify, or even see rows in a table. This is controlled by new - commands CREATE/ALTER/DROP POLICY and ALTER TABLE ... ENABLE/DISABLE - ROW SECURITY. - - - - - - - Allow changing of the WAL - logging status of a table after creation with ALTER TABLE ... SET LOGGED / - UNLOGGED (Fabrízio de Royes Mello) - - - - - - - Add IF NOT EXISTS clause to CREATE TABLE AS, - CREATE INDEX, - CREATE SEQUENCE, - and CREATE - MATERIALIZED VIEW (Fabrízio de Royes Mello) - - - - - - - Add support for IF EXISTS to ALTER TABLE ... RENAME - CONSTRAINT (Bruce Momjian) - - - - - - - Allow some DDL commands to accept CURRENT_USER - or SESSION_USER, meaning the current user or session - user, in place of a specific user name (Kyotaro Horiguchi, - Álvaro Herrera) - - - - This feature is now supported in - , , - , , - and ALTER object OWNER TO commands. - - - - - - - Support comments on domain - constraints (Álvaro Herrera) - - - - - - - Reduce lock levels of some create and alter trigger and foreign - key commands (Simon Riggs, Andreas Karlsson) - - - - - - - Allow LOCK TABLE ... ROW EXCLUSIVE - MODE for those with INSERT privileges on the - target table (Stephen Frost) - - - - Previously this command required UPDATE, DELETE, - or TRUNCATE privileges. - - - - - - - Apply table and domain CHECK constraints in order by name - (Tom Lane) - - - - The previous ordering was indeterminate. - - - - - - - Allow CREATE/ALTER DATABASE - to manipulate datistemplate and - datallowconn (Vik Fearing) - - - - This allows these per-database settings to be - changed without manually modifying the pg_database - system catalog. - - - - - - - <link linkend="ddl-foreign-data">Foreign Tables</link> - - - - - - - Add support for - (Ronan Dunklau, Michael Paquier, Tom Lane) - - - - This command allows automatic creation of local foreign tables - that match the structure of existing tables on a remote server. - - - - - - - Allow CHECK constraints to be placed on foreign tables - (Shigeru Hanada, Etsuro Fujita) - - - - Such constraints are assumed to be enforced on the remote server, - and are not enforced locally. However, they are assumed to hold for - purposes of query optimization, such - as constraint - exclusion. - - - - - - - Allow foreign tables to participate in inheritance (Shigeru Hanada, - Etsuro Fujita) - - - - To let this work naturally, foreign tables are now allowed to have - check constraints marked as not valid, and to set storage - and OID characteristics, even though these operations are - effectively no-ops for a foreign table. - - - - - - - Allow foreign data wrappers and custom scans to implement join - pushdown (KaiGai Kohei) - - - - - - - - - <link linkend="event-triggers">Event Triggers</link> - - - - - - - Whenever a ddl_command_end event trigger is installed, - capture details of DDL activity for it to inspect - (Álvaro Herrera) - - - - This information is available through a set-returning function pg_event_trigger_ddl_commands(), - or by inspection of C data structures if that function doesn't - provide enough detail. - - - - - - - Allow event triggers on table rewrites caused by ALTER TABLE (Dimitri - Fontaine) - - - - - - - Add event trigger support for database-level COMMENT, SECURITY LABEL, - and GRANT/REVOKE (Álvaro Herrera) - - - - - - - Add columns to the output of pg_event_trigger_dropped_objects - (Álvaro Herrera) - - - - This allows simpler processing of delete operations. - - - - - - - - - - - Data Types - - - - - - - Allow the xml data type - to accept empty or all-whitespace content values (Peter Eisentraut) - - - - This is required by the SQL/XML - specification. - - - - - - - Allow macaddr input - using the format xxxx-xxxx-xxxx (Herwin Weststrate) - - - - - - - Disallow non-SQL-standard syntax for interval with - both precision and field specifications (Bruce Momjian) - - - - Per the standard, such type specifications should be written as, - for example, INTERVAL MINUTE TO SECOND(2). - PostgreSQL formerly allowed this to be written as - INTERVAL(2) MINUTE TO SECOND, but it must now be - written in the standard way. - - - - - - - Add selectivity estimators for inet/cidr operators and improve - estimators for text search functions (Emre Hasegeli, Tom Lane) - - - - - - - Add data - types regrole - and regnamespace - to simplify entering and pretty-printing the OID of a role - or namespace (Kyotaro Horiguchi) - - - - - - - <link linkend="datatype-json"><acronym>JSON</></link> - - - - - - - Add jsonb functions jsonb_set() - and jsonb_pretty() - (Dmitry Dolgov, Andrew Dunstan, Petr Jelínek) - - - - - - - Add jsonb generator functions to_jsonb(), - jsonb_object(), - jsonb_build_object(), - jsonb_build_array(), - jsonb_agg(), - and jsonb_object_agg() - (Andrew Dunstan) - - - - Equivalent functions already existed for type json. - - - - - - - Reduce casting requirements to/from json and jsonb (Tom Lane) - - - - - - - Allow text, text array, and integer - values to be subtracted - from jsonb documents (Dmitry Dolgov, Andrew Dunstan) - - - - - - - Add jsonb || operator - (Dmitry Dolgov, Andrew Dunstan) - - - - - - - Add json_strip_nulls() - and jsonb_strip_nulls() - functions to remove JSON null values from documents - (Andrew Dunstan) - - - - - - - - - - - Functions - - - - - - - Add generate_series() - for numeric values (Plato Malugin) - - - - - - - Allow array_agg() and - ARRAY() to take arrays as inputs (Ali Akbar, Tom Lane) - - - - - - - Add functions array_position() - and array_positions() - to return subscripts of array values (Pavel Stehule) - - - - - - - Add a point-to-polygon distance operator - <-> - (Alexander Korotkov) - - - - - - - Allow multibyte characters as escapes in SIMILAR TO - and SUBSTRING - (Jeff Davis) - - - - Previously, only a single-byte character was allowed as an escape. - - - - - - - Add a width_bucket() - variant that supports any sortable data type and non-uniform bucket - widths (Petr Jelínek) - - - - - - - Add an optional missing_ok argument to pg_read_file() - and related functions (Michael Paquier, Heikki Linnakangas) - - - - - - - Allow => - to specify named parameters in function calls (Pavel Stehule) - - - - Previously only := could be used. This requires removing - the possibility for => to be a user-defined operator. - Creation of user-defined => operators has been issuing - warnings since PostgreSQL 9.0. - - - - - - - Add POSIX-compliant rounding for platforms that use - PostgreSQL-supplied rounding functions (Pedro Gimeno Fortea) - - - - - - - System Information Functions and Views - - - - - - - Add function pg_get_object_address() - to return OIDs that uniquely - identify an object, and function pg_identify_object_as_address() - to return object information based on OIDs (Álvaro - Herrera) - - - - - - - Loosen security checks for viewing queries in pg_stat_activity, - executing pg_cancel_backend(), - and executing pg_terminate_backend() - (Stephen Frost) - - - - Previously, only the specific role owning the target session could - perform these operations; now membership in that role is sufficient. - - - - - - - Add pg_stat_get_snapshot_timestamp() - to output the time stamp of the statistics snapshot (Matt Kelly) - - - - This represents the last time the snapshot file was written to - the file system. - - - - - - - Add mxid_age() - to compute multi-xid age (Bruce Momjian) - - - - - - - - Aggregates - - - - - - - Add min()/max() aggregates - for inet/cidr data types (Haribabu - Kommi) - - - - - - - Use 128-bit integers, where supported, as accumulators for some - aggregate functions (Andreas Karlsson) - - - - - - - - - - - Server-Side Languages - - - - - - - Improve support for composite types in PL/Python (Ed Behn, Ronan - Dunklau) - - - - This allows PL/Python functions to return arrays - of composite types. - - - - - - - Reduce lossiness of PL/Python floating-point value - conversions (Marko Kreen) - - - - - - - Allow specification of conversion routines between SQL - data types and data types of procedural languages (Peter Eisentraut) - - - - This change adds new commands CREATE/DROP TRANSFORM. - This also adds optional transformations between the hstore and ltree types to/from PL/Perl and PL/Python. - - - - - - - <link linkend="plpgsql">PL/pgSQL</link> Server-Side Language - - - - - - - Improve PL/pgSQL array - performance (Tom Lane) - - - - - - - Add an ASSERT - statement in PL/pgSQL (Pavel Stehule) - - - - - - - Allow more PL/pgSQL - keywords to be used as identifiers (Tom Lane) - - - - - - - - - - - Client Applications - - - - - - - Move pg_archivecleanup, - pg_test_fsync, - pg_test_timing, - and pg_xlogdump - from contrib to src/bin (Peter Eisentraut) - - - - This should result in these programs being installed by default in - most installations. - - - - - - - Add pg_rewind, - which allows re-synchronizing a master server after failback - (Heikki Linnakangas) - - - - - - - Allow pg_receivexlog - to manage physical replication slots (Michael Paquier) - - - - This is controlled via new - - - - - - Allow pg_receivexlog - to synchronously flush WAL to storage using new - - - - Without this, WAL files are fsync'ed only on close. - - - - - - - Allow vacuumdb to - vacuum in parallel using new - - - - - - In vacuumdb, do not - prompt for the same password repeatedly when multiple connections - are necessary (Haribabu Kommi, Michael Paquier) - - - - - - - Add - - - - - - Make pg_basebackup - use a tablespace mapping file when using tar format, - to support symbolic links and file paths of 100+ characters in length - on MS Windows (Amit Kapila) - - - - - - - Add pg_xlogdump option - - - - - - - <xref linkend="APP-PSQL"> - - - - - - - Allow psql to produce AsciiDoc output (Szymon Guz) - - - - - - - Add an errors mode that displays only failed commands - to psql's ECHO variable - (Pavel Stehule) - - - - This behavior can also be selected with psql's - - - - - - - Provide separate column, header, and border linestyle control - in psql's unicode linestyle (Pavel Stehule) - - - - Single or double lines are supported; the default is - single. - - - - - - - Add new option %l in psql's PROMPT variables - to display the current multiline statement line number - (Sawada Masahiko) - - - - - - - Add \pset option pager_min_lines - to control pager invocation (Andrew Dunstan) - - - - - - - Improve psql line counting used when deciding - to invoke the pager (Andrew Dunstan) - - - - - - - psql now fails if the file specified by - an - - - Previously, it effectively ignored the switch in such cases. - - - - - - - Add psql tab completion when setting the - variable (Jeff Janes) - - - - Currently only the first schema can be tab-completed. - - - - - - - Improve psql's tab completion for triggers and rules - (Andreas Karlsson) - - - - - - - <link linkend="APP-PSQL-meta-commands">Backslash Commands</link> - - - - - - - Add psql \? help sections - variables and options (Pavel Stehule) - - - - \? variables shows psql's special - variables and \? options shows the command-line options. - \? commands shows the meta-commands, which is the - traditional output and remains the default. These help displays - can also be obtained with the command-line - option --help=section. - - - - - - - Show tablespace size in psql's \db+ - (Fabrízio de Royes Mello) - - - - - - - Show data type owners in psql's \dT+ - (Magnus Hagander) - - - - - - - Allow psql's \watch to output - \timing information (Fujii Masao) - - - - Also prevent - - - - - - Make psql's \sf and \ef - commands honor ECHO_HIDDEN (Andrew Dunstan) - - - - - - - Improve psql tab completion for \set, - \unset, and :variable names (Pavel - Stehule) - - - - - - - Allow tab completion of role names - in psql \c commands (Ian Barwick) - - - - - - - - - - - <xref linkend="APP-PGDUMP"> - - - - - - - Allow pg_dump to share a snapshot taken by another - session using - - - The remote snapshot must have been exported by - pg_export_snapshot() or logical replication slot - creation. This can be used to share a consistent snapshot - across multiple pg_dump processes. - - - - - - - Support table sizes exceeding 8GB in tar archive format (Tom Lane) - - - - The POSIX standard for tar format does not allow elements of a tar - archive to exceed 8GB, but most modern implementations of tar - support an extension that does allow it. Use the extension format - when necessary, rather than failing. - - - - - - - Make pg_dump always print the server and - pg_dump versions (Jing Wang) - - - - Previously, version information was only printed in - - - - - - - Remove the long-ignored - - - - - - - - <xref linkend="app-pg-ctl"> - - - - - - - Support multiple pg_ctl - - - - - - Allow control of pg_ctl's event source logging - on MS Windows (MauMau) - - - - This only controls pg_ctl, not the server, which - has separate settings in postgresql.conf. - - - - - - - If the server's listen address is set to a wildcard value - (0.0.0.0 in IPv4 or :: in IPv6), connect via - the loopback address rather than trying to use the wildcard address - literally (Kondo Yuta) - - - - This fix primarily affects Windows, since on other platforms - pg_ctl will prefer to use a Unix-domain socket. - - - - - - - - - <xref linkend="pgupgrade"> - - - - - - - Move pg_upgrade from contrib to - src/bin (Peter Eisentraut) - - - - In connection with this change, the functionality previously - provided by the pg_upgrade_support module has been - moved into the core server. - - - - - - - Support multiple pg_upgrade - - - - - - - Improve database collation comparisons in - pg_upgrade (Heikki Linnakangas) - - - - - - - Remove support for upgrading from 8.3 clusters (Bruce Momjian) - - - - - - - - - <xref linkend="pgbench"> - - - - - - - Move pgbench from contrib to src/bin - (Peter Eisentraut) - - - - - - - Fix calculation of TPS number excluding connections - establishing (Tatsuo Ishii, Fabien Coelho) - - - - The overhead for connection establishment was miscalculated whenever - the number of pgbench threads was less than the number of client - connections. Although this is clearly a bug, we won't back-patch it - into pre-9.5 branches since it makes TPS numbers not comparable to - previous results. - - - - - - - Allow counting of pgbench transactions that take over a specified - amount of time (Fabien Coelho) - - - - This is controlled by a new - - - - - - Allow pgbench to generate Gaussian/exponential distributions - using \setrandom (Kondo Mitsumasa, Fabien Coelho) - - - - - - - Allow pgbench's \set command to handle - arithmetic expressions containing more than one operator, and add - % (modulo) to the set of operators it supports - (Robert Haas, Fabien Coelho) - - - - - - - - - - - Source Code - - - - - - - Simplify WAL record format - (Heikki Linnakangas) - - - - This allows external tools to more easily track what blocks - are modified. - - - - - - - Improve the representation of transaction commit and abort WAL - records (Andres Freund) - - - - - - - Add atomic memory operations API (Andres Freund) - - - - - - - Allow custom path and scan methods (KaiGai Kohei, Tom Lane) - - - - This allows extensions greater control over the optimizer and - executor. - - - - - - - Allow foreign data wrappers to do post-filter locking (Etsuro - Fujita) - - - - - - - Foreign tables can now take part in INSERT ... ON CONFLICT - DO NOTHING queries (Peter Geoghegan, Heikki Linnakangas, - Andres Freund) - - - - Foreign data wrappers must be modified to handle this. - INSERT ... ON CONFLICT DO UPDATE is not supported on - foreign tables. - - - - - - - Improve hash_create()'s API for selecting - simple-binary-key hash functions (Teodor Sigaev, Tom Lane) - - - - - - - Improve parallel execution infrastructure (Robert Haas, Amit - Kapila, Noah Misch, Rushabh Lathia, Jeevan Chalke) - - - - - - - Remove Alpha (CPU) and Tru64 (OS) ports (Andres Freund) - - - - - - - Remove swap-byte-based spinlock implementation for - ARMv5 and earlier CPUs (Robert Haas) - - - - ARMv5's weak memory ordering made this locking - implementation unsafe. Spinlock support is still possible on - newer gcc implementations with atomics support. - - - - - - - Generate an error when excessively long (100+ character) file - paths are written to tar files (Peter Eisentraut) - - - - Tar does not support such overly-long paths. - - - - - - - Change index operator class for columns pg_seclabel.provider - and pg_shseclabel.provider - to be text_pattern_ops (Tom Lane) - - - - This avoids possible problems with these indexes when different - databases of a cluster have different default collations. - - - - - - - Change the spinlock primitives to function as compiler barriers - (Robert Haas) - - - - - - - MS Windows - - - - - - - Allow higher-precision time stamp resolution on Windows 8, Windows - Server 2012, and later Windows systems (Craig Ringer) - - - - - - - Install shared libraries to bin in MS Windows (Peter Eisentraut, Michael Paquier) - - - - - - - Install src/test/modules together with - contrib on MSVC builds (Michael - Paquier) - - - - - - - Allow configure's - - - - - - - Pass PGFILEDESC into MSVC contrib builds - (Michael Paquier) - - - - - - - Add icons to all MSVC-built binaries and version - information to all MS Windows - binaries (Noah Misch) - - - - MinGW already had such icons. - - - - - - - Add optional-argument support to the internal - getopt_long() implementation (Michael Paquier, - Andres Freund) - - - - This is used by the MSVC build. - - - - - - - - - - - Additional Modules - - - - - - - Add statistics for minimum, maximum, - mean, and standard deviation times to pg_stat_statements - (Mitsumasa Kondo, Andrew Dunstan) - - - - - - - Add pgcrypto function - pgp_armor_headers() to extract PGP - armor headers (Marko Tiikkaja, Heikki Linnakangas) - - - - - - - Allow empty replacement strings in unaccent (Mohammad Alhashash) - - - - This is useful in languages where diacritic signs are represented - as separate characters. - - - - - - - Allow multicharacter source strings in unaccent (Tom Lane) - - - - This could be useful in languages where diacritic signs are - represented as separate characters. It also allows more complex - unaccent dictionaries. - - - - - - - Add contrib modules tsm_system_rows and - tsm_system_time - to allow additional table sampling methods (Petr Jelínek) - - - - - - - Add GIN - index inspection functions to pageinspect (Heikki - Linnakangas, Peter Geoghegan, Michael Paquier) - - - - - - - Add information about buffer pins to pg_buffercache display - (Andres Freund) - - - - - - - Allow pgstattuple - to report approximate answers with less overhead using - pgstattuple_approx() (Abhijit Menon-Sen) - - - - - - - Move dummy_seclabel, test_shm_mq, - test_parser, and worker_spi - from contrib to src/test/modules - (Álvaro Herrera) - - - - These modules are only meant for server testing, so they do not need - to be built or installed when packaging PostgreSQL. - - - - - - - - - - diff --git a/doc/src/sgml/release-old.sgml b/doc/src/sgml/release-old.sgml deleted file mode 100644 index d56a5f65b4..0000000000 --- a/doc/src/sgml/release-old.sgml +++ /dev/null @@ -1,6657 +0,0 @@ - - - - - Release 7.3.21 - - - Release date: - 2008-01-07 - - - - This release contains a variety of fixes from 7.3.20, - including fixes for significant security issues. - - - - This is expected to be the last PostgreSQL release - in the 7.3.X series. Users are encouraged to update to a newer - release branch soon. - - - - Migration to Version 7.3.21 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - Prevent functions in indexes from executing with the privileges of - the user running VACUUM, ANALYZE, etc (Tom) - - - - Functions used in index expressions and partial-index - predicates are evaluated whenever a new table entry is made. It has - long been understood that this poses a risk of trojan-horse code - execution if one modifies a table owned by an untrustworthy user. - (Note that triggers, defaults, check constraints, etc. pose the - same type of risk.) But functions in indexes pose extra danger - because they will be executed by routine maintenance operations - such as VACUUM FULL, which are commonly performed - automatically under a superuser account. For example, a nefarious user - can execute code with superuser privileges by setting up a - trojan-horse index definition and waiting for the next routine vacuum. - The fix arranges for standard maintenance operations - (including VACUUM, ANALYZE, REINDEX, - and CLUSTER) to execute as the table owner rather than - the calling user, using the same privilege-switching mechanism already - used for SECURITY DEFINER functions. To prevent bypassing - this security measure, execution of SET SESSION - AUTHORIZATION and SET ROLE is now forbidden within a - SECURITY DEFINER context. (CVE-2007-6600) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - The fix that appeared for this in 7.3.20 was incomplete, as it plugged - the hole for only some dblink functions. (CVE-2007-6601, - CVE-2007-3278) - - - - - - Fix potential crash in translate() when using a multibyte - database encoding (Tom) - - - - - - Make contrib/tablefunc's crosstab() handle - NULL rowid as a category in its own right, rather than crashing (Joe) - - - - - - Require a specific version of Autoconf to be used - when re-generating the configure script (Peter) - - - - This affects developers and packagers only. The change was made - to prevent accidental use of untested combinations of - Autoconf and PostgreSQL versions. - You can remove the version check if you really want to use a - different Autoconf version, but it's - your responsibility whether the result works or not. - - - - - - - - - - Release 7.3.20 - - - Release date: - 2007-09-17 - - - - This release contains fixes from 7.3.19. - - - - Migration to Version 7.3.20 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - Prevent index corruption when a transaction inserts rows and - then aborts close to the end of a concurrent VACUUM - on the same table (Tom) - - - - - - Make CREATE DOMAIN ... DEFAULT NULL work properly (Tom) - - - - - - Fix crash when log_min_error_statement logging runs out - of memory (Tom) - - - - - - Require non-superusers who use /contrib/dblink to use only - password authentication, as a security measure (Joe) - - - - - - - - - - Release 7.3.19 - - - Release date: - 2007-04-23 - - - - This release contains fixes from 7.3.18, - including a security fix. - - - - Migration to Version 7.3.19 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - Support explicit placement of the temporary-table schema within - search_path, and disable searching it for functions - and operators (Tom) - - - This is needed to allow a security-definer function to set a - truly secure value of search_path. Without it, - an unprivileged SQL user can use temporary objects to execute code - with the privileges of the security-definer function (CVE-2007-2138). - See CREATE FUNCTION for more information. - - - - - - Fix potential-data-corruption bug in how VACUUM FULL handles - UPDATE chains (Tom, Pavan Deolasee) - - - - - - - - - - Release 7.3.18 - - - Release date: - 2007-02-05 - - - - This release contains a variety of fixes from 7.3.17, including - a security fix. - - - - Migration to Version 7.3.18 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - Remove security vulnerability that allowed connected users - to read backend memory (Tom) - - - The vulnerability involves changing the - data type of a table column used in a SQL function (CVE-2007-0555). - This error can easily be exploited to cause a backend crash, and in - principle might be used to read database content that the user - should not be able to access. - - - - - - Fix rare bug wherein btree index page splits could fail - due to choosing an infeasible split point (Heikki Linnakangas) - - - - - - Tighten security of multi-byte character processing for UTF8 sequences - over three bytes long (Tom) - - - - - - - - - - Release 7.3.17 - - - Release date: - 2007-01-08 - - - - This release contains a variety of fixes from 7.3.16. - - - - Migration to Version 7.3.17 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - - - - - to_number() and to_char(numeric) - are now STABLE, not IMMUTABLE, for - new initdb installs (Tom) - - - - This is because lc_numeric can potentially - change the output of these functions. - - - - - - Improve index usage of regular expressions that use parentheses (Tom) - - - - This improves psql \d performance also. - - - - - - - - - - Release 7.3.16 - - - Release date: - 2006-10-16 - - - - This release contains a variety of fixes from 7.3.15. - - - - Migration to Version 7.3.16 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - - Changes - - -Fix corner cases in pattern matching for - psql's \d commands -Fix index-corrupting bugs in /contrib/ltree - (Teodor) -Back-port 7.4 spinlock code to improve performance and support -64-bit architectures better -Fix SSL-related memory leak in libpq -Fix backslash escaping in /contrib/dbmirror -Adjust regression tests for recent changes in US DST laws - - - - - - - - Release 7.3.15 - - - Release date: - 2006-05-23 - - - - This release contains a variety of fixes from 7.3.14, - including patches for extremely serious security issues. - - - - Migration to Version 7.3.15 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - Full security against the SQL-injection attacks described in - CVE-2006-2313 and CVE-2006-2314 might require changes in application - code. If you have applications that embed untrustworthy strings - into SQL commands, you should examine them as soon as possible to - ensure that they are using recommended escaping techniques. In - most cases, applications should be using subroutines provided by - libraries or drivers (such as libpq's - PQescapeStringConn()) to perform string escaping, - rather than relying on ad hoc code to do it. - - - - - Changes - - -Change the server to reject invalidly-encoded multibyte -characters in all cases (Tatsuo, Tom) -While PostgreSQL has been moving in this direction for -some time, the checks are now applied uniformly to all encodings and all -textual input, and are now always errors not merely warnings. This change -defends against SQL-injection attacks of the type described in CVE-2006-2313. - - -Reject unsafe uses of \' in string literals -As a server-side defense against SQL-injection attacks of the type -described in CVE-2006-2314, the server now only accepts '' and not -\' as a representation of ASCII single quote in SQL string -literals. By default, \' is rejected only when -client_encoding is set to a client-only encoding (SJIS, BIG5, GBK, -GB18030, or UHC), which is the scenario in which SQL injection is possible. -A new configuration parameter backslash_quote is available to -adjust this behavior when needed. Note that full security against -CVE-2006-2314 might require client-side changes; the purpose of -backslash_quote is in part to make it obvious that insecure -clients are insecure. - - -Modify libpq's string-escaping routines to be -aware of encoding considerations -This fixes libpq-using applications for the security -issues described in CVE-2006-2313 and CVE-2006-2314. -Applications that use multiple PostgreSQL connections -concurrently should migrate to PQescapeStringConn() and -PQescapeByteaConn() to ensure that escaping is done correctly -for the settings in use in each database connection. Applications that -do string escaping by hand should be modified to rely on library -routines instead. - - -Fix some incorrect encoding conversion functions -win1251_to_iso, alt_to_iso, -euc_tw_to_big5, euc_tw_to_mic, -mic_to_euc_tw were all broken to varying -extents. - - -Clean up stray remaining uses of \' in strings -(Bruce, Jan) - -Fix server to use custom DH SSL parameters correctly (Michael -Fuhr) - -Fix various minor memory leaks - - - - - - - Release 7.3.14 - - - Release date: - 2006-02-14 - - - - This release contains a variety of fixes from 7.3.13. - - - - Migration to Version 7.3.14 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.13, - see . - - - - - Changes - - - -Fix potential crash in SET -SESSION AUTHORIZATION (CVE-2006-0553) -An unprivileged user could crash the server process, resulting in -momentary denial of service to other users, if the server has been compiled -with Asserts enabled (which is not the default). -Thanks to Akio Ishida for reporting this problem. - - -Fix bug with row visibility logic in self-inserted -rows (Tom) -Under rare circumstances a row inserted by the current command -could be seen as already valid, when it should not be. Repairs bug -created in 7.3.11 release. - - -Fix race condition that could lead to file already -exists errors during pg_clog file creation -(Tom) - -Fix to allow restoring dumps that have cross-schema -references to custom operators (Tom) - -Portability fix for testing presence of finite -and isinf during configure (Tom) - - - - - - - - Release 7.3.13 - - - Release date: - 2006-01-09 - - - - This release contains a variety of fixes from 7.3.12. - - - - Migration to Version 7.3.13 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.10, - see . - Also, you might need to REINDEX indexes on textual - columns after updating, if you are affected by the locale or - plperl issues described below. - - - - - Changes - - - -Fix character string comparison for locales that consider -different character combinations as equal, such as Hungarian (Tom) -This might require REINDEX to fix existing indexes on -textual columns. - -Set locale environment variables during postmaster startup -to ensure that plperl won't change the locale later -This fixes a problem that occurred if the postmaster was -started with environment variables specifying a different locale than what -initdb had been told. Under these conditions, any use of -plperl was likely to lead to corrupt indexes. You might need -REINDEX to fix existing indexes on -textual columns if this has happened to you. - -Fix longstanding bug in strpos() and regular expression -handling in certain rarely used Asian multi-byte character sets (Tatsuo) - - -Fix bug in /contrib/pgcrypto gen_salt, -which caused it not to use all available salt space for MD5 and -XDES algorithms (Marko Kreen, Solar Designer) -Salts for Blowfish and standard DES are unaffected. - -Fix /contrib/dblink to throw an error, -rather than crashing, when the number of columns specified is different from -what's actually returned by the query (Joe) - - - - - - - - Release 7.3.12 - - - Release date: - 2005-12-12 - - - - This release contains a variety of fixes from 7.3.11. - - - - Migration to Version 7.3.12 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.10, - see . - - - - - Changes - - - -Fix race condition in transaction log management -There was a narrow window in which an I/O operation could be initiated -for the wrong page, leading to an Assert failure or data -corruption. - - -/contrib/ltree fixes (Teodor) - -Fix longstanding planning error for outer joins -This bug sometimes caused a bogus error RIGHT JOIN is -only supported with merge-joinable join conditions. - -Prevent core dump in pg_autovacuum when a -table has been dropped - - - - - - - - Release 7.3.11 - - - Release date: - 2005-10-04 - - - - This release contains a variety of fixes from 7.3.10. - - - - Migration to Version 7.3.11 - - - A dump/restore is not required for those running 7.3.X. However, - if you are upgrading from a version earlier than 7.3.10, - see . - - - - - Changes - - -Fix error that allowed VACUUM to remove -ctid chains too soon, and add more checking in code that follows -ctid links -This fixes a long-standing problem that could cause crashes in very rare -circumstances. -Fix CHAR() to properly pad spaces to the specified -length when using a multiple-byte character set (Yoshiyuki Asaba) -In prior releases, the padding of CHAR() was incorrect -because it only padded to the specified number of bytes without -considering how many characters were stored. -Fix missing rows in queries like UPDATE a=... WHERE -a... with GiST index on column a -Improve checking for partially-written WAL -pages -Improve robustness of signal handling when SSL is -enabled -Various memory leakage fixes -Various portability improvements -Fix PL/pgSQL to handle var := var correctly when -the variable is of pass-by-reference type - - - - - - - Release 7.3.10 - - - Release date: - 2005-05-09 - - - - This release contains a variety of fixes from 7.3.9, including several - security-related issues. - - - - Migration to Version 7.3.10 - - - A dump/restore is not required for those running 7.3.X. However, - it is one possible way of handling a significant security problem - that has been found in the initial contents of 7.3.X system - catalogs. A dump/initdb/reload sequence using 7.3.10's initdb will - automatically correct this problem. - - - - The security problem is that the built-in character set encoding - conversion functions can be invoked from SQL commands by unprivileged - users, but the functions were not designed for such use and are not - secure against malicious choices of arguments. The fix involves changing - the declared parameter list of these functions so that they can no longer - be invoked from SQL commands. (This does not affect their normal use - by the encoding conversion machinery.) - It is strongly recommended that all installations repair this error, - either by initdb or by following the manual repair procedure given - below. The error at least allows unprivileged database users to crash - their server process, and might allow unprivileged users to gain the - privileges of a database superuser. - - - - If you wish not to do an initdb, perform the following procedure instead. - As the database superuser, do: - - -BEGIN; -UPDATE pg_proc SET proargtypes[3] = 'internal'::regtype -WHERE pronamespace = 11 AND pronargs = 5 - AND proargtypes[2] = 'cstring'::regtype; --- The command should report having updated 90 rows; --- if not, rollback and investigate instead of committing! -COMMIT; - - - - - The above procedure must be carried out in each database - of an installation, including template1, and ideally - including template0 as well. If you do not fix the - template databases then any subsequently created databases will contain - the same error. template1 can be fixed in the same way - as any other database, but fixing template0 requires - additional steps. First, from any database issue: - -UPDATE pg_database SET datallowconn = true WHERE datname = 'template0'; - - Next connect to template0 and perform the above repair - procedure. Finally, do: - --- re-freeze template0: -VACUUM FREEZE; --- and protect it against future alterations: -UPDATE pg_database SET datallowconn = false WHERE datname = 'template0'; - - - - - - Changes - - -Change encoding function signature to prevent -misuse -Repair ancient race condition that allowed a transaction to be -seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner -than for other purposes -This is an extremely serious bug since it could lead to apparent -data inconsistencies being briefly visible to applications. -Repair race condition between relation extension and -VACUUM -This could theoretically have caused loss of a page's worth of -freshly-inserted data, although the scenario seems of very low probability. -There are no known cases of it having caused more than an Assert failure. - -Fix comparisons of TIME WITH TIME ZONE values - -The comparison code was wrong in the case where the ---enable-integer-datetimes configuration switch had been used. -NOTE: if you have an index on a TIME WITH TIME ZONE column, -it will need to be REINDEXed after installing this update, because -the fix corrects the sort order of column values. - -Fix EXTRACT(EPOCH) for -TIME WITH TIME ZONE values -Fix mis-display of negative fractional seconds in -INTERVAL values - -This error only occurred when the ---enable-integer-datetimes configuration switch had been used. - -Additional buffer overrun checks in plpgsql -(Neil) -Fix pg_dump to dump trigger names containing % -correctly (Neil) -Prevent to_char(interval) from dumping core for -month-related formats -Fix contrib/pgcrypto for newer OpenSSL builds -(Marko Kreen) -Still more 64-bit fixes for -contrib/intagg -Prevent incorrect optimization of functions returning -RECORD - - - - - - - Release 7.3.9 - - - Release date: - 2005-01-31 - - - - This release contains a variety of fixes from 7.3.8, including several - security-related issues. - - - - Migration to Version 7.3.9 - - - A dump/restore is not required for those running 7.3.X. - - - - - Changes - - -Disallow LOAD to non-superusers - -On platforms that will automatically execute initialization functions of a -shared library (this includes at least Windows and ELF-based Unixen), -LOAD can be used to make the server execute arbitrary code. -Thanks to NGS Software for reporting this. -Check that creator of an aggregate function has the right to -execute the specified transition functions - -This oversight made it possible to bypass denial of EXECUTE -permission on a function. -Fix security and 64-bit issues in -contrib/intagg -Add needed STRICT marking to some contrib functions (Kris -Jurka) -Avoid buffer overrun when plpgsql cursor declaration has too -many parameters (Neil) -Fix planning error for FULL and RIGHT outer joins - -The result of the join was mistakenly supposed to be sorted the same as the -left input. This could not only deliver mis-sorted output to the user, but -in case of nested merge joins could give outright wrong answers. - -Fix plperl for quote marks in tuple fields -Fix display of negative intervals in SQL and GERMAN -datestyles - - - - - - - Release 7.3.8 - - - Release date: - 2004-10-22 - - - - This release contains a variety of fixes from 7.3.7. - - - - - Migration to Version 7.3.8 - - - A dump/restore is not required for those running 7.3.X. - - - - - Changes - - -Repair possible failure to update hint bits on disk - -Under rare circumstances this oversight could lead to -could not access transaction status failures, which qualifies -it as a potential-data-loss bug. - -Ensure that hashed outer join does not miss tuples - -Very large left joins using a hash join plan could fail to output unmatched -left-side rows given just the right data distribution. - -Disallow running pg_ctl as root - -This is to guard against any possible security issues. - -Avoid using temp files in /tmp in make_oidjoins_check - -This has been reported as a security issue, though it's hardly worthy of -concern since there is no reason for non-developers to use this script anyway. - - - - - - - - Release 7.3.7 - - - Release date: - 2004-08-16 - - - - This release contains one critical fix over 7.3.6, and some minor items. - - - - - Migration to Version 7.3.7 - - - A dump/restore is not required for those running 7.3.X. - - - - - Changes - - -Prevent possible loss of committed transactions during crash - -Due to insufficient interlocking between transaction commit and checkpointing, -it was possible for transactions committed just before the most recent -checkpoint to be lost, in whole or in part, following a database crash and -restart. This is a serious bug that has existed -since PostgreSQL 7.1. - -Remove asymmetrical word processing in tsearch (Teodor) -Properly schema-qualify function names when pg_dump'ing a CAST - - - - - - - Release 7.3.6 - - - Release date: - 2004-03-02 - - - - This release contains a variety of fixes from 7.3.5. - - - - - Migration to Version 7.3.6 - - - A dump/restore is not required for those - running 7.3.*. - - - - - - Changes - - -Revert erroneous changes in rule permissions checking -A patch applied in 7.3.3 to fix a corner case in rule permissions checks -turns out to have disabled rule-related permissions checks in many -not-so-corner cases. This would for example allow users to insert into views -they weren't supposed to have permission to insert into. We have therefore -reverted the 7.3.3 patch. The original bug will be fixed in 8.0. - -Repair incorrect order of operations in -GetNewTransactionId() - -This bug could result in failure under out-of-disk-space conditions, including -inability to restart even after disk space is freed. - -Ensure configure selects -fno-strict-aliasing even when -an external value for CFLAGS is supplied - -On some platforms, building with -fstrict-aliasing causes bugs. - -Make pg_restore handle 64-bit off_t correctly - -This bug prevented proper restoration from archive files exceeding 4 GB. - -Make contrib/dblink not assume that local and remote type OIDs -match (Joe) -Quote connectby()'s start_with argument properly (Joe) -Don't crash when a rowtype argument to a plpgsql function is -NULL -Avoid generating invalid character encoding sequences in -corner cases when planning LIKE operations -Ensure text_position() cannot scan past end of source string -in multibyte cases (Korea PostgreSQL Users' Group) -Fix index optimization and selectivity estimates for LIKE -operations on bytea columns (Joe) - - - - - - - Release 7.3.5 - - - Release date: - 2003-12-03 - - - - This has a variety of fixes from 7.3.4. - - - - - Migration to Version 7.3.5 - - - A dump/restore is not required for those - running 7.3.*. - - - - - Changes - - -Force zero_damaged_pages to be on during recovery from WAL -Prevent some obscure cases of variable not in subplan target lists -Force stats processes to detach from shared memory, ensuring cleaner shutdown -Make PQescapeBytea and byteaout consistent with each other (Joe) -Added missing SPI_finish() calls to dblink's get_tuple_of_interest() (Joe) -Fix for possible foreign key violation when rule rewrites INSERT (Jan) -Support qualified type names in PL/Tcl's spi_prepare command (Jan) -Make pg_dump handle a procedural language handler located in pg_catalog -Make pg_dump handle cases where a custom opclass is in another schema -Make pg_dump dump binary-compatible casts correctly (Jan) -Fix insertion of expressions containing subqueries into rule bodies -Fix incorrect argument processing in clusterdb script (Anand Ranganathan) -Fix problems with dropped columns in plpython triggers -Repair problems with to_char() reading past end of its input string (Karel) -Fix GB18030 mapping errors (Tatsuo) -Fix several problems with SSL error handling and asynchronous SSL I/O -Remove ability to bind a list of values to a single parameter in JDBC -(prevents possible SQL-injection attacks) -Fix some errors in HAVE_INT64_TIMESTAMP code paths -Fix corner case for btree search in parallel with first root page split - - - - - - - Release 7.3.4 - - - Release date: - 2003-07-24 - - - - This has a variety of fixes from 7.3.3. - - - - - Migration to Version 7.3.4 - - - A dump/restore is not required for those - running 7.3.*. - - - - - Changes - - -Repair breakage in timestamp-to-date conversion for dates before 2000 -Prevent rare possibility of server startup failure (Tom) -Fix bugs in interval-to-time conversion (Tom) -Add constraint names in a few places in pg_dump (Rod) -Improve performance of functions with many parameters (Tom) -Fix to_ascii() buffer overruns (Tom) -Prevent restore of database comments from throwing an error (Tom) -Work around buggy strxfrm() present in some Solaris releases (Tom) -Properly escape jdbc setObject() strings to improve security (Barry) - - - - - - - Release 7.3.3 - - - Release date: - 2003-05-22 - - - - This release contains a variety of fixes for version 7.3.2. - - - - Migration to Version 7.3.3 - - - A dump/restore is not required for those - running version 7.3.*. - - - - - Changes - - -Repair sometimes-incorrect computation of StartUpID after a crash -Avoid slowness with lots of deferred triggers in one transaction (Stephan) -Don't lock referenced row when UPDATE doesn't change foreign key's value (Jan) -Use -fPIC not -fpic on Sparc (Tom Callaway) -Repair lack of schema-awareness in contrib/reindexdb -Fix contrib/intarray error for zero-element result array (Teodor) -Ensure createuser script will exit on control-C (Oliver) -Fix errors when the type of a dropped column has itself been dropped -CHECKPOINT does not cause database panic on failure in noncritical steps -Accept 60 in seconds fields of timestamp, time, interval input values -Issue notice, not error, if TIMESTAMP, - TIME, or INTERVAL precision too large -Fix abstime-to-time cast function (fix is - not applied unless you initdb) -Fix pg_proc entry for - timestampt_izone (fix is not applied unless you - initdb) -Make EXTRACT(EPOCH FROM timestamp without time zone) treat input as local time -'now'::timestamptz gave wrong answer if timezone changed earlier in transaction -HAVE_INT64_TIMESTAMP code for time with timezone overwrote its input -Accept GLOBAL TEMP/TEMPORARY as a - synonym for TEMPORARY -Avoid improper schema-privilege-check failure in foreign-key triggers -Fix bugs in foreign-key triggers for SET DEFAULT action -Fix incorrect time-qual check in row fetch for - UPDATE and DELETE triggers -Foreign-key clauses were parsed but ignored in - ALTER TABLE ADD COLUMN -Fix createlang script breakage for case where handler function already exists -Fix misbehavior on zero-column tables in pg_dump, COPY, ANALYZE, other places -Fix misbehavior of func_error() on type names containing '%' -Fix misbehavior of replace() on strings containing '%' -Regular-expression patterns containing certain multibyte characters failed -Account correctly for NULLs in more cases in join size estimation -Avoid conflict with system definition of isblank() function or macro -Fix failure to convert large code point values in EUC_TW conversions (Tatsuo) -Fix error recovery for SSL_read/SSL_write calls -Don't do early constant-folding of type coercion expressions -Validate page header fields immediately after reading in any page -Repair incorrect check for ungrouped variables in unnamed joins -Fix buffer overrun in to_ascii (Guido Notari) -contrib/ltree fixes (Teodor) -Fix core dump in deadlock detection on machines where char is unsigned -Avoid running out of buffers in many-way indexscan (bug introduced in 7.3) -Fix planner's selectivity estimation functions to handle domains properly -Fix dbmirror memory-allocation bug (Steven Singer) -Prevent infinite loop in ln(numeric) due to roundoff error -GROUP BY got confused if there were multiple equal GROUP BY items -Fix bad plan when inherited UPDATE/DELETE references another inherited table -Prevent clustering on incomplete (partial or non-NULL-storing) indexes -Service shutdown request at proper time if it arrives while still starting up -Fix left-links in temporary indexes (could make backwards scans miss entries) -Fix incorrect handling of client_encoding setting in postgresql.conf (Tatsuo) -Fix failure to respond to pg_ctl stop -m fast after Async_NotifyHandler runs -Fix SPI for case where rule contains multiple statements of the same type -Fix problem with checking for wrong type of access privilege in rule query -Fix problem with EXCEPT in CREATE RULE -Prevent problem with dropping temp tables having serial columns -Fix replace_vars_with_subplan_refs failure in complex views -Fix regexp slowness in single-byte encodings (Tatsuo) -Allow qualified type names in CREATE CAST - and DROP CAST -Accept SETOF type[], which formerly had to - be written SETOF _type -Fix pg_dump core dump in some cases with procedural languages -Force ISO datestyle in pg_dump output, for portability (Oliver) -pg_dump failed to handle error return - from lo_read (Oleg Drokin) -pg_dumpall failed with groups having no members (Nick Eskelinen) -pg_dumpall failed to recognize --globals-only switch -pg_restore failed to restore blobs if -X disable-triggers is specified -Repair intrafunction memory leak in plpgsql -pltcl's elog command dumped core if given wrong parameters (Ian Harding) -plpython used wrong value of atttypmod (Brad McLean) -Fix improper quoting of boolean values in Python interface (D'Arcy) -Added addDataType() method to PGConnection interface for JDBC -Fixed various problems with updateable ResultSets for JDBC (Shawn Green) -Fixed various problems with DatabaseMetaData for JDBC (Kris Jurka, Peter Royal) -Fixed problem with parsing table ACLs in JDBC -Better error message for character set conversion problems in JDBC - - - - - - - Release 7.3.2 - - - Release date: - 2003-02-04 - - - - This release contains a variety of fixes for version 7.3.1. - - - - - Migration to Version 7.3.2 - - - A dump/restore is not required for those - running version 7.3.*. - - - - - Changes - - -Restore creation of OID column in CREATE TABLE AS / SELECT INTO -Fix pg_dump core dump when dumping views having comments -Dump DEFERRABLE/INITIALLY DEFERRED constraints properly -Fix UPDATE when child table's column numbering differs from parent -Increase default value of max_fsm_relations -Fix problem when fetching backwards in a cursor for a single-row query -Make backward fetch work properly with cursor on SELECT DISTINCT query -Fix problems with loading pg_dump files containing contrib/lo usage -Fix problem with all-numeric user names -Fix possible memory leak and core dump during disconnect in libpgtcl -Make plpython's spi_execute command handle nulls properly (Andrew Bosma) -Adjust plpython error reporting so that its regression test passes again -Work with bison 1.875 -Handle mixed-case names properly in plpgsql's %type (Neil) -Fix core dump in pltcl when executing a query rewritten by a rule -Repair array subscript overruns (per report from Yichen Xie) -Reduce MAX_TIME_PRECISION from 13 to 10 in floating-point case -Correctly case-fold variable names in per-database and per-user settings -Fix coredump in plpgsql's RETURN NEXT when SELECT into record returns no rows -Fix outdated use of pg_type.typprtlen in python client interface -Correctly handle fractional seconds in timestamps in JDBC driver -Improve performance of getImportedKeys() in JDBC -Make shared-library symlinks work standardly on HPUX (Giles) -Repair inconsistent rounding behavior for timestamp, time, interval -SSL negotiation fixes (Nathan Mueller) -Make libpq's ~/.pgpass feature work when connecting with PQconnectDB -Update my2pg, ora2pg -Translation updates -Add casts between types lo and oid in contrib/lo -fastpath code now checks for privilege to call function - - - - - - - Release 7.3.1 - - - Release date: - 2002-12-18 - - - - This release contains a variety of fixes for version 7.3. - - - - - Migration to Version 7.3.1 - - - A dump/restore is not required for those - running version 7.3. However, it should be noted that the main - PostgreSQL interface library, libpq, - has a new major version number for this release, which might require - recompilation of client code in certain cases. - - - - - Changes - - -Fix a core dump of COPY TO when client/server encodings don't match (Tom) -Allow pg_dump to work with pre-7.2 servers (Philip) -contrib/adddepend fixes (Tom) -Fix problem with deletion of per-user/per-database config settings (Tom) -contrib/vacuumlo fix (Tom) -Allow 'password' encryption even when pg_shadow contains MD5 passwords (Bruce) -contrib/dbmirror fix (Steven Singer) -Optimizer fixes (Tom) -contrib/tsearch fixes (Teodor Sigaev, Magnus) -Allow locale names to be mixed case (Nicolai Tufar) -Increment libpq library's major version number (Bruce) -pg_hba.conf error reporting fixes (Bruce, Neil) -Add SCO Openserver 5.0.4 as a supported platform (Bruce) -Prevent EXPLAIN from crashing server (Tom) -SSL fixes (Nathan Mueller) -Prevent composite column creation via ALTER TABLE (Tom) - - - - - - - Release 7.3 - - - Release date: - 2002-11-27 - - - - Overview - - - Major changes in this release: - - - - - Schemas - - - Schemas allow users to create objects in separate namespaces, - so two people or applications can have tables with the same - name. There is also a public schema for shared tables. - Table/index creation can be restricted by removing privileges - on the public schema. - - - - - - Drop Column - - - PostgreSQL now supports the - ALTER TABLE ... DROP COLUMN functionality. - - - - - - Table Functions - - - Functions returning multiple rows and/or multiple columns are - now much easier to use than before. You can call such a - table function in the SELECT - FROM clause, treating its output like a - table. Also, PL/pgSQL functions can - now return sets. - - - - - - Prepared Queries - - - PostgreSQL now supports prepared - queries, for improved performance. - - - - - - Dependency Tracking - - - PostgreSQL now records object - dependencies, which allows improvements in many areas. - DROP statements now take either - CASCADE or RESTRICT to control whether - dependent objects are also dropped. - - - - - - Privileges - - - Functions and procedural languages now have privileges, and - functions can be defined to run with the privileges of their - creator. - - - - - - Internationalization - - - Both multibyte and locale support are now always enabled. - - - - - - Logging - - - A variety of logging options have been enhanced. - - - - - - Interfaces - - - A large number of interfaces have been moved to http://gborg.postgresql.org - where they can be developed and released independently. - - - - - - Functions/Identifiers - - - By default, functions can now take up to 32 parameters, and - identifiers can be up to 63 bytes long. Also, OPAQUE - is now deprecated: there are specific pseudo-datatypes - to represent each of the former meanings of OPAQUE - in function argument and result types. - - - - - - - - - Migration to Version 7.3 - - - A dump/restore using pg_dump is required for those - wishing to migrate data from any previous release. If your - application examines the system catalogs, additional changes will - be required due to the introduction of schemas in 7.3; for more - information, see: . - - - - Observe the following incompatibilities: - - - - - - Pre-6.3 clients are no longer supported. - - - - - - pg_hba.conf now has a column for the user - name and additional features. Existing files need to be - adjusted. - - - - - - Several postgresql.conf logging parameters - have been renamed. - - - - - - LIMIT #,# has been disabled; use - LIMIT # OFFSET #. - - - - - - INSERT statements with column lists must - specify a value for each specified column. For example, - INSERT INTO tab (col1, col2) VALUES ('val1') - is now invalid. It's still allowed to supply fewer columns than - expected if the INSERT does not have a column list. - - - - - - serial columns are no longer automatically - UNIQUE; thus, an index will not automatically be - created. - - - - - - A SET command inside an aborted transaction - is now rolled back. - - - - - - COPY no longer considers missing trailing - columns to be null. All columns need to be specified. - (However, one can achieve a similar effect by specifying a - column list in the COPY command.) - - - - - - The data type timestamp is now equivalent to - timestamp without time zone, instead of - timestamp with time zone. - - - - - - Pre-7.3 databases loaded into 7.3 will not have the new object - dependencies for serial columns, unique - constraints, and foreign keys. See the directory - contrib/adddepend/ for a detailed - description and a script that will add such dependencies. - - - - - - An empty string ('') is no longer allowed as - the input into an integer field. Formerly, it was silently - interpreted as 0. - - - - - - - - Changes - - - Server Operation - -Add pg_locks view to show locks (Neil) -Security fixes for password negotiation memory allocation (Neil) -Remove support for version 0 FE/BE protocol (PostgreSQL 6.2 and earlier) (Tom) -Reserve the last few backend slots for superusers, add parameter superuser_reserved_connections to control this (Nigel J. Andrews) - - - - - Performance - -Improve startup by calling localtime() only once (Tom) -Cache system catalog information in flat files for faster startup (Tom) -Improve caching of index information (Tom) -Optimizer improvements (Tom, Fernando Nasser) -Catalog caches now store failed lookups (Tom) -Hash function improvements (Neil) -Improve performance of query tokenization and network handling (Peter) -Speed improvement for large object restore (Mario Weilguni) -Mark expired index entries on first lookup, saving later heap fetches (Tom) -Avoid excessive NULL bitmap padding (Manfred Koizar) -Add BSD-licensed qsort() for Solaris, for performance (Bruce) -Reduce per-row overhead by four bytes (Manfred Koizar) -Fix GEQO optimizer bug (Neil Conway) -Make WITHOUT OID actually save four bytes per row (Manfred Koizar) -Add default_statistics_target variable to specify ANALYZE buckets (Neil) -Use local buffer cache for temporary tables so no WAL overhead (Tom) -Improve free space map performance on large tables (Stephen Marshall, Tom) -Improved WAL write concurrency (Tom) - - - - - Privileges - -Add privileges on functions and procedural languages (Peter) -Add OWNER to CREATE DATABASE so superusers can create databases on behalf of unprivileged users (Gavin Sherry, Tom) -Add new object privilege bits EXECUTE and USAGE (Tom) -Add SET SESSION AUTHORIZATION DEFAULT and RESET SESSION AUTHORIZATION (Tom) -Allow functions to be executed with the privilege of the function owner (Peter) - - - - - Server Configuration - -Server log messages now tagged with LOG, not DEBUG (Bruce) -Add user column to pg_hba.conf (Bruce) -Have log_connections output two lines in log file (Tom) -Remove debug_level from postgresql.conf, now server_min_messages (Bruce) -New ALTER DATABASE/USER ... SET command for per-user/database initialization (Peter) -New parameters server_min_messages and client_min_messages to control which messages are sent to the server logs or client applications (Bruce) -Allow pg_hba.conf to specify lists of users/databases separated by commas, group names prepended with +, and file names prepended with @ (Bruce) -Remove secondary password file capability and pg_password utility (Bruce) -Add variable db_user_namespace for database-local user names (Bruce) -SSL improvements (Bear Giles) -Make encryption of stored passwords the default (Bruce) -Allow pg_statistics to be reset by calling pg_stat_reset() (Christopher) -Add log_duration parameter (Bruce) -Rename debug_print_query to log_statement (Bruce) -Rename show_query_stats to show_statement_stats (Bruce) -Add param log_min_error_statement to print commands to logs on error (Gavin) - - - - - Queries - -Make cursors insensitive, meaning their contents do not change (Tom) -Disable LIMIT #,# syntax; now only LIMIT # OFFSET # supported (Bruce) -Increase identifier length to 63 (Neil, Bruce) -UNION fixes for merging >= 3 columns of different lengths (Tom) -Add DEFAULT key word to INSERT, e.g., INSERT ... (..., DEFAULT, ...) (Rod) -Allow views to have default values using ALTER COLUMN ... SET DEFAULT (Neil) -Fail on INSERTs with column lists that don't supply all column values, e.g., INSERT INTO tab (col1, col2) VALUES ('val1'); (Rod) -Fix for join aliases (Tom) -Fix for FULL OUTER JOINs (Tom) -Improve reporting of invalid identifier and location (Tom, Gavin) -Fix OPEN cursor(args) (Tom) -Allow 'ctid' to be used in a view and currtid(viewname) (Hiroshi) -Fix for CREATE TABLE AS with UNION (Tom) -SQL99 syntax improvements (Thomas) -Add statement_timeout variable to cancel queries (Bruce) -Allow prepared queries with PREPARE/EXECUTE (Neil) -Allow FOR UPDATE to appear after LIMIT/OFFSET (Bruce) -Add variable autocommit (Tom, David Van Wie) - - - - - Object Manipulation - -Make equals signs optional in CREATE DATABASE (Gavin Sherry) -Make ALTER TABLE OWNER change index ownership too (Neil) -New ALTER TABLE tabname ALTER COLUMN colname SET STORAGE controls TOAST storage, compression (John Gray) -Add schema support, CREATE/DROP SCHEMA (Tom) -Create schema for temporary tables (Tom) -Add variable search_path for schema search (Tom) -Add ALTER TABLE SET/DROP NOT NULL (Christopher) -New CREATE FUNCTION volatility levels (Tom) -Make rule names unique only per table (Tom) -Add 'ON tablename' clause to DROP RULE and COMMENT ON RULE (Tom) -Add ALTER TRIGGER RENAME (Joe) -New current_schema() and current_schemas() inquiry functions (Tom) -Allow functions to return multiple rows (table functions) (Joe) -Make WITH optional in CREATE DATABASE, for consistency (Bruce) -Add object dependency tracking (Rod, Tom) -Add RESTRICT/CASCADE to DROP commands (Rod) -Add ALTER TABLE DROP for non-CHECK CONSTRAINT (Rod) -Autodestroy sequence on DROP of table with SERIAL (Rod) -Prevent column dropping if column is used by foreign key (Rod) -Automatically drop constraints/functions when object is dropped (Rod) -Add CREATE/DROP OPERATOR CLASS (Bill Studenmund, Tom) -Add ALTER TABLE DROP COLUMN (Christopher, Tom, Hiroshi) -Prevent inherited columns from being removed or renamed (Alvaro Herrera) -Fix foreign key constraints to not error on intermediate database states (Stephan) -Propagate column or table renaming to foreign key constraints -Add CREATE OR REPLACE VIEW (Gavin, Neil, Tom) -Add CREATE OR REPLACE RULE (Gavin, Neil, Tom) -Have rules execute alphabetically, returning more predictable values (Tom) -Triggers are now fired in alphabetical order (Tom) -Add /contrib/adddepend to handle pre-7.3 object dependencies (Rod) -Allow better casting when inserting/updating values (Tom) - - - - - Utility Commands - -Have COPY TO output embedded carriage returns and newlines as \r and \n (Tom) -Allow DELIMITER in COPY FROM to be 8-bit clean (Tatsuo) -Make pg_dump use ALTER TABLE ADD PRIMARY KEY, for performance (Neil) -Disable brackets in multistatement rules (Bruce) -Disable VACUUM from being called inside a function (Bruce) -Allow dropdb and other scripts to use identifiers with spaces (Bruce) -Restrict database comment changes to the current database -Allow comments on operators, independent of the underlying function (Rod) -Rollback SET commands in aborted transactions (Tom) -EXPLAIN now outputs as a query (Tom) -Display condition expressions and sort keys in EXPLAIN (Tom) -Add 'SET LOCAL var = value' to set configuration variables for a single transaction (Tom) -Allow ANALYZE to run in a transaction (Bruce) -Improve COPY syntax using new WITH clauses, keep backward compatibility (Bruce) -Fix pg_dump to consistently output tags in non-ASCII dumps (Bruce) -Make foreign key constraints clearer in dump file (Rod) -Add COMMENT ON CONSTRAINT (Rod) -Allow COPY TO/FROM to specify column names (Brent Verner) -Dump UNIQUE and PRIMARY KEY constraints as ALTER TABLE (Rod) -Have SHOW output a query result (Joe) -Generate failure on short COPY lines rather than pad NULLs (Neil) -Fix CLUSTER to preserve all table attributes (Alvaro Herrera) -New pg_settings table to view/modify GUC settings (Joe) -Add smart quoting, portability improvements to pg_dump output (Peter) -Dump serial columns out as SERIAL (Tom) -Enable large file support, >2G for pg_dump (Peter, Philip Warner, Bruce) -Disallow TRUNCATE on tables that are involved in referential constraints (Rod) -Have TRUNCATE also auto-truncate the toast table of the relation (Tom) -Add clusterdb utility that will auto-cluster an entire database based on previous CLUSTER operations (Alvaro Herrera) -Overhaul pg_dumpall (Peter) -Allow REINDEX of TOAST tables (Tom) -Implemented START TRANSACTION, per SQL99 (Neil) -Fix rare index corruption when a page split affects bulk delete (Tom) -Fix ALTER TABLE ... ADD COLUMN for inheritance (Alvaro Herrera) - - - - - Data Types and Functions - -Fix factorial(0) to return 1 (Bruce) -Date/time/timezone improvements (Thomas) -Fix for array slice extraction (Tom) -Fix extract/date_part to report proper microseconds for timestamp (Tatsuo) -Allow text_substr() and bytea_substr() to read TOAST values more efficiently (John Gray) -Add domain support (Rod) -Make WITHOUT TIME ZONE the default for TIMESTAMP and TIME data types (Thomas) -Allow alternate storage scheme of 64-bit integers for date/time types using --enable-integer-datetimes in configure (Thomas) -Make timezone(timestamptz) return timestamp rather than a string (Thomas) -Allow fractional seconds in date/time types for dates prior to 1BC (Thomas) -Limit timestamp data types to 6 decimal places of precision (Thomas) -Change timezone conversion functions from timetz() to timezone() (Thomas) -Add configuration variables datestyle and timezone (Tom) -Add OVERLAY(), which allows substitution of a substring in a string (Thomas) -Add SIMILAR TO (Thomas, Tom) -Add regular expression SUBSTRING(string FROM pat FOR escape) (Thomas) -Add LOCALTIME and LOCALTIMESTAMP functions (Thomas) -Add named composite types using CREATE TYPE typename AS (column) (Joe) -Allow composite type definition in the table alias clause (Joe) -Add new API to simplify creation of C language table functions (Joe) -Remove ODBC-compatible empty parentheses from calls to SQL99 functions for which these parentheses do not match the standard (Thomas) -Allow macaddr data type to accept 12 hex digits with no separators (Mike Wyer) -Add CREATE/DROP CAST (Peter) -Add IS DISTINCT FROM operator (Thomas) -Add SQL99 TREAT() function, synonym for CAST() (Thomas) -Add pg_backend_pid() to output backend pid (Bruce) -Add IS OF / IS NOT OF type predicate (Thomas) -Allow bit string constants without fully-specified length (Thomas) -Allow conversion between 8-byte integers and bit strings (Thomas) -Implement hex literal conversion to bit string literal (Thomas) -Allow table functions to appear in the FROM clause (Joe) -Increase maximum number of function parameters to 32 (Bruce) -No longer automatically create index for SERIAL column (Tom) -Add current_database() (Rod) -Fix cash_words() to not overflow buffer (Tom) -Add functions replace(), split_part(), to_hex() (Joe) -Fix LIKE for bytea as a right-hand argument (Joe) -Prevent crashes caused by SELECT cash_out(2) (Tom) -Fix to_char(1,'FM999.99') to return a period (Karel) -Fix trigger/type/language functions returning OPAQUE to return proper type (Tom) - - - - - Internationalization - -Add additional encodings: Korean (JOHAB), Thai (WIN874), Vietnamese (TCVN), Arabic (WIN1256), Simplified Chinese (GBK), Korean (UHC) (Eiji Tokuya) -Enable locale support by default (Peter) -Add locale variables (Peter) -Escape byes >= 0x7f for multibyte in PQescapeBytea/PQunescapeBytea (Tatsuo) -Add locale awareness to regular expression character classes -Enable multibyte support by default (Tatsuo) -Add GB18030 multibyte support (Bill Huang) -Add CREATE/DROP CONVERSION, allowing loadable encodings (Tatsuo, Kaori) -Add pg_conversion table (Tatsuo) -Add SQL99 CONVERT() function (Tatsuo) -pg_dumpall, pg_controldata, and pg_resetxlog now national-language aware (Peter) -New and updated translations - - - - - Server-side Languages - -Allow recursive SQL function (Peter) -Change PL/Tcl build to use configured compiler and Makefile.shlib (Peter) -Overhaul the PL/pgSQL FOUND variable to be more Oracle-compatible (Neil, Tom) -Allow PL/pgSQL to handle quoted identifiers (Tom) -Allow set-returning PL/pgSQL functions (Neil) -Make PL/pgSQL schema-aware (Joe) -Remove some memory leaks (Nigel J. Andrews, Tom) - - - - - psql - -Don't lowercase psql \connect database name for 7.2.0 compatibility (Tom) -Add psql \timing to time user queries (Greg Sabino Mullane) -Have psql \d show index information (Greg Sabino Mullane) -New psql \dD shows domains (Jonathan Eisler) -Allow psql to show rules on views (Paul ?) -Fix for psql variable substitution (Tom) -Allow psql \d to show temporary table structure (Tom) -Allow psql \d to show foreign keys (Rod) -Fix \? to honor \pset pager (Bruce) -Have psql reports its version number on startup (Tom) -Allow \copy to specify column names (Tom) - - - - - libpq - -Add ~/.pgpass to store host/user password combinations (Alvaro Herrera) -Add PQunescapeBytea() function to libpq (Patrick Welche) -Fix for sending large queries over non-blocking connections (Bernhard Herzog) -Fix for libpq using timers on Win9X (David Ford) -Allow libpq notify to handle servers with different-length identifiers (Tom) -Add libpq PQescapeString() and PQescapeBytea() to Windows (Bruce) -Fix for SSL with non-blocking connections (Jack Bates) -Add libpq connection timeout parameter (Denis A Ustimenko) - - - - - JDBC - -Allow JDBC to compile with JDK 1.4 (Dave) -Add JDBC 3 support (Barry) -Allows JDBC to set loglevel by adding ?loglevel=X to the connection URL (Barry) -Add Driver.info() message that prints out the version number (Barry) -Add updateable result sets (Raghu Nidagal, Dave) -Add support for callable statements (Paul Bethe) -Add query cancel capability -Add refresh row (Dave) -Fix MD5 encryption handling for multibyte servers (Jun Kawai) -Add support for prepared statements (Barry) - - - - - Miscellaneous Interfaces - -Fixed ECPG bug concerning octal numbers in single quotes (Michael) -Move src/interfaces/libpgeasy to http://gborg.postgresql.org (Marc, Bruce) -Improve Python interface (Elliot Lee, Andrew Johnson, Greg Copeland) -Add libpgtcl connection close event (Gerhard Hintermayer) -Move src/interfaces/libpq++ to http://gborg.postgresql.org (Marc, Bruce) -Move src/interfaces/odbc to http://gborg.postgresql.org (Marc) -Move src/interfaces/libpgeasy to http://gborg.postgresql.org (Marc, Bruce) -Move src/interfaces/perl5 to http://gborg.postgresql.org (Marc, Bruce) -Remove src/bin/pgaccess from main tree, now at http://www.pgaccess.org (Bruce) -Add pg_on_connection_loss command to libpgtcl (Gerhard Hintermayer, Tom) - - - - - Source Code - -Fix for parallel make (Peter) -AIX fixes for linking Tcl (Andreas Zeugswetter) -Allow PL/Perl to build under Cygwin (Jason Tishler) -Improve MIPS compiles (Peter, Oliver Elphick) -Require Autoconf version 2.53 (Peter) -Require readline and zlib by default in configure (Peter) -Allow Solaris to use Intimate Shared Memory (ISM), for performance (Scott Brunza, P.J. Josh Rovero) -Always enable syslog in compile, remove --enable-syslog option (Tatsuo) -Always enable multibyte in compile, remove --enable-multibyte option (Tatsuo) -Always enable locale in compile, remove --enable-locale option (Peter) -Fix for Win9x DLL creation (Magnus Naeslund) -Fix for link() usage by WAL code on Windows, BeOS (Jason Tishler) -Add sys/types.h to c.h, remove from main files (Peter, Bruce) -Fix AIX hang on SMP machines (Tomoyuki Niijima) -AIX SMP hang fix (Tomoyuki Niijima) -Fix pre-1970 date handling on newer glibc libraries (Tom) -Fix PowerPC SMP locking (Tom) -Prevent gcc -ffast-math from being used (Peter, Tom) -Bison >= 1.50 now required for developer builds -Kerberos 5 support now builds with Heimdal (Peter) -Add appendix in the User's Guide which lists SQL features (Thomas) -Improve loadable module linking to use RTLD_NOW (Tom) -New error levels WARNING, INFO, LOG, DEBUG[1-5] (Bruce) -New src/port directory holds replaced libc functions (Peter, Bruce) -New pg_namespace system catalog for schemas (Tom) -Add pg_class.relnamespace for schemas (Tom) -Add pg_type.typnamespace for schemas (Tom) -Add pg_proc.pronamespace for schemas (Tom) -Restructure aggregates to have pg_proc entries (Tom) -System relations now have their own namespace, pg_* test not required (Fernando Nasser) -Rename TOAST index names to be *_index rather than *_idx (Neil) -Add namespaces for operators, opclasses (Tom) -Add additional checks to server control file (Thomas) -New Polish FAQ (Marcin Mazurek) -Add Posix semaphore support (Tom) -Document need for reindex (Bruce) -Rename some internal identifiers to simplify Windows compile (Jan, Katherine Ward) -Add documentation on computing disk space (Bruce) -Remove KSQO from GUC (Bruce) -Fix memory leak in rtree (Kenneth Been) -Modify a few error messages for consistency (Bruce) -Remove unused system table columns (Peter) -Make system columns NOT NULL where appropriate (Tom) -Clean up use of sprintf in favor of snprintf() (Neil, Jukka Holappa) -Remove OPAQUE and create specific subtypes (Tom) -Cleanups in array internal handling (Joe, Tom) -Disallow pg_atoi('') (Bruce) -Remove parameter wal_files because WAL files are now recycled (Bruce) -Add version numbers to heap pages (Tom) - - - - - Contrib - -Allow inet arrays in /contrib/array (Neil) -GiST fixes (Teodor Sigaev, Neil) -Upgrade /contrib/mysql -Add /contrib/dbsize which shows table sizes without vacuum (Peter) -Add /contrib/intagg, integer aggregator routines (mlw) -Improve /contrib/oid2name (Neil, Bruce) -Improve /contrib/tsearch (Oleg, Teodor Sigaev) -Cleanups of /contrib/rserver (Alexey V. Borzov) -Update /contrib/oracle conversion utility (Gilles Darold) -Update /contrib/dblink (Joe) -Improve options supported by /contrib/vacuumlo (Mario Weilguni) -Improvements to /contrib/intarray (Oleg, Teodor Sigaev, Andrey Oktyabrski) -Add /contrib/reindexdb utility (Shaun Thomas) -Add indexing to /contrib/isbn_issn (Dan Weston) -Add /contrib/dbmirror (Steven Singer) -Improve /contrib/pgbench (Neil) -Add /contrib/tablefunc table function examples (Joe) -Add /contrib/ltree data type for tree structures (Teodor Sigaev, Oleg Bartunov) -Move /contrib/pg_controldata, pg_resetxlog into main tree (Bruce) -Fixes to /contrib/cube (Bruno Wolff) -Improve /contrib/fulltextindex (Christopher) - - - - - - - - Release 7.2.8 - - - Release date: - 2005-05-09 - - - - This release contains a variety of fixes from 7.2.7, including one - security-related issue. - - - - Migration to Version 7.2.8 - - - A dump/restore is not required for those running 7.2.X. - - - - - Changes - - -Repair ancient race condition that allowed a transaction to be -seen as committed for some purposes (eg SELECT FOR UPDATE) slightly sooner -than for other purposes -This is an extremely serious bug since it could lead to apparent -data inconsistencies being briefly visible to applications. -Repair race condition between relation extension and -VACUUM -This could theoretically have caused loss of a page's worth of -freshly-inserted data, although the scenario seems of very low probability. -There are no known cases of it having caused more than an Assert failure. - -Fix EXTRACT(EPOCH) for -TIME WITH TIME ZONE values -Additional buffer overrun checks in plpgsql -(Neil) -Fix pg_dump to dump index names and trigger names containing -% correctly (Neil) -Prevent to_char(interval) from dumping core for -month-related formats -Fix contrib/pgcrypto for newer OpenSSL builds -(Marko Kreen) - - - - - - - Release 7.2.7 - - - Release date: - 2005-01-31 - - - - This release contains a variety of fixes from 7.2.6, including several - security-related issues. - - - - Migration to Version 7.2.7 - - - A dump/restore is not required for those running 7.2.X. - - - - - Changes - - -Disallow LOAD to non-superusers - -On platforms that will automatically execute initialization functions of a -shared library (this includes at least Windows and ELF-based Unixen), -LOAD can be used to make the server execute arbitrary code. -Thanks to NGS Software for reporting this. -Add needed STRICT marking to some contrib functions (Kris -Jurka) -Avoid buffer overrun when plpgsql cursor declaration has too -many parameters (Neil) -Fix planning error for FULL and RIGHT outer joins - -The result of the join was mistakenly supposed to be sorted the same as the -left input. This could not only deliver mis-sorted output to the user, but -in case of nested merge joins could give outright wrong answers. - -Fix display of negative intervals in SQL and GERMAN -datestyles - - - - - - - Release 7.2.6 - - - Release date: - 2004-10-22 - - - - This release contains a variety of fixes from 7.2.5. - - - - - Migration to Version 7.2.6 - - - A dump/restore is not required for those running 7.2.X. - - - - - Changes - - -Repair possible failure to update hint bits on disk - -Under rare circumstances this oversight could lead to -could not access transaction status failures, which qualifies -it as a potential-data-loss bug. - -Ensure that hashed outer join does not miss tuples - -Very large left joins using a hash join plan could fail to output unmatched -left-side rows given just the right data distribution. - -Disallow running pg_ctl as root - -This is to guard against any possible security issues. - -Avoid using temp files in /tmp in make_oidjoins_check - -This has been reported as a security issue, though it's hardly worthy of -concern since there is no reason for non-developers to use this script anyway. - -Update to newer versions of Bison - - - - - - - Release 7.2.5 - - - Release date: - 2004-08-16 - - - - This release contains a variety of fixes from 7.2.4. - - - - - Migration to Version 7.2.5 - - - A dump/restore is not required for those running 7.2.X. - - - - - Changes - - -Prevent possible loss of committed transactions during crash - -Due to insufficient interlocking between transaction commit and checkpointing, -it was possible for transactions committed just before the most recent -checkpoint to be lost, in whole or in part, following a database crash and -restart. This is a serious bug that has existed -since PostgreSQL 7.1. - -Fix corner case for btree search in parallel with first root page split -Fix buffer overrun in to_ascii (Guido Notari) -Fix core dump in deadlock detection on machines where char is unsigned -Fix failure to respond to pg_ctl stop -m fast after Async_NotifyHandler runs -Repair memory leaks in pg_dump -Avoid conflict with system definition of isblank() function or macro - - - - - - Release 7.2.4 - - - Release date: - 2003-01-30 - - - - This release contains a variety of fixes for version 7.2.3, - including fixes to prevent possible data loss. - - - - Migration to Version 7.2.4 - - - A dump/restore is not required for those - running version 7.2.*. - - - - - Changes - - -Fix some additional cases of VACUUM "No one parent tuple was found" error -Prevent VACUUM from being called inside a function (Bruce) -Ensure pg_clog updates are sync'd to disk before marking checkpoint complete -Avoid integer overflow during large hash joins -Make GROUP commands work when pg_group.grolist is large enough to be toasted -Fix errors in datetime tables; some timezone names weren't being recognized -Fix integer overflows in circle_poly(), path_encode(), path_add() (Neil) -Repair long-standing logic errors in lseg_eq(), lseg_ne(), lseg_center() - - - - - - - Release 7.2.3 - - - Release date: - 2002-10-01 - - - - This release contains a variety of fixes for version 7.2.2, - including fixes to prevent possible data loss. - - - - Migration to Version 7.2.3 - - - A dump/restore is not required for those - running version 7.2.*. - - - - - Changes - - -Prevent possible compressed transaction log loss (Tom) -Prevent non-superuser from increasing most recent vacuum info (Tom) -Handle pre-1970 date values in newer versions of glibc (Tom) -Fix possible hang during server shutdown -Prevent spinlock hangs on SMP PPC machines (Tomoyuki Niijima) -Fix pg_dump to properly dump FULL JOIN USING (Tom) - - - - - - - Release 7.2.2 - - - Release date: - 2002-08-23 - - - - This release contains a variety of fixes for version 7.2.1. - - - - Migration to Version 7.2.2 - - - A dump/restore is not required for those - running version 7.2.*. - - - - - Changes - - -Allow EXECUTE of "CREATE TABLE AS ... SELECT" in PL/pgSQL (Tom) -Fix for compressed transaction log id wraparound (Tom) -Fix PQescapeBytea/PQunescapeBytea so that they handle bytes > 0x7f (Tatsuo) -Fix for psql and pg_dump crashing when invoked with non-existent long options (Tatsuo) -Fix crash when invoking geometric operators (Tom) -Allow OPEN cursor(args) (Tom) -Fix for rtree_gist index build (Teodor) -Fix for dumping user-defined aggregates (Tom) -contrib/intarray fixes (Oleg) -Fix for complex UNION/EXCEPT/INTERSECT queries using parens (Tom) -Fix to pg_convert (Tatsuo) -Fix for crash with long DATA strings (Thomas, Neil) -Fix for repeat(), lpad(), rpad() and long strings (Neil) - - - - - - - Release 7.2.1 - - - Release date: - 2002-03-21 - - - - This release contains a variety of fixes for version 7.2. - - - - Migration to Version 7.2.1 - - - A dump/restore is not required for those - running version 7.2. - - - - - Changes - - -Ensure that sequence counters do not go backwards after a crash (Tom) -Fix pgaccess kanji-conversion key binding (Tatsuo) -Optimizer improvements (Tom) -Cash I/O improvements (Tom) -New Russian FAQ -Compile fix for missing AuthBlockSig (Heiko) -Additional time zones and time zone fixes (Thomas) -Allow psql \connect to handle mixed case database and user names (Tom) -Return proper OID on command completion even with ON INSERT rules (Tom) -Allow COPY FROM to use 8-bit DELIMITERS (Tatsuo) -Fix bug in extract/date_part for milliseconds/microseconds (Tatsuo) -Improve handling of multiple UNIONs with different lengths (Tom) -contrib/btree_gist improvements (Teodor Sigaev) -contrib/tsearch dictionary improvements, see README.tsearch for an additional installation step (Thomas T. Thai, Teodor Sigaev) -Fix for array subscripts handling (Tom) -Allow EXECUTE of "CREATE TABLE AS ... SELECT" in PL/pgSQL (Tom) - - - - - - - Release 7.2 - - - Release date: - 2002-02-04 - - - - Overview - - - This release improves PostgreSQL for use in - high-volume applications. - - - - Major changes in this release: - - - - - VACUUM - - - Vacuuming no longer locks tables, thus allowing normal user - access during the vacuum. A new VACUUM FULL - command does old-style vacuum by locking the table and - shrinking the on-disk copy of the table. - - - - - - Transactions - - - There is no longer a problem with installations that exceed - four billion transactions. - - - - - - OIDs - - - OIDs are now optional. Users can now create tables without - OIDs for cases where OID usage is excessive. - - - - - - Optimizer - - - The system now computes histogram column statistics during - ANALYZE, allowing much better optimizer choices. - - - - - - Security - - - A new MD5 encryption option allows more secure storage and - transfer of passwords. A new Unix-domain socket - authentication option is available on Linux and BSD systems. - - - - - - Statistics - - - Administrators can use the new table access statistics module - to get fine-grained information about table and index usage. - - - - - - Internationalization - - - Program and library messages can now be displayed in several - languages. - - - - - - - - - Migration to Version 7.2 - - - A dump/restore using pg_dump is required for - those wishing to migrate data from any previous release. - - - - Observe the following incompatibilities: - - - - - - The semantics of the VACUUM command have - changed in this release. You might wish to update your - maintenance procedures accordingly. - - - - - - In this release, comparisons using = NULL - will always return false (or NULL, more precisely). Previous - releases automatically transformed this syntax to IS - NULL. The old behavior can be re-enabled using a - postgresql.conf parameter. - - - - - - The pg_hba.conf and pg_ident.conf - configuration is now only reloaded after receiving a - SIGHUP signal, not with each connection. - - - - - - The function octet_length() now returns the uncompressed data length. - - - - - - The date/time value 'current' is no longer - available. You will need to rewrite your applications. - - - - - - The timestamp(), time(), - and interval() functions are no longer - available. Instead of timestamp(), use - timestamp 'string' or CAST. - - - - - - - The SELECT ... LIMIT #,# syntax will be removed - in the next release. You should change your queries to use - separate LIMIT and OFFSET clauses, e.g. LIMIT 10 OFFSET - 20. - - - - - Changes - - - Server Operation - -Create temporary files in a separate directory (Bruce) -Delete orphaned temporary files on postmaster startup (Bruce) -Added unique indexes to some system tables (Tom) -System table operator reorganization (Oleg Bartunov, Teodor Sigaev, Tom) -Renamed pg_log to pg_clog (Tom) -Enable SIGTERM, SIGQUIT to kill backends (Jan) -Removed compile-time limit on number of backends (Tom) -Better cleanup for semaphore resource failure (Tatsuo, Tom) -Allow safe transaction ID wraparound (Tom) -Removed OIDs from some system tables (Tom) -Removed "triggered data change violation" error check (Tom) -SPI portal creation of prepared/saved plans (Jan) -Allow SPI column functions to work for system columns (Tom) -Long value compression improvement (Tom) -Statistics collector for table, index access (Jan) -Truncate extra-long sequence names to a reasonable value (Tom) -Measure transaction times in milliseconds (Thomas) -Fix TID sequential scans (Hiroshi) -Superuser ID now fixed at 1 (Peter E) -New pg_ctl "reload" option (Tom) - - - - - Performance - -Optimizer improvements (Tom) -New histogram column statistics for optimizer (Tom) -Reuse write-ahead log files rather than discarding them (Tom) -Cache improvements (Tom) -IS NULL, IS NOT NULL optimizer improvement (Tom) -Improve lock manager to reduce lock contention (Tom) -Keep relcache entries for index access support functions (Tom) -Allow better selectivity with NaN and infinities in NUMERIC (Tom) -R-tree performance improvements (Kenneth Been) -B-tree splits more efficient (Tom) - - - - - Privileges - -Change UPDATE, DELETE privileges to be distinct (Peter E) -New REFERENCES, TRIGGER privileges (Peter E) -Allow GRANT/REVOKE to/from more than one user at a time (Peter E) -New has_table_privilege() function (Joe Conway) -Allow non-superuser to vacuum database (Tom) -New SET SESSION AUTHORIZATION command (Peter E) -Fix bug in privilege modifications on newly created tables (Tom) -Disallow access to pg_statistic for non-superuser, add user-accessible views (Tom) - - - - - Client Authentication - -Fork postmaster before doing authentication to prevent hangs (Peter E) -Add ident authentication over Unix domain sockets on Linux, *BSD (Helge Bahmann, Oliver Elphick, Teodor Sigaev, Bruce) -Add a password authentication method that uses MD5 encryption (Bruce) -Allow encryption of stored passwords using MD5 (Bruce) -PAM authentication (Dominic J. Eidson) -Load pg_hba.conf and pg_ident.conf only on startup and SIGHUP (Bruce) - - - - - Server Configuration - -Interpretation of some time zone abbreviations as Australian rather than North American now settable at run time (Bruce) -New parameter to set default transaction isolation level (Peter E) -New parameter to enable conversion of "expr = NULL" into "expr IS NULL", off by default (Peter E) -New parameter to control memory usage by VACUUM (Tom) -New parameter to set client authentication timeout (Tom) -New parameter to set maximum number of open files (Tom) - - - - - Queries - -Statements added by INSERT rules now execute after the INSERT (Jan) -Prevent unadorned relation names in target list (Bruce) -NULLs now sort after all normal values in ORDER BY (Tom) -New IS UNKNOWN, IS NOT UNKNOWN Boolean tests (Tom) -New SHARE UPDATE EXCLUSIVE lock mode (Tom) -New EXPLAIN ANALYZE command that shows run times and row counts (Martijn van Oosterhout) -Fix problem with LIMIT and subqueries (Tom) -Fix for LIMIT, DISTINCT ON pushed into subqueries (Tom) -Fix nested EXCEPT/INTERSECT (Tom) - - - - - Schema Manipulation - -Fix SERIAL in temporary tables (Bruce) -Allow temporary sequences (Bruce) -Sequences now use int8 internally (Tom) -New SERIAL8 creates int8 columns with sequences, default still SERIAL4 (Tom) -Make OIDs optional using WITHOUT OIDS (Tom) -Add %TYPE syntax to CREATE TYPE (Ian Lance Taylor) -Add ALTER TABLE / DROP CONSTRAINT for CHECK constraints (Christopher Kings-Lynne) -New CREATE OR REPLACE FUNCTION to alter existing function (preserving the function OID) (Gavin Sherry) -Add ALTER TABLE / ADD [ UNIQUE | PRIMARY ] (Christopher Kings-Lynne) -Allow column renaming in views -Make ALTER TABLE / RENAME COLUMN update column names of indexes (Brent Verner) -Fix for ALTER TABLE / ADD CONSTRAINT ... CHECK with inherited tables (Stephan Szabo) -ALTER TABLE RENAME update foreign-key trigger arguments correctly (Brent Verner) -DROP AGGREGATE and COMMENT ON AGGREGATE now accept an aggtype (Tom) -Add automatic return type data casting for SQL functions (Tom) -Allow GiST indexes to handle NULLs and multikey indexes (Oleg Bartunov, Teodor Sigaev, Tom) -Enable partial indexes (Martijn van Oosterhout) - - - - - Utility Commands - -Add RESET ALL, SHOW ALL (Marko Kreen) -CREATE/ALTER USER/GROUP now allow options in any order (Vince) -Add LOCK A, B, C functionality (Neil Padgett) -New ENCRYPTED/UNENCRYPTED option to CREATE/ALTER USER (Bruce) -New light-weight VACUUM does not lock table; old semantics are available as VACUUM FULL (Tom) -Disable COPY TO/FROM on views (Bruce) -COPY DELIMITERS string must be exactly one character (Tom) -VACUUM warning about index tuples fewer than heap now only appears when appropriate (Martijn van Oosterhout) -Fix privilege checks for CREATE INDEX (Tom) -Disallow inappropriate use of CREATE/DROP INDEX/TRIGGER/VIEW (Tom) - - - - - Data Types and Functions - -SUM(), AVG(), COUNT() now uses int8 internally for speed (Tom) -Add convert(), convert2() (Tatsuo) -New function bit_length() (Peter E) -Make the "n" in CHAR(n)/VARCHAR(n) represents letters, not bytes (Tatsuo) -CHAR(), VARCHAR() now reject strings that are too long (Peter E) -BIT VARYING now rejects bit strings that are too long (Peter E) -BIT now rejects bit strings that do not match declared size (Peter E) -INET, CIDR text conversion functions (Alex Pilosov) -INET, CIDR operators << and <<= indexable (Alex Pilosov) -Bytea \### now requires valid three digit octal number -Bytea comparison improvements, now supports =, <>, >, >=, <, and <= -Bytea now supports B-tree indexes -Bytea now supports LIKE, LIKE...ESCAPE, NOT LIKE, NOT LIKE...ESCAPE -Bytea now supports concatenation -New bytea functions: position, substring, trim, btrim, and length -New encode() function mode, "escaped", converts minimally escaped bytea to/from text -Add pg_database_encoding_max_length() (Tatsuo) -Add pg_client_encoding() function (Tatsuo) -now() returns time with millisecond precision (Thomas) -New TIMESTAMP WITHOUT TIMEZONE data type (Thomas) -Add ISO date/time specification with "T", yyyy-mm-ddThh:mm:ss (Thomas) -New xid/int comparison functions (Hiroshi) -Add precision to TIME, TIMESTAMP, and INTERVAL data types (Thomas) -Modify type coercion logic to attempt binary-compatible functions first (Tom) -New encode() function installed by default (Marko Kreen) -Improved to_*() conversion functions (Karel Zak) -Optimize LIKE/ILIKE when using single-byte encodings (Tatsuo) -New functions in contrib/pgcrypto: crypt(), hmac(), encrypt(), gen_salt() (Marko Kreen) -Correct description of translate() function (Bruce) -Add INTERVAL argument for SET TIME ZONE (Thomas) -Add INTERVAL YEAR TO MONTH (etc.) syntax (Thomas) -Optimize length functions when using single-byte encodings (Tatsuo) -Fix path_inter, path_distance, path_length, dist_ppath to handle closed paths (Curtis Barrett, Tom) -octet_length(text) now returns non-compressed length (Tatsuo, Bruce) -Handle "July" full name in date/time literals (Greg Sabino Mullane) -Some datatype() function calls now evaluated differently -Add support for Julian and ISO time specifications (Thomas) - - - - - Internationalization - -National language support in psql, pg_dump, libpq, and server (Peter E) -Message translations in Chinese (simplified, traditional), Czech, French, German, Hungarian, Russian, Swedish (Peter E, Serguei A. Mokhov, Karel Zak, Weiping He, Zhenbang Wei, Kovacs Zoltan) -Make trim, ltrim, rtrim, btrim, lpad, rpad, translate multibyte aware (Tatsuo) -Add LATIN5,6,7,8,9,10 support (Tatsuo) -Add ISO 8859-5,6,7,8 support (Tatsuo) -Correct LATIN5 to mean ISO-8859-9, not ISO-8859-5 (Tatsuo) -Make mic2ascii() non-ASCII aware (Tatsuo) -Reject invalid multibyte character sequences (Tatsuo) - - - - - <application>PL/pgSQL</> - -Now uses portals for SELECT loops, allowing huge result sets (Jan) -CURSOR and REFCURSOR support (Jan) -Can now return open cursors (Jan) -Add ELSEIF (Klaus Reger) -Improve PL/pgSQL error reporting, including location of error (Tom) -Allow IS or FOR key words in cursor declaration, for compatibility (Bruce) -Fix for SELECT ... FOR UPDATE (Tom) -Fix for PERFORM returning multiple rows (Tom) -Make PL/pgSQL use the server's type coercion code (Tom) -Memory leak fix (Jan, Tom) -Make trailing semicolon optional (Tom) - - - - - PL/Perl - -New untrusted PL/Perl (Alex Pilosov) -PL/Perl is now built on some platforms even if libperl is not shared (Peter E) - - - - - PL/Tcl - -Now reports errorInfo (Vsevolod Lobko) -Add spi_lastoid function (bob@redivi.com) - - - - - PL/Python - -...is new (Andrew Bosma) - - - - - <application>psql</> - -\d displays indexes in unique, primary groupings (Christopher Kings-Lynne) -Allow trailing semicolons in backslash commands (Greg Sabino Mullane) -Read password from /dev/tty if possible -Force new password prompt when changing user and database (Tatsuo, Tom) -Format the correct number of columns for Unicode (Patrice) - - - - - <application>libpq</> - -New function PQescapeString() to escape quotes in command strings (Florian Weimer) -New function PQescapeBytea() escapes binary strings for use as SQL string literals - - - - - JDBC - -Return OID of INSERT (Ken K) -Handle more data types (Ken K) -Handle single quotes and newlines in strings (Ken K) -Handle NULL variables (Ken K) -Fix for time zone handling (Barry Lind) -Improved Druid support -Allow eight-bit characters with non-multibyte server (Barry Lind) -Support BIT, BINARY types (Ned Wolpert) -Reduce memory usage (Michael Stephens, Dave Cramer) -Update DatabaseMetaData (Peter E) -Add DatabaseMetaData.getCatalogs() (Peter E) -Encoding fixes (Anders Bengtsson) -Get/setCatalog methods (Jason Davies) -DatabaseMetaData.getColumns() now returns column defaults (Jason Davies) -DatabaseMetaData.getColumns() performance improvement (Jeroen van Vianen) -Some JDBC1 and JDBC2 merging (Anders Bengtsson) -Transaction performance improvements (Barry Lind) -Array fixes (Greg Zoller) -Serialize addition -Fix batch processing (Rene Pijlman) -ExecSQL method reorganization (Anders Bengtsson) -GetColumn() fixes (Jeroen van Vianen) -Fix isWriteable() function (Rene Pijlman) -Improved passage of JDBC2 conformance tests (Rene Pijlman) -Add bytea type capability (Barry Lind) -Add isNullable() (Rene Pijlman) -JDBC date/time test suite fixes (Liam Stewart) -Fix for SELECT 'id' AS xxx FROM table (Dave Cramer) -Fix DatabaseMetaData to show precision properly (Mark Lillywhite) -New getImported/getExported keys (Jason Davies) -MD5 password encryption support (Jeremy Wohl) -Fix to actually use type cache (Ned Wolpert) - - - - - ODBC - -Remove query size limit (Hiroshi) -Remove text field size limit (Hiroshi) -Fix for SQLPrimaryKeys in multibyte mode (Hiroshi) -Allow ODBC procedure calls (Hiroshi) -Improve boolean handing (Aidan Mountford) -Most configuration options now settable via DSN (Hiroshi) -Multibyte, performance fixes (Hiroshi) -Allow driver to be used with iODBC or unixODBC (Peter E) -MD5 password encryption support (Bruce) -Add more compatibility functions to odbc.sql (Peter E) - - - - - <application>ECPG</> - -EXECUTE ... INTO implemented (Christof Petig) -Multiple row descriptor support (e.g. CARDINALITY) (Christof Petig) -Fix for GRANT parameters (Lee Kindness) -Fix INITIALLY DEFERRED bug -Various bug fixes (Michael, Christof Petig) -Auto allocation for indicator variable arrays (int *ind_p=NULL) -Auto allocation for string arrays (char **foo_pp=NULL) -ECPGfree_auto_mem fixed -All function names with external linkage are now prefixed by ECPG -Fixes for arrays of structures (Michael) - - - - - Misc. Interfaces - -Python fix fetchone() (Gerhard Haring) -Use UTF, Unicode in Tcl where appropriate (Vsevolod Lobko, Reinhard Max) -Add Tcl COPY TO/FROM (ljb) -Prevent output of default index op class in pg_dump (Tom) -Fix libpgeasy memory leak (Bruce) - - - - - Build and Install - -Configure, dynamic loader, and shared library fixes (Peter E) -Fixes in QNX 4 port (Bernd Tegge) -Fixes in Cygwin and Windows ports (Jason Tishler, Gerhard Haring, Dmitry Yurtaev, Darko Prenosil, Mikhail Terekhov) -Fix for Windows socket communication failures (Magnus, Mikhail Terekhov) -Hurd compile fix (Oliver Elphick) -BeOS fixes (Cyril Velter) -Remove configure --enable-unicode-conversion, now enabled by multibyte (Tatsuo) -AIX fixes (Tatsuo, Andreas) -Fix parallel make (Peter E) -Install SQL language manual pages into OS-specific directories (Peter E) -Rename config.h to pg_config.h (Peter E) -Reorganize installation layout of header files (Peter E) - - - - - Source Code - -Remove SEP_CHAR (Bruce) -New GUC hooks (Tom) -Merge GUC and command line handling (Marko Kreen) -Remove EXTEND INDEX (Martijn van Oosterhout, Tom) -New pgjindent utility to indent java code (Bruce) -Remove define of true/false when compiling under C++ (Leandro Fanzone, Tom) -pgindent fixes (Bruce, Tom) -Replace strcasecmp() with strcmp() where appropriate (Peter E) -Dynahash portability improvements (Tom) -Add 'volatile' usage in spinlock structures -Improve signal handling logic (Tom) - - - - - Contrib - -New contrib/rtree_gist (Oleg Bartunov, Teodor Sigaev) -New contrib/tsearch full-text indexing (Oleg, Teodor Sigaev) -Add contrib/dblink for remote database access (Joe Conway) -contrib/ora2pg Oracle conversion utility (Gilles Darold) -contrib/xml XML conversion utility (John Gray) -contrib/fulltextindex fixes (Christopher Kings-Lynne) -New contrib/fuzzystrmatch with levenshtein and metaphone, soundex merged (Joe Conway) -Add contrib/intarray boolean queries, binary search, fixes (Oleg Bartunov) -New pg_upgrade utility (Bruce) -Add new pg_resetxlog options (Bruce, Tom) - - - - - - - - Release 7.1.3 - - - Release date: - 2001-08-15 - - - - Migration to Version 7.1.3 - - - A dump/restore is not required for those running - 7.1.X. - - - - - Changes - - - -Remove unused WAL segments of large transactions (Tom) -Multiaction rule fix (Tom) -PL/pgSQL memory allocation fix (Jan) -VACUUM buffer fix (Tom) -Regression test fixes (Tom) -pg_dump fixes for GRANT/REVOKE/comments on views, user-defined types (Tom) -Fix subselects with DISTINCT ON or LIMIT (Tom) -BeOS fix -Disable COPY TO/FROM a view (Tom) -Cygwin build (Jason Tishler) - - - - - - - - Release 7.1.2 - - - Release date: - 2001-05-11 - - - - This has one fix from 7.1.1. - - - - - Migration to Version 7.1.2 - - - A dump/restore is not required for those running - 7.1.X. - - - - - Changes - - - -Fix PL/pgSQL SELECTs when returning no rows -Fix for psql backslash core dump -Referential integrity privilege fix -Optimizer fixes -pg_dump cleanups - - - - - - - - Release 7.1.1 - - - Release date: - 2001-05-05 - - - - This has a variety of fixes from 7.1. - - - - - Migration to Version 7.1.1 - - - A dump/restore is not required for those running - 7.1. - - - - - Changes - - - -Fix for numeric MODULO operator (Tom) -pg_dump fixes (Philip) -pg_dump can dump 7.0 databases (Philip) -readline 4.2 fixes (Peter E) -JOIN fixes (Tom) -AIX, MSWIN, VAX, N32K fixes (Tom) -Multibytes fixes (Tom) -Unicode fixes (Tatsuo) -Optimizer improvements (Tom) -Fix for whole rows in functions (Tom) -Fix for pg_ctl and option strings with spaces (Peter E) -ODBC fixes (Hiroshi) -EXTRACT can now take string argument (Thomas) -Python fixes (Darcy) - - - - - - - - Release 7.1 - - - Release date: - 2001-04-13 - - - - This release focuses on removing limitations that have existed in the - PostgreSQL code for many years. - - - - Major changes in this release: - - - - - - Write-ahead Log (WAL) - - - -To maintain database consistency in case of an operating system crash, -previous releases of PostgreSQL have forced -all data modifications to disk before each transaction commit. With -WAL, only one log file must be flushed to disk, greatly improving -performance. If you have been using -F in previous releases to -disable disk flushes, you might want to consider discontinuing its use. - - - - - - - TOAST - - - - TOAST - Previous releases had a compiled-in row length limit, -typically 8k - 32k. This limit made storage of long text fields -difficult. With TOAST, long rows of any length can be stored with good -performance. - - - - - - - Outer Joins - - - -We now support outer joins. The UNION/NOT IN -workaround for outer joins is no longer required. We use the SQL92 -outer join syntax. - - - - - - - Function Manager - - - -The previous C function manager did not -handle null values properly, nor did it support 64-bit CPU's (Alpha). The new -function manager does. You can continue using your old custom -functions, but you might want to rewrite them in the future to use the new -function manager call interface. - - - - - - - Complex Queries - - - -A large number of complex queries that were -unsupported in previous releases now work. Many combinations of views, -aggregates, UNION, LIMIT, cursors, subqueries, and inherited tables -now work properly. Inherited tables are now accessed by default. -Subqueries in FROM are now supported. - - - - - - - - Migration to Version 7.1 - - - A dump/restore using pg_dump is required for those wishing to migrate - data from any previous release. - - - - - Changes - - - -Bug Fixes ---------- -Many multibyte/Unicode/locale fixes (Tatsuo and others) -More reliable ALTER TABLE RENAME (Tom) -Kerberos V fixes (David Wragg) -Fix for INSERT INTO...SELECT where targetlist has subqueries (Tom) -Prompt username/password on standard error (Bruce) -Large objects inv_read/inv_write fixes (Tom) -Fixes for to_char(), to_date(), to_ascii(), and to_timestamp() (Karel, - Daniel Baldoni) -Prevent query expressions from leaking memory (Tom) -Allow UPDATE of arrays elements (Tom) -Wake up lock waiters during cancel (Hiroshi) -Fix rare cursor crash when using hash join (Tom) -Fix for DROP TABLE/INDEX in rolled-back transaction (Hiroshi) -Fix psql crash from \l+ if MULTIBYTE enabled (Peter E) -Fix truncation of rule names during CREATE VIEW (Ross Reedstrom) -Fix PL/perl (Alex Kapranoff) -Disallow LOCK on views (Mark Hollomon) -Disallow INSERT/UPDATE/DELETE on views (Mark Hollomon) -Disallow DROP RULE, CREATE INDEX, TRUNCATE on views (Mark Hollomon) -Allow PL/pgSQL accept non-ASCII identifiers (Tatsuo) -Allow views to proper handle GROUP BY, aggregates, DISTINCT (Tom) -Fix rare failure with TRUNCATE command (Tom) -Allow UNION/INTERSECT/EXCEPT to be used with ALL, subqueries, views, - DISTINCT, ORDER BY, SELECT...INTO (Tom) -Fix parser failures during aborted transactions (Tom) -Allow temporary relations to properly clean up indexes (Bruce) -Fix VACUUM problem with moving rows in same page (Tom) -Modify pg_dump to better handle user-defined items in template1 (Philip) -Allow LIMIT in VIEW (Tom) -Require cursor FETCH to honor LIMIT (Tom) -Allow PRIMARY/FOREIGN Key definitions on inherited columns (Stephan) -Allow ORDER BY, LIMIT in subqueries (Tom) -Allow UNION in CREATE RULE (Tom) -Make ALTER/DROP TABLE rollback-able (Vadim, Tom) -Store initdb collation in pg_control so collation cannot be changed (Tom) -Fix INSERT...SELECT with rules (Tom) -Fix FOR UPDATE inside views and subselects (Tom) -Fix OVERLAPS operators conform to SQL92 spec regarding NULLs (Tom) -Fix lpad() and rpad() to handle length less than input string (Tom) -Fix use of NOTIFY in some rules (Tom) -Overhaul btree code (Tom) -Fix NOT NULL use in Pl/pgSQL variables (Tom) -Overhaul GIST code (Oleg) -Fix CLUSTER to preserve constraints and column default (Tom) -Improved deadlock detection handling (Tom) -Allow multiple SERIAL columns in a table (Tom) -Prevent occasional index corruption (Vadim) - -Enhancements ------------- -Add OUTER JOINs (Tom) -Function manager overhaul (Tom) -Allow ALTER TABLE RENAME on indexes (Tom) -Improve CLUSTER (Tom) -Improve ps status display for more platforms (Peter E, Marc) -Improve CREATE FUNCTION failure message (Ross) -JDBC improvements (Peter, Travis Bauer, Christopher Cain, William Webber, - Gunnar) -Grand Unified Configuration scheme/GUC. Many options can now be set in - data/postgresql.conf, postmaster/postgres flags, or SET commands (Peter E) -Improved handling of file descriptor cache (Tom) -New warning code about auto-created table alias entries (Bruce) -Overhaul initdb process (Tom, Peter E) -Overhaul of inherited tables; inherited tables now accessed by default; - new ONLY key word prevents it (Chris Bitmead, Tom) -ODBC cleanups/improvements (Nick Gorham, Stephan Szabo, Zoltan Kovacs, - Michael Fork) -Allow renaming of temp tables (Tom) -Overhaul memory manager contexts (Tom) -pg_dumpall uses CREATE USER or CREATE GROUP rather using COPY (Peter E) -Overhaul pg_dump (Philip Warner) -Allow pg_hba.conf secondary password file to specify only username (Peter E) -Allow TEMPORARY or TEMP key word when creating temporary tables (Bruce) -New memory leak checker (Karel) -New SET SESSION CHARACTERISTICS (Thomas) -Allow nested block comments (Thomas) -Add WITHOUT TIME ZONE type qualifier (Thomas) -New ALTER TABLE ADD CONSTRAINT (Stephan) -Use NUMERIC accumulators for INTEGER aggregates (Tom) -Overhaul aggregate code (Tom) -New VARIANCE and STDDEV() aggregates -Improve dependency ordering of pg_dump (Philip) -New pg_restore command (Philip) -New pg_dump tar output option (Philip) -New pg_dump of large objects (Philip) -New ESCAPE option to LIKE (Thomas) -New case-insensitive LIKE - ILIKE (Thomas) -Allow functional indexes to use binary-compatible type (Tom) -Allow SQL functions to be used in more contexts (Tom) -New pg_config utility (Peter E) -New PL/pgSQL EXECUTE command which allows dynamic SQL and utility statements - (Jan) -New PL/pgSQL GET DIAGNOSTICS statement for SPI value access (Jan) -New quote_identifiers() and quote_literal() functions (Jan) -New ALTER TABLE table OWNER TO user command (Mark Hollomon) -Allow subselects in FROM, i.e. FROM (SELECT ...) [AS] alias (Tom) -Update PyGreSQL to version 3.1 (D'Arcy) -Store tables as files named by OID (Vadim) -New SQL function setval(seq,val,bool) for use in pg_dump (Philip) -Require DROP VIEW to remove views, no DROP TABLE (Mark) -Allow DROP VIEW view1, view2 (Mark) -Allow multiple objects in DROP INDEX, DROP RULE, and DROP TYPE (Tom) -Allow automatic conversion to/from Unicode (Tatsuo, Eiji) -New /contrib/pgcrypto hashing functions (Marko Kreen) -New pg_dumpall --globals-only option (Peter E) -New CHECKPOINT command for WAL which creates new WAL log file (Vadim) -New AT TIME ZONE syntax (Thomas) -Allow location of Unix domain socket to be configurable (David J. MacKenzie) -Allow postmaster to listen on a specific IP address (David J. MacKenzie) -Allow socket path name to be specified in hostname by using leading slash - (David J. MacKenzie) -Allow CREATE DATABASE to specify template database (Tom) -New utility to convert MySQL schema dumps to SQL92 and PostgreSQL (Thomas) -New /contrib/rserv replication toolkit (Vadim) -New file format for COPY BINARY (Tom) -New /contrib/oid2name to map numeric files to table names (B Palmer) -New "idle in transaction" ps status message (Marc) -Update to pgaccess 0.98.7 (Constantin Teodorescu) -pg_ctl now defaults to -w (wait) on shutdown, new -l (log) option -Add rudimentary dependency checking to pg_dump (Philip) - -Types ------ -Fix INET/CIDR type ordering and add new functions (Tom) -Make OID behave as an unsigned type (Tom) -Allow BIGINT as synonym for INT8 (Peter E) -New int2 and int8 comparison operators (Tom) -New BIT and BIT VARYING types (Adriaan Joubert, Tom, Peter E) -CHAR() no longer faster than VARCHAR() because of TOAST (Tom) -New GIST seg/cube examples (Gene Selkov) -Improved round(numeric) handling (Tom) -Fix CIDR output formatting (Tom) -New CIDR abbrev() function (Tom) - -Performance ------------ -Write-Ahead Log (WAL) to provide crash recovery with less performance - overhead (Vadim) -ANALYZE stage of VACUUM no longer exclusively locks table (Bruce) -Reduced file seeks (Denis Perchine) -Improve BTREE code for duplicate keys (Tom) -Store all large objects in a single table (Denis Perchine, Tom) -Improve memory allocation performance (Karel, Tom) - -Source Code ------------ -New function manager call conventions (Tom) -SGI portability fixes (David Kaelbling) -New configure --enable-syslog option (Peter E) -New BSDI README (Bruce) -configure script moved to top level, not /src (Peter E) -Makefile/configuration/compilation overhaul (Peter E) -New configure --with-python option (Peter E) -Solaris cleanups (Peter E) -Overhaul /contrib Makefiles (Karel) -New OpenSSL configuration option (Magnus, Peter E) -AIX fixes (Andreas) -QNX fixes (Maurizio) -New heap_open(), heap_openr() API (Tom) -Remove colon and semi-colon operators (Thomas) -New pg_class.relkind value for views (Mark Hollomon) -Rename ichar() to chr() (Karel) -New documentation for btrim(), ascii(), chr(), repeat() (Karel) -Fixes for NT/Cygwin (Pete Forman) -AIX port fixes (Andreas) -New BeOS port (David Reid, Cyril Velter) -Add proofreader's changes to docs (Addison-Wesley, Bruce) -New Alpha spinlock code (Adriaan Joubert, Compaq) -UnixWare port overhaul (Peter E) -New Darwin/Mac OS X port (Peter Bierman, Bruce Hartzler) -New FreeBSD Alpha port (Alfred) -Overhaul shared memory segments (Tom) -Add IBM S/390 support (Neale Ferguson) -Moved macmanuf to /contrib (Larry Rosenman) -Syslog improvements (Larry Rosenman) -New template0 database that contains no user additions (Tom) -New /contrib/cube and /contrib/seg GIST sample code (Gene Selkov) -Allow NetBSD's libedit instead of readline (Peter) -Improved assembly language source code format (Bruce) -New contrib/pg_logger -New --template option to createdb -New contrib/pg_control utility (Oliver) -New FreeBSD tools ipc_check, start-scripts/freebsd - - - - - - - - Release 7.0.3 - - - Release date: - 2000-11-11 - - - - This has a variety of fixes from 7.0.2. - - - - - Migration to Version 7.0.3 - - - A dump/restore is not required for those running - 7.0.*. - - - - - Changes - - - -Jdbc fixes (Peter) -Large object fix (Tom) -Fix lean in COPY WITH OIDS leak (Tom) -Fix backwards-index-scan (Tom) -Fix SELECT ... FOR UPDATE so it checks for duplicate keys (Hiroshi) -Add --enable-syslog to configure (Marc) -Fix abort transaction at backend exit in rare cases (Tom) -Fix for psql \l+ when multibyte enabled (Tatsuo) -Allow PL/pgSQL to accept non ascii identifiers (Tatsuo) -Make vacuum always flush buffers (Tom) -Fix to allow cancel while waiting for a lock (Hiroshi) -Fix for memory allocation problem in user authentication code (Tom) -Remove bogus use of int4out() (Tom) -Fixes for multiple subqueries in COALESCE or BETWEEN (Tom) -Fix for failure of triggers on heap open in certain cases (Jeroen van - Vianen) -Fix for erroneous selectivity of not-equals (Tom) -Fix for erroneous use of strcmp() (Tom) -Fix for bug where storage manager accesses items beyond end of file - (Tom) -Fix to include kernel errno message in all smgr elog messages (Tom) -Fix for '.' not in PATH at build time (SL Baur) -Fix for out-of-file-descriptors error (Tom) -Fix to make pg_dump dump 'iscachable' flag for functions (Tom) -Fix for subselect in targetlist of Append node (Tom) -Fix for mergejoin plans (Tom) -Fix TRUNCATE failure on relations with indexes (Tom) -Avoid database-wide restart on write error (Hiroshi) -Fix nodeMaterial to honor chgParam by recomputing its output (Tom) -Fix VACUUM problem with moving chain of update row versions when source - and destination of a row version lie on the same page (Tom) -Fix user.c CommandCounterIncrement (Tom) -Fix for AM/PM boundary problem in to_char() (Karel Zak) -Fix TIME aggregate handling (Tom) -Fix to_char() to avoid coredump on NULL input (Tom) -Buffer fix (Tom) -Fix for inserting/copying longer multibyte strings into char() data - types (Tatsuo) -Fix for crash of backend, on abort (Tom) - - - - - - - - Release 7.0.2 - - - Release date: - 2000-06-05 - - - - This is a repackaging of 7.0.1 with added documentation. - - - - - Migration to Version 7.0.2 - - - A dump/restore is not required for those running - 7.*. - - - - - Changes - - - -Added documentation to tarball. - - - - - - - - Release 7.0.1 - - - Release date: - 2000-06-01 - - - - This is a cleanup release for 7.0. - - - - Migration to Version 7.0.1 - - - A dump/restore is not required for those running - 7.0. - - - - - Changes - - - -Fix many CLUSTER failures (Tom) -Allow ALTER TABLE RENAME works on indexes (Tom) -Fix plpgsql to handle datetime->timestamp and timespan->interval (Bruce) -New configure --with-setproctitle switch to use setproctitle() (Marc, Bruce) -Fix the off by one errors in ResultSet from 6.5.3, and more. -jdbc ResultSet fixes (Joseph Shraibman) -optimizer tunings (Tom) -Fix create user for pgaccess -Fix for UNLISTEN failure -IRIX fixes (David Kaelbling) -QNX fixes (Andreas Kardos) -Reduce COPY IN lock level (Tom) -Change libpqeasy to use PQconnectdb() style parameters (Bruce) -Fix pg_dump to handle OID indexes (Tom) -Fix small memory leak (Tom) -Solaris fix for createdb/dropdb (Tatsuo) -Fix for non-blocking connections (Alfred Perlstein) -Fix improper recovery after RENAME TABLE failures (Tom) -Copy pg_ident.conf.sample into /lib directory in install (Bruce) -Add SJIS UDC (NEC selection IBM kanji) support (Eiji Tokuya) -Fix too long syslog message (Tatsuo) -Fix problem with quoted indexes that are too long (Tom) -JDBC ResultSet.getTimestamp() fix (Gregory Krasnow & Floyd Marinescu) -ecpg changes (Michael) - - - - - - - Release 7.0 - - - Release date: - 2000-05-08 - - - - This release contains improvements in many areas, demonstrating - the continued growth of PostgreSQL. - There are more improvements and fixes in 7.0 than in any previous - release. The developers have confidence that this is the best - release yet; we do our best to put out only solid releases, and - this one is no exception. - - - - Major changes in this release: - - - - - - Foreign Keys - - - - Foreign keys are now implemented, with the exception of PARTIAL MATCH - foreign keys. Many users have been asking for this feature, and we are - pleased to offer it. - - - - - - - Optimizer Overhaul - - - - Continuing on work started a year ago, the optimizer has been - improved, allowing better query plan selection and faster performance - with less memory usage. - - - - - - - Updated psql - - - - psql, our interactive terminal monitor, has been - updated with a variety of new features. See the psql manual page for details. - - - - - - - Join Syntax - - - - SQL92 join syntax is now supported, though only as - INNER JOIN for this release. JOIN, - NATURAL JOIN, JOIN/USING, - and JOIN/ON are available, as are - column correlation names. - - - - - - - - Migration to Version 7.0 - - - A dump/restore using pg_dump - is required for those wishing to migrate data from any - previous release of PostgreSQL. - For those upgrading from 6.5.*, you can instead use - pg_upgrade to upgrade to this - release; however, a full dump/reload installation is always the - most robust method for upgrades. - - - - Interface and compatibility issues to consider for the new - release include: - - - - - - The date/time types datetime and - timespan have been superseded by the - SQL92-defined types timestamp and - interval. Although there has been some effort to - ease the transition by allowing - PostgreSQL to recognize - the deprecated type names and translate them to the new type - names, this mechanism cannot be completely transparent to - your existing application. - - - - - - The optimizer has been substantially improved in the area of - query cost estimation. In some cases, this will result in - decreased query times as the optimizer makes a better choice - for the preferred plan. However, in a small number of cases, - usually involving pathological distributions of data, your - query times might go up. If you are dealing with large amounts - of data, you might want to check your queries to verify - performance. - - - - - - The JDBC and ODBC - interfaces have been upgraded and extended. - - - - - - The string function CHAR_LENGTH is now a - native function. Previous versions translated this into a call - to LENGTH, which could result in - ambiguity with other types implementing - LENGTH such as the geometric types. - - - - - - - Changes - - - -Bug Fixes ---------- -Prevent function calls exceeding maximum number of arguments (Tom) -Improve CASE construct (Tom) -Fix SELECT coalesce(f1,0) FROM int4_tbl GROUP BY f1 (Tom) -Fix SELECT sentence.words[0] FROM sentence GROUP BY sentence.words[0] (Tom) -Fix GROUP BY scan bug (Tom) -Improvements in SQL grammar processing (Tom) -Fix for views involved in INSERT ... SELECT ... (Tom) -Fix for SELECT a/2, a/2 FROM test_missing_target GROUP BY a/2 (Tom) -Fix for subselects in INSERT ... SELECT (Tom) -Prevent INSERT ... SELECT ... ORDER BY (Tom) -Fixes for relations greater than 2GB, including vacuum -Improve propagating system table changes to other backends (Tom) -Improve propagating user table changes to other backends (Tom) -Fix handling of temp tables in complex situations (Bruce, Tom) -Allow table locking at table open, improving concurrent reliability (Tom) -Properly quote sequence names in pg_dump (Ross J. Reedstrom) -Prevent DROP DATABASE while others accessing -Prevent any rows from being returned by GROUP BY if no rows processed (Tom) -Fix SELECT COUNT(1) FROM table WHERE ...' if no rows matching WHERE (Tom) -Fix pg_upgrade so it works for MVCC (Tom) -Fix for SELECT ... WHERE x IN (SELECT ... HAVING SUM(x) > 1) (Tom) -Fix for "f1 datetime DEFAULT 'now'" (Tom) -Fix problems with CURRENT_DATE used in DEFAULT (Tom) -Allow comment-only lines, and ;;; lines too. (Tom) -Improve recovery after failed disk writes, disk full (Hiroshi) -Fix cases where table is mentioned in FROM but not joined (Tom) -Allow HAVING clause without aggregate functions (Tom) -Fix for "--" comment and no trailing newline, as seen in perl interface -Improve pg_dump failure error reports (Bruce) -Allow sorts and hashes to exceed 2GB file sizes (Tom) -Fix for pg_dump dumping of inherited rules (Tom) -Fix for NULL handling comparisons (Tom) -Fix inconsistent state caused by failed CREATE/DROP commands (Hiroshi) -Fix for dbname with dash -Prevent DROP INDEX from interfering with other backends (Tom) -Fix file descriptor leak in verify_password() -Fix for "Unable to identify an operator =$" problem -Fix ODBC so no segfault if CommLog and Debug enabled (Dirk Niggemann) -Fix for recursive exit call (Massimo) -Fix for extra-long timezones (Jeroen van Vianen) -Make pg_dump preserve primary key information (Peter E) -Prevent databases with single quotes (Peter E) -Prevent DROP DATABASE inside transaction (Peter E) -ecpg memory leak fixes (Stephen Birch) -Fix for SELECT null::text, SELECT int4fac(null) and SELECT 2 + (null) (Tom) -Y2K timestamp fix (Massimo) -Fix for VACUUM 'HEAP_MOVED_IN was not expected' errors (Tom) -Fix for views with tables/columns containing spaces (Tom) -Prevent privileges on indexes (Peter E) -Fix for spinlock stuck problem when error is generated (Hiroshi) -Fix ipcclean on Linux -Fix handling of NULL constraint conditions (Tom) -Fix memory leak in odbc driver (Nick Gorham) -Fix for privilege check on UNION tables (Tom) -Fix to allow SELECT 'a' LIKE 'a' (Tom) -Fix for SELECT 1 + NULL (Tom) -Fixes to CHAR -Fix log() on numeric type (Tom) -Deprecate ':' and ';' operators -Allow vacuum of temporary tables -Disallow inherited columns with the same name as new columns -Recover or force failure when disk space is exhausted (Hiroshi) -Fix INSERT INTO ... SELECT with AS columns matching result columns -Fix INSERT ... SELECT ... GROUP BY groups by target columns not source columns (Tom) -Fix CREATE TABLE test (a char(5) DEFAULT text '', b int4) with INSERT (Tom) -Fix UNION with LIMIT -Fix CREATE TABLE x AS SELECT 1 UNION SELECT 2 -Fix CREATE TABLE test(col char(2) DEFAULT user) -Fix mismatched types in CREATE TABLE ... DEFAULT -Fix SELECT * FROM pg_class where oid in (0,-1) -Fix SELECT COUNT('asdf') FROM pg_class WHERE oid=12 -Prevent user who can create databases can modifying pg_database table (Peter E) -Fix btree to give a useful elog when key > 1/2 (page - overhead) (Tom) -Fix INSERT of 0.0 into DECIMAL(4,4) field (Tom) - -Enhancements ------------- -New CLI interface include file sqlcli.h, based on SQL3/SQL98 -Remove all limits on query length, row length limit still exists (Tom) -Update jdbc protocol to 2.0 (Jens Glaser jens@jens.de) -Add TRUNCATE command to quickly truncate relation (Mike Mascari) -Fix to give super user and createdb user proper update catalog rights (Peter E) -Allow ecpg bool variables to have NULL values (Christof) -Issue ecpg error if NULL value for variable with no NULL indicator (Christof) -Allow ^C to cancel COPY command (Massimo) -Add SET FSYNC and SHOW PG_OPTIONS commands(Massimo) -Function name overloading for dynamically-loaded C functions (Frankpitt) -Add CmdTuples() to libpq++(Vince) -New CREATE CONSTRAINT TRIGGER and SET CONSTRAINTS commands(Jan) -Allow CREATE FUNCTION/WITH clause to be used for all language types -configure --enable-debug adds -g (Peter E) -configure --disable-debug removes -g (Peter E) -Allow more complex default expressions (Tom) -First real FOREIGN KEY constraint trigger functionality (Jan) -Add FOREIGN KEY ... MATCH FULL ... ON DELETE CASCADE (Jan) -Add FOREIGN KEY ... MATCH <unspecified> referential actions (Don Baccus) -Allow WHERE restriction on ctid (physical heap location) (Hiroshi) -Move pginterface from contrib to interface directory, rename to pgeasy (Bruce) -Change pgeasy connectdb() parameter ordering (Bruce) -Require SELECT DISTINCT target list to have all ORDER BY columns (Tom) -Add Oracle's COMMENT ON command (Mike Mascari mascarim@yahoo.com) -libpq's PQsetNoticeProcessor function now returns previous hook(Peter E) -Prevent PQsetNoticeProcessor from being set to NULL (Peter E) -Make USING in COPY optional (Bruce) -Allow subselects in the target list (Tom) -Allow subselects on the left side of comparison operators (Tom) -New parallel regression test (Jan) -Change backend-side COPY to write files with permissions 644 not 666 (Tom) -Force permissions on PGDATA directory to be secure, even if it exists (Tom) -Added psql LASTOID variable to return last inserted oid (Peter E) -Allow concurrent vacuum and remove pg_vlock vacuum lock file (Tom) -Add privilege check for vacuum (Peter E) -New libpq functions to allow asynchronous connections: PQconnectStart(), - PQconnectPoll(), PQresetStart(), PQresetPoll(), PQsetenvStart(), - PQsetenvPoll(), PQsetenvAbort (Ewan Mellor) -New libpq PQsetenv() function (Ewan Mellor) -create/alter user extension (Peter E) -New postmaster.pid and postmaster.opts under $PGDATA (Tatsuo) -New scripts for create/drop user/db (Peter E) -Major psql overhaul (Peter E) -Add const to libpq interface (Peter E) -New libpq function PQoidValue (Peter E) -Show specific non-aggregate causing problem with GROUP BY (Tom) -Make changes to pg_shadow recreate pg_pwd file (Peter E) -Add aggregate(DISTINCT ...) (Tom) -Allow flag to control COPY input/output of NULLs (Peter E) -Make postgres user have a password by default (Peter E) -Add CREATE/ALTER/DROP GROUP (Peter E) -All administration scripts now support --long options (Peter E, Karel) -Vacuumdb script now supports --all option (Peter E) -ecpg new portable FETCH syntax -Add ecpg EXEC SQL IFDEF, EXEC SQL IFNDEF, EXEC SQL ELSE, EXEC SQL ELIF - and EXEC SQL ENDIF directives -Add pg_ctl script to control backend start-up (Tatsuo) -Add postmaster.opts.default file to store start-up flags (Tatsuo) -Allow --with-mb=SQL_ASCII -Increase maximum number of index keys to 16 (Bruce) -Increase maximum number of function arguments to 16 (Bruce) -Allow configuration of maximum number of index keys and arguments (Bruce) -Allow unprivileged users to change their passwords (Peter E) -Password authentication enabled; required for new users (Peter E) -Disallow dropping a user who owns a database (Peter E) -Change initdb option --with-mb to --enable-multibyte -Add option for initdb to prompts for superuser password (Peter E) -Allow complex type casts like col::numeric(9,2) and col::int2::float8 (Tom) -Updated user interfaces on initdb, initlocation, pg_dump, ipcclean (Peter E) -New pg_char_to_encoding() and pg_encoding_to_char() functions (Tatsuo) -libpq non-blocking mode (Alfred Perlstein) -Improve conversion of types in casts that don't specify a length -New plperl internal programming language (Mark Hollomon) -Allow COPY IN to read file that do not end with a newline (Tom) -Indicate when long identifiers are truncated (Tom) -Allow aggregates to use type equivalency (Peter E) -Add Oracle's to_char(), to_date(), to_datetime(), to_timestamp(), to_number() - conversion functions (Karel Zak <zakkr@zf.jcu.cz>) -Add SELECT DISTINCT ON (expr [, expr ...]) targetlist ... (Tom) -Check to be sure ORDER BY is compatible with the DISTINCT operation (Tom) -Add NUMERIC and int8 types to ODBC -Improve EXPLAIN results for Append, Group, Agg, Unique (Tom) -Add ALTER TABLE ... ADD FOREIGN KEY (Stephan Szabo) -Allow SELECT .. FOR UPDATE in PL/pgSQL (Hiroshi) -Enable backward sequential scan even after reaching EOF (Hiroshi) -Add btree indexing of boolean values, >= and <= (Don Baccus) -Print current line number when COPY FROM fails (Massimo) -Recognize POSIX time zone e.g. "PST+8" and "GMT-8" (Thomas) -Add DEC as synonym for DECIMAL (Thomas) -Add SESSION_USER as SQL92 key word, same as CURRENT_USER (Thomas) -Implement SQL92 column aliases (aka correlation names) (Thomas) -Implement SQL92 join syntax (Thomas) -Make INTERVAL reserved word allowed as a column identifier (Thomas) -Implement REINDEX command (Hiroshi) -Accept ALL in aggregate function SUM(ALL col) (Tom) -Prevent GROUP BY from using column aliases (Tom) -New psql \encoding option (Tatsuo) -Allow PQrequestCancel() to terminate when in waiting-for-lock state (Hiroshi) -Allow negation of a negative number in all cases -Add ecpg descriptors (Christof, Michael) -Allow CREATE VIEW v AS SELECT f1::char(8) FROM tbl -Allow casts with length, like foo::char(8) -New libpq functions PQsetClientEncoding(), PQclientEncoding() (Tatsuo) -Add support for SJIS user defined characters (Tatsuo) -Larger views/rules supported -Make libpq's PQconndefaults() thread-safe (Tom) -Disable // as comment to be ANSI conforming, should use -- (Tom) -Allow column aliases on views CREATE VIEW name (collist) -Fixes for views with subqueries (Tom) -Allow UPDATE table SET fld = (SELECT ...) (Tom) -SET command options no longer require quotes -Update pgaccess to 0.98.6 -New SET SEED command -New pg_options.sample file -New SET FSYNC command (Massimo) -Allow pg_descriptions when creating tables -Allow pg_descriptions when creating types, columns, and functions -Allow psql \copy to allow delimiters (Peter E) -Allow psql to print nulls as distinct from "" [null] (Peter E) - -Types ------ -Many array fixes (Tom) -Allow bare column names to be subscripted as arrays (Tom) -Improve type casting of int and float constants (Tom) -Cleanups for int8 inputs, range checking, and type conversion (Tom) -Fix for SELECT timespan('21:11:26'::time) (Tom) -netmask('x.x.x.x/0') is 255.255.255.255 instead of 0.0.0.0 (Oleg Sharoiko) -Add btree index on NUMERIC (Jan) -Perl fix for large objects containing NUL characters (Douglas Thomson) -ODBC fix for large objects (free) -Fix indexing of cidr data type -Fix for Ethernet MAC addresses (macaddr type) comparisons -Fix for date/time types when overflows happened in computations (Tom) -Allow array on int8 (Peter E) -Fix for rounding/overflow of NUMERIC type, like NUMERIC(4,4) (Tom) -Allow NUMERIC arrays -Fix bugs in NUMERIC ceil() and floor() functions (Tom) -Make char_length()/octet_length including trailing blanks (Tom) -Made abstime/reltime use int4 instead of time_t (Peter E) -New lztext data type for compressed text fields -Revise code to handle coercion of int and float constants (Tom) -Start at new code to implement a BIT and BIT VARYING type (Adriaan Joubert) -NUMERIC now accepts scientific notation (Tom) -NUMERIC to int4 rounds (Tom) -Convert float4/8 to NUMERIC properly (Tom) -Allow type conversion with NUMERIC (Thomas) -Make ISO date style (2000-02-16 09:33) the default (Thomas) -Add NATIONAL CHAR [ VARYING ] (Thomas) -Allow NUMERIC round and trunc to accept negative scales (Tom) -New TIME WITH TIME ZONE type (Thomas) -Add MAX()/MIN() on time type (Thomas) -Add abs(), mod(), fac() for int8 (Thomas) -Rename functions to round(), sqrt(), cbrt(), pow() for float8 (Thomas) -Add transcendental math functions (e.g. sin(), acos()) for float8 (Thomas) -Add exp() and ln() for NUMERIC type -Rename NUMERIC power() to pow() (Thomas) -Improved TRANSLATE() function (Edwin Ramirez, Tom) -Allow X=-Y operators (Tom) -Allow SELECT float8(COUNT(*))/(SELECT COUNT(*) FROM t) FROM t GROUP BY f1; (Tom) -Allow LOCALE to use indexes in regular expression searches (Tom) -Allow creation of functional indexes to use default types - -Performance ------------ -Prevent exponential space consumption with many AND's and OR's (Tom) -Collect attribute selectivity values for system columns (Tom) -Reduce memory usage of aggregates (Tom) -Fix for LIKE optimization to use indexes with multibyte encodings (Tom) -Fix r-tree index optimizer selectivity (Thomas) -Improve optimizer selectivity computations and functions (Tom) -Optimize btree searching for cases where many equal keys exist (Tom) -Enable fast LIKE index processing only if index present (Tom) -Re-use free space on index pages with duplicates (Tom) -Improve hash join processing (Tom) -Prevent descending sort if result is already sorted(Hiroshi) -Allow commuting of index scan query qualifications (Tom) -Prefer index scans in cases where ORDER BY/GROUP BY is required (Tom) -Allocate large memory requests in fix-sized chunks for performance (Tom) -Fix vacuum's performance by reducing memory allocation requests (Tom) -Implement constant-expression simplification (Bernard Frankpitt, Tom) -Use secondary columns to be used to determine start of index scan (Hiroshi) -Prevent quadruple use of disk space when doing internal sorting (Tom) -Faster sorting by calling fewer functions (Tom) -Create system indexes to match all system caches (Bruce, Hiroshi) -Make system caches use system indexes (Bruce) -Make all system indexes unique (Bruce) -Improve pg_statistics management for VACUUM speed improvement (Tom) -Flush backend cache less frequently (Tom, Hiroshi) -COPY now reuses previous memory allocation, improving performance (Tom) -Improve optimization cost estimation (Tom) -Improve optimizer estimate of range queries x > lowbound AND x < highbound (Tom) -Use DNF instead of CNF where appropriate (Tom, Taral) -Further cleanup for OR-of-AND WHERE-clauses (Tom) -Make use of index in OR clauses (x = 1 AND y = 2) OR (x = 2 AND y = 4) (Tom) -Smarter optimizer computations for random index page access (Tom) -New SET variable to control optimizer costs (Tom) -Optimizer queries based on LIMIT, OFFSET, and EXISTS qualifications (Tom) -Reduce optimizer internal housekeeping of join paths for speedup (Tom) -Major subquery speedup (Tom) -Fewer fsync writes when fsync is not disabled (Tom) -Improved LIKE optimizer estimates (Tom) -Prevent fsync in SELECT-only queries (Vadim) -Make index creation use psort code, because it is now faster (Tom) -Allow creation of sort temp tables > 1 Gig - -Source Tree Changes -------------------- -Fix for linux PPC compile -New generic expression-tree-walker subroutine (Tom) -Change form() to varargform() to prevent portability problems -Improved range checking for large integers on Alphas -Clean up #include in /include directory (Bruce) -Add scripts for checking includes (Bruce) -Remove un-needed #include's from *.c files (Bruce) -Change #include's to use <> and "" as appropriate (Bruce) -Enable Windows compilation of libpq -Alpha spinlock fix from Uncle George gatgul@voicenet.com -Overhaul of optimizer data structures (Tom) -Fix to cygipc library (Yutaka Tanida) -Allow pgsql to work on newer Cygwin snapshots (Dan) -New catalog version number (Tom) -Add Linux ARM -Rename heap_replace to heap_update -Update for QNX (Dr. Andreas Kardos) -New platform-specific regression handling (Tom) -Rename oid8 -> oidvector and int28 -> int2vector (Bruce) -Included all yacc and lex files into the distribution (Peter E.) -Remove lextest, no longer needed (Peter E) -Fix for libpq and psql on Windows (Magnus) -Internally change datetime and timespan into timestamp and interval (Thomas) -Fix for plpgsql on BSD/OS -Add SQL_ASCII test case to the regression test (Tatsuo) -configure --with-mb now deprecated (Tatsuo) -NT fixes -NetBSD fixes (Johnny C. Lam lamj@stat.cmu.edu) -Fixes for Alpha compiles -New multibyte encodings - - - - - - - Release 6.5.3 - - - Release date: - 1999-10-13 - - - - This is basically a cleanup release for 6.5.2. We have added a new - PgAccess that was missing in 6.5.2, and installed an NT-specific fix. - - - - - Migration to Version 6.5.3 - - - A dump/restore is not required for those running - 6.5.*. - - - - Changes - - - -Updated version of pgaccess 0.98 -NT-specific patch -Fix dumping rules on inherited tables - - - - - - - - Release 6.5.2 - - - Release date: - 1999-09-15 - - - - This is basically a cleanup release for 6.5.1. We have fixed a variety of - problems reported by 6.5.1 users. - - - - - Migration to Version 6.5.2 - - - A dump/restore is not required for those running - 6.5.*. - - - - - Changes - - - -subselect+CASE fixes(Tom) -Add SHLIB_LINK setting for solaris_i386 and solaris_sparc ports(Daren Sefcik) -Fixes for CASE in WHERE join clauses(Tom) -Fix BTScan abort(Tom) -Repair the check for redundant UNIQUE and PRIMARY KEY indexes(Thomas) -Improve it so that it checks for multicolumn constraints(Thomas) -Fix for Windows making problem with MB enabled(Hiroki Kataoka) -Allow BSD yacc and bison to compile pl code(Bruce) -Fix SET NAMES working -int8 fixes(Thomas) -Fix vacuum's memory consumption(Hiroshi,Tatsuo) -Reduce the total memory consumption of vacuum(Tom) -Fix for timestamp(datetime) -Rule deparsing bugfixes(Tom) -Fix quoting problems in mkMakefile.tcldefs.sh.in and mkMakefile.tkdefs.sh.in(Tom) -This is to re-use space on index pages freed by vacuum(Vadim) -document -x for pg_dump(Bruce) -Fix for unary operators in rule deparser(Tom) -Comment out FileUnlink of excess segments during mdtruncate()(Tom) -IRIX linking fix from Yu Cao >yucao@falcon.kla-tencor.com< -Repair logic error in LIKE: should not return LIKE_ABORT - when reach end of pattern before end of text(Tom) -Repair incorrect cleanup of heap memory allocation during transaction abort(Tom) -Updated version of pgaccess 0.98 - - - - - - - Release 6.5.1 - - - Release date: - 1999-07-15 - - - - This is basically a cleanup release for 6.5. We have fixed a variety of - problems reported by 6.5 users. - - - - Migration to Version 6.5.1 - - - A dump/restore is not required for those running - 6.5. - - - - - Changes - - - -Add NT README file -Portability fixes for linux_ppc, IRIX, linux_alpha, OpenBSD, alpha -Remove QUERY_LIMIT, use SELECT...LIMIT -Fix for EXPLAIN on inheritance(Tom) -Patch to allow vacuum on multisegment tables(Hiroshi) -R-Tree optimizer selectivity fix(Tom) -ACL file descriptor leak fix(Atsushi Ogawa) -New expression subtree code(Tom) -Avoid disk writes for read-only transactions(Vadim) -Fix for removal of temp tables if last transaction was aborted(Bruce) -Fix to prevent too large row from being created(Bruce) -plpgsql fixes -Allow port numbers 32k - 64k(Bruce) -Add ^ precedence(Bruce) -Rename sort files called pg_temp to pg_sorttemp(Bruce) -Fix for microseconds in time values(Tom) -Tutorial source cleanup -New linux_m68k port -Fix for sorting of NULL's in some cases(Tom) -Shared library dependencies fixed (Tom) -Fixed glitches affecting GROUP BY in subselects(Tom) -Fix some compiler warnings (Tomoaki Nishiyama) -Add Win1250 (Czech) support (Pavel Behal) - - - - - - - Release 6.5 - - - Release date: - 1999-06-09 - - - - This release marks a major step in the development team's mastery of the source - code we inherited from Berkeley. You will see we are now easily adding - major features, thanks to the increasing size and experience of our - world-wide development team. - - - - Here is a brief summary of the more notable changes: - - - - - Multiversion concurrency control(MVCC) - - - - This removes our old table-level locking, and replaces it with - a locking system that is superior to most commercial database - systems. In a traditional system, each row that is modified - is locked until committed, preventing reads by other users. - MVCC uses the natural multiversion nature of - PostgreSQL to allow readers to - continue reading consistent data during writer activity. - Writers continue to use the compact pg_log transaction system. - This is all performed without having to allocate a lock for - every row like traditional database systems. So, basically, - we no longer are restricted by simple table-level locking; we - have something better than row-level locking. - - - - - - - Hot backups from pg_dump - - - - pg_dump takes advantage of the new - MVCC features to give a consistent database dump/backup while - the database stays online and available for queries. - - - - - - - Numeric data type - - - - We now have a true numeric data type, with - user-specified precision. - - - - - - - Temporary tables - - - - Temporary tables are guaranteed to have unique names - within a database session, and are destroyed on session exit. - - - - - - - New SQL features - - - - We now have CASE, INTERSECT, and EXCEPT statement - support. We have new LIMIT/OFFSET, SET TRANSACTION ISOLATION LEVEL, - SELECT ... FOR UPDATE, and an improved LOCK TABLE command. - - - - - - - Speedups - - - - We continue to speed up PostgreSQL, - thanks to the variety of talents within our team. We have - sped up memory allocation, optimization, table joins, and row - transfer routines. - - - - - - - Ports - - - - We continue to expand our port list, this time including - Windows NT/ix86 and NetBSD/arm32. - - - - - - - Interfaces - - - - Most interfaces have new versions, and existing functionality - has been improved. - - - - - - - Documentation - - - - New and updated material is present throughout the - documentation. New FAQs have been - contributed for SGI and AIX platforms. - The Tutorial has introductory information - on SQL from Stefan Simkovics. - For the User's Guide, there are - reference pages covering the postmaster and more utility - programs, and a new appendix - contains details on date/time behavior. - The Administrator's Guide has a new - chapter on troubleshooting from Tom Lane. - And the Programmer's Guide has a - description of query processing, also from Stefan, and details - on obtaining the PostgreSQL source - tree via anonymous CVS and - CVSup. - - - - - - - - Migration to Version 6.5 - - - A dump/restore using pg_dump - is required for those wishing to migrate data from any - previous release of PostgreSQL. - pg_upgrade can not - be used to upgrade to this release because the on-disk structure - of the tables has changed compared to previous releases. - - - - The new Multiversion Concurrency Control (MVCC) features can - give somewhat different behaviors in multiuser - environments. Read and understand the following section - to ensure that your existing applications will give you the - behavior you need. - - - - Multiversion Concurrency Control - - - Because readers in 6.5 don't lock data, regardless of transaction - isolation level, data read by one transaction can be overwritten by - another. In other words, if a row is returned by - SELECT it doesn't mean that this row really exists - at the time it is returned (i.e. sometime after the statement or - transaction began) nor that the row is protected from being deleted or - updated by concurrent transactions before the current transaction does - a commit or rollback. - - - - To ensure the actual existence of a row and protect it against - concurrent updates one must use SELECT FOR UPDATE or - an appropriate LOCK TABLE statement. This should be - taken into account when porting applications from previous releases of - PostgreSQL and other environments. - - - - Keep the above in mind if you are using - contrib/refint.* triggers for - referential integrity. Additional techniques are required now. One way is - to use LOCK parent_table IN SHARE ROW EXCLUSIVE MODE - command if a transaction is going to update/delete a primary key and - use LOCK parent_table IN SHARE MODE command if a - transaction is going to update/insert a foreign key. - - - - Note that if you run a transaction in SERIALIZABLE mode then you must - execute the LOCK commands above before execution of any - DML statement - (SELECT/INSERT/DELETE/UPDATE/FETCH/COPY_TO) in the - transaction. - - - - - - These inconveniences will disappear in the future - when the ability to read dirty - (uncommitted) data (regardless of isolation level) and true referential - integrity will be implemented. - - - - - - Changes - - - -Bug Fixes ---------- -Fix text<->float8 and text<->float4 conversion functions(Thomas) -Fix for creating tables with mixed-case constraints(Billy) -Change exp()/pow() behavior to generate error on underflow/overflow(Jan) -Fix bug in pg_dump -z -Memory overrun cleanups(Tatsuo) -Fix for lo_import crash(Tatsuo) -Adjust handling of data type names to suppress double quotes(Thomas) -Use type coercion for matching columns and DEFAULT(Thomas) -Fix deadlock so it only checks once after one second of sleep(Bruce) -Fixes for aggregates and PL/pgsql(Hiroshi) -Fix for subquery crash(Vadim) -Fix for libpq function PQfnumber and case-insensitive names(Bahman Rafatjoo) -Fix for large object write-in-middle, no extra block, memory consumption(Tatsuo) -Fix for pg_dump -d or -D and quote special characters in INSERT -Repair serious problems with dynahash(Tom) -Fix INET/CIDR portability problems -Fix problem with selectivity error in ALTER TABLE ADD COLUMN(Bruce) -Fix executor so mergejoin of different column types works(Tom) -Fix for Alpha OR selectivity bug -Fix OR index selectivity problem(Bruce) -Fix so \d shows proper length for char()/varchar()(Ryan) -Fix tutorial code(Clark) -Improve destroyuser checking(Oliver) -Fix for Kerberos(Rodney McDuff) -Fix for dropping database while dirty buffers(Bruce) -Fix so sequence nextval() can be case-sensitive(Bruce) -Fix !!= operator -Drop buffers before destroying database files(Bruce) -Fix case where executor evaluates functions twice(Tatsuo) -Allow sequence nextval actions to be case-sensitive(Bruce) -Fix optimizer indexing not working for negative numbers(Bruce) -Fix for memory leak in executor with fjIsNull -Fix for aggregate memory leaks(Erik Riedel) -Allow user name containing a dash to grant privileges -Cleanup of NULL in inet types -Clean up system table bugs(Tom) -Fix problems of PAGER and \? command(Masaaki Sakaida) -Reduce default multisegment file size limit to 1GB(Peter) -Fix for dumping of CREATE OPERATOR(Tom) -Fix for backward scanning of cursors(Hiroshi Inoue) -Fix for COPY FROM STDIN when using \i(Tom) -Fix for subselect is compared inside an expression(Jan) -Fix handling of error reporting while returning rows(Tom) -Fix problems with reference to array types(Tom,Jan) -Prevent UPDATE SET oid(Jan) -Fix pg_dump so -t option can handle case-sensitive tablenames -Fixes for GROUP BY in special cases(Tom, Jan) -Fix for memory leak in failed queries(Tom) -DEFAULT now supports mixed-case identifiers(Tom) -Fix for multisegment uses of DROP/RENAME table, indexes(Ole Gjerde) -Disable use of pg_dump with both -o and -d options(Bruce) -Allow pg_dump to properly dump group privileges(Bruce) -Fix GROUP BY in INSERT INTO table SELECT * FROM table2(Jan) -Fix for computations in views(Jan) -Fix for aggregates on array indexes(Tom) -Fix for DEFAULT handles single quotes in value requiring too many quotes -Fix security problem with non-super users importing/exporting large objects(Tom) -Rollback of transaction that creates table cleaned up properly(Tom) -Fix to allow long table and column names to generate proper serial names(Tom) - -Enhancements ------------- -Add "vacuumdb" utility -Speed up libpq by allocating memory better(Tom) -EXPLAIN all indexes used(Tom) -Implement CASE, COALESCE, NULLIF expression(Thomas) -New pg_dump table output format(Constantin) -Add string min()/max() functions(Thomas) -Extend new type coercion techniques to aggregates(Thomas) -New moddatetime contrib(Terry) -Update to pgaccess 0.96(Constantin) -Add routines for single-byte "char" type(Thomas) -Improved substr() function(Thomas) -Improved multibyte handling(Tatsuo) -Multiversion concurrency control/MVCC(Vadim) -New Serialized mode(Vadim) -Fix for tables over 2gigs(Peter) -New SET TRANSACTION ISOLATION LEVEL(Vadim) -New LOCK TABLE IN ... MODE(Vadim) -Update ODBC driver(Byron) -New NUMERIC data type(Jan) -New SELECT FOR UPDATE(Vadim) -Handle "NaN" and "Infinity" for input values(Jan) -Improved date/year handling(Thomas) -Improved handling of backend connections(Magnus) -New options ELOG_TIMESTAMPS and USE_SYSLOG options for log files(Massimo) -New TCL_ARRAYS option(Massimo) -New INTERSECT and EXCEPT(Stefan) -New pg_index.indisprimary for primary key tracking(D'Arcy) -New pg_dump option to allow dropping of tables before creation(Brook) -Speedup of row output routines(Tom) -New READ COMMITTED isolation level(Vadim) -New TEMP tables/indexes(Bruce) -Prevent sorting if result is already sorted(Jan) -New memory allocation optimization(Jan) -Allow psql to do \p\g(Bruce) -Allow multiple rule actions(Jan) -Added LIMIT/OFFSET functionality(Jan) -Improve optimizer when joining a large number of tables(Bruce) -New intro to SQL from S. Simkovics' Master's Thesis (Stefan, Thomas) -New intro to backend processing from S. Simkovics' Master's Thesis (Stefan) -Improved int8 support(Ryan Bradetich, Thomas, Tom) -New routines to convert between int8 and text/varchar types(Thomas) -New bushy plans, where meta-tables are joined(Bruce) -Enable right-hand queries by default(Bruce) -Allow reliable maximum number of backends to be set at configure time - (--with-maxbackends and postmaster switch (-N backends))(Tom) -GEQO default now 10 tables because of optimizer speedups(Tom) -Allow NULL=Var for MS-SQL portability(Michael, Bruce) -Modify contrib check_primary_key() so either "automatic" or "dependent"(Anand) -Allow psql \d on a view show query(Ryan) -Speedup for LIKE(Bruce) -Ecpg fixes/features, see src/interfaces/ecpg/ChangeLog file(Michael) -JDBC fixes/features, see src/interfaces/jdbc/CHANGELOG(Peter) -Make % operator have precedence like /(Bruce) -Add new postgres -O option to allow system table structure changes(Bruce) -Update contrib/pginterface/findoidjoins script(Tom) -Major speedup in vacuum of deleted rows with indexes(Vadim) -Allow non-SQL functions to run different versions based on arguments(Tom) -Add -E option that shows actual queries sent by \dt and friends(Masaaki Sakaida) -Add version number in start-up banners for psql(Masaaki Sakaida) -New contrib/vacuumlo removes large objects not referenced(Peter) -New initialization for table sizes so non-vacuumed tables perform better(Tom) -Improve error messages when a connection is rejected(Tom) -Support for arrays of char() and varchar() fields(Massimo) -Overhaul of hash code to increase reliability and performance(Tom) -Update to PyGreSQL 2.4(D'Arcy) -Changed debug options so -d4 and -d5 produce different node displays(Jan) -New pg_options: pretty_plan, pretty_parse, pretty_rewritten(Jan) -Better optimization statistics for system table access(Tom) -Better handling of non-default block sizes(Massimo) -Improve GEQO optimizer memory consumption(Tom) -UNION now supports ORDER BY of columns not in target list(Jan) -Major libpq++ improvements(Vince Vielhaber) -pg_dump now uses -z(ACL's) as default(Bruce) -backend cache, memory speedups(Tom) -have pg_dump do everything in one snapshot transaction(Vadim) -fix for large object memory leakage, fix for pg_dumping(Tom) -INET type now respects netmask for comparisons -Make VACUUM ANALYZE only use a readlock(Vadim) -Allow VIEWs on UNIONS(Jan) -pg_dump now can generate consistent snapshots on active databases(Vadim) - -Source Tree Changes -------------------- -Improve port matching(Tom) -Portability fixes for SunOS -Add Windows NT backend port and enable dynamic loading(Magnus and Daniel Horak) -New port to Cobalt Qube(Mips) running Linux(Tatsuo) -Port to NetBSD/m68k(Mr. Mutsuki Nakajima) -Port to NetBSD/sun3(Mr. Mutsuki Nakajima) -Port to NetBSD/macppc(Toshimi Aoki) -Fix for tcl/tk configuration(Vince) -Removed CURRENT key word for rule queries(Jan) -NT dynamic loading now works(Daniel Horak) -Add ARM32 support(Andrew McMurry) -Better support for HP-UX 11 and UnixWare -Improve file handling to be more uniform, prevent file descriptor leak(Tom) -New install commands for plpgsql(Jan) - - - - - - - -Release 6.4.2 - - - Release date: - 1998-12-20 - - - -The 6.4.1 release was improperly packaged. This also has one additional -bug fix. - - - - -Migration to Version 6.4.2 - - -A dump/restore is not required for those running -6.4.*. - - - -Changes - - - -Fix for datetime constant problem on some platforms(Thomas) - - - - - - - - -Release 6.4.1 - - - Release date: - 1998-12-18 - - - -This is basically a cleanup release for 6.4. We have fixed a variety of -problems reported by 6.4 users. - - - - -Migration to Version 6.4.1 - - -A dump/restore is not required for those running -6.4. - - - -Changes - - - -Add pg_dump -N flag to force double quotes around identifiers. This is - the default(Thomas) -Fix for NOT in where clause causing crash(Bruce) -EXPLAIN VERBOSE coredump fix(Vadim) -Fix shared-library problems on Linux -Fix test for table existence to allow mixed-case and whitespace in - the table name(Thomas) -Fix a couple of pg_dump bugs -Configure matches template/.similar entries better(Tom) -Change builtin function names from SPI_* to spi_* -OR WHERE clause fix(Vadim) -Fixes for mixed-case table names(Billy) -contrib/linux/postgres.init.csh/sh fix(Thomas) -libpq memory overrun fix -SunOS fixes(Tom) -Change exp() behavior to generate error on underflow(Thomas) -pg_dump fixes for memory leak, inheritance constraints, layout change -update pgaccess to 0.93 -Fix prototype for 64-bit platforms -Multibyte fixes(Tatsuo) -New ecpg man page -Fix memory overruns(Tatsuo) -Fix for lo_import() crash(Bruce) -Better search for install program(Tom) -Timezone fixes(Tom) -HP-UX fixes(Tom) -Use implicit type coercion for matching DEFAULT values(Thomas) -Add routines to help with single-byte (internal) character type(Thomas) -Compilation of libpq for Windows fixes(Magnus) -Upgrade to PyGreSQL 2.2(D'Arcy) - - - - - - - - -Release 6.4 - - - Release date: - 1998-10-30 - - - -There are many new features and improvements in this release. -Thanks to our developers and maintainers, nearly every aspect of the system -has received some attention since the previous release. -Here is a brief, incomplete summary: - - - - -Views and rules are now functional thanks to extensive new code in the -rewrite rules system from Jan Wieck. He also wrote a chapter on it -for the Programmer's Guide. - - - - -Jan also contributed a second procedural language, PL/pgSQL, to go with the -original PL/pgTCL procedural language he contributed last release. - - - - - -We have optional multiple-byte character set support from Tatsuo Ishii -to complement our existing locale support. - - - - - -Client/server communications has been cleaned up, with better support for -asynchronous messages and interrupts thanks to Tom Lane. - - - - - -The parser will now perform automatic type coercion to match arguments -to available operators and functions, and to match columns and expressions -with target columns. This uses a generic mechanism which supports -the type extensibility features of PostgreSQL. -There is a new chapter in the User's Guide -which covers this topic. - - - - - -Three new data types have been added. -Two types, inet and cidr, support various forms -of IP network, subnet, and machine addressing. There is now an 8-byte integer -type available on some platforms. See the chapter on data types -in the User's Guide for details. -A fourth type, serial, is now supported by the parser as an -amalgam of the int4 type, a sequence, and a unique index. - - - - - -Several more SQL92-compatible syntax features have been -added, including INSERT DEFAULT VALUES - - - - - -The automatic configuration and installation system has received some -attention, and should be more robust for more platforms than it has ever -been. - - - - - - - -Migration to Version 6.4 - - -A dump/restore using pg_dump -or pg_dumpall -is required for those wishing to migrate data from any -previous release of PostgreSQL. - - - - -Changes - - - -Bug Fixes ---------- -Fix for a tiny memory leak in PQsetdb/PQfinish(Bryan) -Remove char2-16 data types, use char/varchar(Darren) -Pqfn not handles a NOTICE message(Anders) -Reduced busywaiting overhead for spinlocks with many backends (dg) -Stuck spinlock detection (dg) -Fix up "ISO-style" timespan decoding and encoding(Thomas) -Fix problem with table drop after rollback of transaction(Vadim) -Change error message and remove non-functional update message(Vadim) -Fix for COPY array checking -Fix for SELECT 1 UNION SELECT NULL -Fix for buffer leaks in large object calls(Pascal) -Change owner from oid to int4 type(Bruce) -Fix a bug in the oracle compatibility functions btrim() ltrim() and rtrim() -Fix for shared invalidation cache overflow(Massimo) -Prevent file descriptor leaks in failed COPY's(Bruce) -Fix memory leak in libpgtcl's pg_select(Constantin) -Fix problems with username/passwords over 8 characters(Tom) -Fix problems with handling of asynchronous NOTIFY in backend(Tom) -Fix of many bad system table entries(Tom) - -Enhancements ------------- -Upgrade ecpg and ecpglib,see src/interfaces/ecpc/ChangeLog(Michael) -Show the index used in an EXPLAIN(Zeugswetter) -EXPLAIN invokes rule system and shows plan(s) for rewritten queries(Jan) -Multibyte awareness of many data types and functions, via configure(Tatsuo) -New configure --with-mb option(Tatsuo) -New initdb --pgencoding option(Tatsuo) -New createdb -E multibyte option(Tatsuo) -Select version(); now returns PostgreSQL version(Jeroen) -libpq now allows asynchronous clients(Tom) -Allow cancel from client of backend query(Tom) -psql now cancels query with Control-C(Tom) -libpq users need not issue dummy queries to get NOTIFY messages(Tom) -NOTIFY now sends sender's PID, so you can tell whether it was your own(Tom) -PGresult struct now includes associated error message, if any(Tom) -Define "tz_hour" and "tz_minute" arguments to date_part()(Thomas) -Add routines to convert between varchar and bpchar(Thomas) -Add routines to allow sizing of varchar and bpchar into target columns(Thomas) -Add bit flags to support timezonehour and minute in data retrieval(Thomas) -Allow more variations on valid floating point numbers (e.g. ".1", "1e6")(Thomas) -Fixes for unary minus parsing with leading spaces(Thomas) -Implement TIMEZONE_HOUR, TIMEZONE_MINUTE per SQL92 specs(Thomas) -Check for and properly ignore FOREIGN KEY column constraints(Thomas) -Define USER as synonym for CURRENT_USER per SQL92 specs(Thomas) -Enable HAVING clause but no fixes elsewhere yet. -Make "char" type a synonym for "char(1)" (actually implemented as bpchar)(Thomas) -Save string type if specified for DEFAULT clause handling(Thomas) -Coerce operations involving different data types(Thomas) -Allow some index use for columns of different types(Thomas) -Add capabilities for automatic type conversion(Thomas) -Cleanups for large objects, so file is truncated on open(Peter) -Readline cleanups(Tom) -Allow psql \f \ to make spaces as delimiter(Bruce) -Pass pg_attribute.atttypmod to the frontend for column field lengths(Tom,Bruce) -Msql compatibility library in /contrib(Aldrin) -Remove the requirement that ORDER/GROUP BY clause identifiers be -included in the target list(David) -Convert columns to match columns in UNION clauses(Thomas) -Remove fork()/exec() and only do fork()(Bruce) -Jdbc cleanups(Peter) -Show backend status on ps command line(only works on some platforms)(Bruce) -Pg_hba.conf now has a sameuser option in the database field -Make lo_unlink take oid param, not int4 -New DISABLE_COMPLEX_MACRO for compilers that cannot handle our macros(Bruce) -Libpgtcl now handles NOTIFY as a Tcl event, need not send dummy queries(Tom) -libpgtcl cleanups(Tom) -Add -error option to libpgtcl's pg_result command(Tom) -New locale patch, see docs/README/locale(Oleg) -Fix for pg_dump so CONSTRAINT and CHECK syntax is correct(ccb) -New contrib/lo code for large object orphan removal(Peter) -New psql command "SET CLIENT_ENCODING TO 'encoding'" for multibytes -feature, see /doc/README.mb(Tatsuo) -contrib/noupdate code to revoke update permission on a column -libpq can now be compiled on Windows(Magnus) -Add PQsetdbLogin() in libpq -New 8-byte integer type, checked by configure for OS support(Thomas) -Better support for quoted table/column names(Thomas) -Surround table and column names with double-quotes in pg_dump(Thomas) -PQreset() now works with passwords(Tom) -Handle case of GROUP BY target list column number out of range(David) -Allow UNION in subselects -Add auto-size to screen to \d? commands(Bruce) -Use UNION to show all \d? results in one query(Bruce) -Add \d? field search feature(Bruce) -Pg_dump issues fewer \connect requests(Tom) -Make pg_dump -z flag work better, document it in manual page(Tom) -Add HAVING clause with full support for subselects and unions(Stephan) -Full text indexing routines in contrib/fulltextindex(Maarten) -Transaction ids now stored in shared memory(Vadim) -New PGCLIENTENCODING when issuing COPY command(Tatsuo) -Support for SQL92 syntax "SET NAMES"(Tatsuo) -Support for LATIN2-5(Tatsuo) -Add UNICODE regression test case(Tatsuo) -Lock manager cleanup, new locking modes for LLL(Vadim) -Allow index use with OR clauses(Bruce) -Allows "SELECT NULL ORDER BY 1;" -Explain VERBOSE prints the plan, and now pretty-prints the plan to -the postmaster log file(Bruce) -Add indexes display to \d command(Bruce) -Allow GROUP BY on functions(David) -New pg_class.relkind for large objects(Bruce) -New way to send libpq NOTICE messages to a different location(Tom) -New \w write command to psql(Bruce) -New /contrib/findoidjoins scans oid columns to find join relationships(Bruce) -Allow binary-compatible indexes to be considered when checking for valid -Indexes for restriction clauses containing a constant(Thomas) -New ISBN/ISSN code in /contrib/isbn_issn -Allow NOT LIKE, IN, NOT IN, BETWEEN, and NOT BETWEEN constraint(Thomas) -New rewrite system fixes many problems with rules and views(Jan) - * Rules on relations work - * Event qualifications on insert/update/delete work - * New OLD variable to reference CURRENT, CURRENT will be remove in future - * Update rules can reference NEW and OLD in rule qualifications/actions - * Insert/update/delete rules on views work - * Multiple rule actions are now supported, surrounded by parentheses - * Regular users can create views/rules on tables they have RULE permits - * Rules and views inherit the privileges of the creator - * No rules at the column level - * No UPDATE NEW/OLD rules - * New pg_tables, pg_indexes, pg_rules and pg_views system views - * Only a single action on SELECT rules - * Total rewrite overhaul, perhaps for 6.5 - * handle subselects - * handle aggregates on views - * handle insert into select from view works -System indexes are now multikey(Bruce) -Oidint2, oidint4, and oidname types are removed(Bruce) -Use system cache for more system table lookups(Bruce) -New backend programming language PL/pgSQL in backend/pl(Jan) -New SERIAL data type, auto-creates sequence/index(Thomas) -Enable assert checking without a recompile(Massimo) -User lock enhancements(Massimo) -New setval() command to set sequence value(Massimo) -Auto-remove unix socket file on start-up if no postmaster running(Massimo) -Conditional trace package(Massimo) -New UNLISTEN command(Massimo) -psql and libpq now compile under Windows using win32.mak(Magnus) -Lo_read no longer stores trailing NULL(Bruce) -Identifiers are now truncated to 31 characters internally(Bruce) -Createuser options now available on the command line -Code for 64-bit integer supported added, configure tested, int8 type(Thomas) -Prevent file descriptor leaf from failed COPY(Bruce) -New pg_upgrade command(Bruce) -Updated /contrib directories(Massimo) -New CREATE TABLE DEFAULT VALUES statement available(Thomas) -New INSERT INTO TABLE DEFAULT VALUES statement available(Thomas) -New DECLARE and FETCH feature(Thomas) -libpq's internal structures now not exported(Tom) -Allow up to 8 key indexes(Bruce) -Remove ARCHIVE key word, that is no longer used(Thomas) -pg_dump -n flag to suppress quotes around identifiers -disable system columns for views(Jan) -new INET and CIDR types for network addresses(TomH, Paul) -no more double quotes in psql output -pg_dump now dumps views(Terry) -new SET QUERY_LIMIT(Tatsuo,Jan) - -Source Tree Changes -------------------- -/contrib cleanup(Jun) -Inline some small functions called for every row(Bruce) -Alpha/linux fixes -HP-UX cleanups(Tom) -Multibyte regression tests(Soonmyung.) -Remove --disabled options from configure -Define PGDOC to use POSTGRESDIR by default -Make regression optional -Remove extra braces code to pgindent(Bruce) -Add bsdi shared library support(Bruce) -New --without-CXX support configure option(Brook) -New FAQ_CVS -Update backend flowchart in tools/backend(Bruce) -Change atttypmod from int16 to int32(Bruce, Tom) -Getrusage() fix for platforms that do not have it(Tom) -Add PQconnectdb, PGUSER, PGPASSWORD to libpq man page -NS32K platform fixes(Phil Nelson, John Buller) -SCO 7/UnixWare 2.x fixes(Billy,others) -Sparc/Solaris 2.5 fixes(Ryan) -Pgbuiltin.3 is obsolete, move to doc files(Thomas) -Even more documentation(Thomas) -Nextstep support(Jacek) -Aix support(David) -pginterface manual page(Bruce) -shared libraries all have version numbers -merged all OS-specific shared library defines into one file -smarter TCL/TK configuration checking(Billy) -smarter perl configuration(Brook) -configure uses supplied install-sh if no install script found(Tom) -new Makefile.shlib for shared library configuration(Tom) - - - - - - -Release 6.3.2 - - - Release date: - 1998-04-07 - - - -This is a bug-fix release for 6.3.x. -Refer to the release notes for version 6.3 for a more complete summary of new features. - - -Summary: - - - - -Repairs automatic configuration support for some platforms, including Linux, -from breakage inadvertently introduced in version 6.3.1. - - - - - -Correctly handles function calls on the left side of BETWEEN and LIKE clauses. - - - - - - -A dump/restore is NOT required for those running 6.3 or 6.3.1. A -make distclean, make, and make install is all that is required. -This last step should be performed while the postmaster is not running. -You should re-link any custom applications that use PostgreSQL libraries. - - -For upgrades from pre-6.3 installations, -refer to the installation and migration instructions for version 6.3. - - - - Changes - - - -Configure detection improvements for tcl/tk(Brook Milligan, Alvin) -Manual page improvements(Bruce) -BETWEEN and LIKE fix(Thomas) -fix for psql \connect used by pg_dump(Oliver Elphick) -New odbc driver -pgaccess, version 0.86 -qsort removed, now uses libc version, cleanups(Jeroen) -fix for buffer over-runs detected(Maurice Gittens) -fix for buffer overrun in libpgtcl(Randy Kunkee) -fix for UNION with DISTINCT or ORDER BY(Bruce) -gettimeofday configure check(Doug Winterburn) -Fix "indexes not used" bug(Vadim) -docs additions(Thomas) -Fix for backend memory leak(Bruce) -libreadline cleanup(Erwan MAS) -Remove DISTDIR(Bruce) -Makefile dependency cleanup(Jeroen van Vianen) -ASSERT fixes(Bruce) - - - - - - - Release 6.3.1 - - - Release date: - 1998-03-23 - - - - Summary: - - - - -Additional support for multibyte character sets. - - - - - -Repair byte ordering for mixed-endian clients and servers. - - - - - -Minor updates to allowed SQL syntax. - - - - - -Improvements to the configuration autodetection for installation. - - - - - - -A dump/restore is NOT required for those running 6.3. A -make distclean, make, and make install is all that is required. -This last step should be performed while the postmaster is not running. -You should re-link any custom applications that use PostgreSQL libraries. - - -For upgrades from pre-6.3 installations, -refer to the installation and migration instructions for version 6.3. - - - - Changes - - - -ecpg cleanup/fixes, now version 1.1(Michael Meskes) -pg_user cleanup(Bruce) -large object fix for pg_dump and tclsh (alvin) -LIKE fix for multiple adjacent underscores -fix for redefining builtin functions(Thomas) -ultrix4 cleanup -upgrade to pg_access 0.83 -updated CLUSTER manual page -multibyte character set support, see doc/README.mb(Tatsuo) -configure --with-pgport fix -pg_ident fix -big-endian fix for backend communications(Kataoka) -SUBSTR() and substring() fix(Jan) -several jdbc fixes(Peter) -libpgtcl improvements, see libptcl/README(Randy Kunkee) -Fix for "Datasize = 0" error(Vadim) -Prevent \do from wrapping(Bruce) -Remove duplicate Russian character set entries -Sunos4 cleanup -Allow optional TABLE key word in LOCK and SELECT INTO(Thomas) -CREATE SEQUENCE options to allow a negative integer(Thomas) -Add "PASSWORD" as an allowed column identifier(Thomas) -Add checks for UNION target fields(Bruce) -Fix Alpha port(Dwayne Bailey) -Fix for text arrays containing quotes(Doug Gibson) -Solaris compile fix(Albert Chin-A-Young) -Better identify tcl and tk libs and includes(Bruce) - - - - - - - Release 6.3 - - - Release date: - 1998-03-01 - - - - There are many new features and improvements in this release. - Here is a brief, incomplete summary: - - - - - Many new SQL features, including - full SQL92 subselect capability - (everything is here but target-list subselects). - - - - - - Support for client-side environment variables to specify time zone and date style. - - - - - - Socket interface for client/server connection. This is the default now - so you might need to start postmaster with the - flag. - - - - - - Better password authorization mechanisms. Default table privileges have changed. - - - - - - Old-style time travel - has been removed. Performance has been improved. - - - - - - - - Bruce Momjian wrote the following notes to introduce the new release. - - - - - There are some general 6.3 issues that I want to mention. These are - only the big items that cannot be described in one sentence. A review - of the detailed changes list is still needed. - - - First, we now have subselects. Now that we have them, I would like to - mention that without subselects, SQL is a very limited language. - Subselects are a major feature, and you should review your code for - places where subselects provide a better solution for your queries. I - think you will find that there are more uses for subselects than you might - think. Vadim has put us on the big SQL map with subselects, and fully - functional ones too. The only thing you cannot do with subselects is to - use them in the target list. - - - Second, 6.3 uses Unix domain sockets rather than TCP/IP by default. To - enable connections from other machines, you have to use the new - postmaster -i option, and of course edit pg_hba.conf. Also, for this - reason, the format of pg_hba.conf has changed. - - - Third, char() fields will now allow faster access than varchar() or - text. Specifically, the text and varchar() have a penalty for access to - any columns after the first column of this type. char() used to also - have this access penalty, but it no longer does. This might suggest that - you redesign some of your tables, especially if you have short character - columns that you have defined as varchar() or text. This and other - changes make 6.3 even faster than earlier releases. - - - We now have passwords definable independent of any Unix file. There are - new SQL USER commands. - See the Administrator's Guide for more - information. There is a new table, pg_shadow, which is used to store - user information and user passwords, and it by default only SELECT-able - by the postgres super-user. pg_user is now a view of pg_shadow, and is - SELECT-able by PUBLIC. You should keep using pg_user in your - application without changes. - - - User-created tables now no longer have SELECT privilege to PUBLIC by - default. This was done because the ANSI standard requires it. You can - of course GRANT any privileges you want after the table is created. - System tables continue to be SELECT-able by PUBLIC. - - - We also have real deadlock detection code. No more sixty-second - timeouts. And the new locking code implements a FIFO better, so there - should be less resource starvation during heavy use. - - - Many complaints have been made about inadequate documentation in previous - releases. Thomas has put much effort into many new manuals for this - release. Check out the doc/ directory. - - - For performance reasons, time travel is gone, but can be implemented - using triggers (see pgsql/contrib/spi/README). Please check out the new - \d command for types, operators, etc. Also, views have their own - privileges now, not based on the underlying tables, so privileges on - them have to be set separately. Check /pgsql/interfaces for some new - ways to talk to PostgreSQL. - - - This is the first release that really required an explanation for - existing users. In many ways, this was necessary because the new - release removes many limitations, and the work-arounds people were using - are no longer needed. - - - - Migration to Version 6.3 - - - A dump/restore using pg_dump - or pg_dumpall - is required for those wishing to migrate data from any - previous release of PostgreSQL. - - - - - Changes - - - -Bug Fixes ---------- -Fix binary cursors broken by MOVE implementation(Vadim) -Fix for tcl library crash(Jan) -Fix for array handling, from Gerhard Hintermayer -Fix acl error, and remove duplicate pqtrace(Bruce) -Fix psql \e for empty file(Bruce) -Fix for textcat on varchar() fields(Bruce) -Fix for DBT Sendproc (Zeugswetter Andres) -Fix vacuum analyze syntax problem(Bruce) -Fix for international identifiers(Tatsuo) -Fix aggregates on inherited tables(Bruce) -Fix substr() for out-of-bounds data -Fix for select 1=1 or 2=2, select 1=1 and 2=2, and select sum(2+2)(Bruce) -Fix notty output to show status result. -q option still turns it off(Bruce) -Fix for count(*), aggs with views and multiple tables and sum(3)(Bruce) -Fix cluster(Bruce) -Fix for PQtrace start/stop several times(Bruce) -Fix a variety of locking problems like newer lock waiters getting - lock before older waiters, and having readlock people not share - locks if a writer is waiting for a lock, and waiting writers not - getting priority over waiting readers(Bruce) -Fix crashes in psql when executing queries from external files(James) -Fix problem with multiple order by columns, with the first one having - NULL values(Jeroen) -Use correct hash table support functions for float8 and int4(Thomas) -Re-enable JOIN= option in CREATE OPERATOR statement (Thomas) -Change precedence for boolean operators to match expected behavior(Thomas) -Generate elog(ERROR) on over-large integer(Bruce) -Allow multiple-argument functions in constraint clauses(Thomas) -Check boolean input literals for 'true','false','yes','no','1','0' - and throw elog(ERROR) if unrecognized(Thomas) -Major large objects fix -Fix for GROUP BY showing duplicates(Vadim) -Fix for index scans in MergeJoin(Vadim) - -Enhancements ------------- -Subselects with EXISTS, IN, ALL, ANY key words (Vadim, Bruce, Thomas) -New User Manual(Thomas, others) -Speedup by inlining some frequently-called functions -Real deadlock detection, no more timeouts(Bruce) -Add SQL92 "constants" CURRENT_DATE, CURRENT_TIME, CURRENT_TIMESTAMP, - CURRENT_USER(Thomas) -Modify constraint syntax to be SQL92-compliant(Thomas) -Implement SQL92 PRIMARY KEY and UNIQUE clauses using indexes(Thomas) -Recognize SQL92 syntax for FOREIGN KEY. Throw elog notice(Thomas) -Allow NOT NULL UNIQUE constraint clause (each allowed separately before)(Thomas) -Allow PostgreSQL-style casting ("::") of non-constants(Thomas) -Add support for SQL3 TRUE and FALSE boolean constants(Thomas) -Support SQL92 syntax for IS TRUE/IS FALSE/IS NOT TRUE/IS NOT FALSE(Thomas) -Allow shorter strings for boolean literals (e.g. "t", "tr", "tru")(Thomas) -Allow SQL92 delimited identifiers(Thomas) -Implement SQL92 binary and hexadecimal string decoding (b'10' and x'1F')(Thomas) -Support SQL92 syntax for type coercion of literal strings - (e.g. "DATETIME 'now'")(Thomas) -Add conversions for int2, int4, and OID types to and from text(Thomas) -Use shared lock when building indexes(Vadim) -Free memory allocated for a user query inside transaction block after - this query is done, was turned off in <= 6.2.1(Vadim) -New SQL statement CREATE PROCEDURAL LANGUAGE(Jan) -New PostgreSQL Procedural Language (PL) backend interface(Jan) -Rename pg_dump -H option to -h(Bruce) -Add Java support for passwords, European dates(Peter) -Use indexes for LIKE and ~, !~ operations(Bruce) -Add hash functions for datetime and timespan(Thomas) -Time Travel removed(Vadim, Bruce) -Add paging for \d and \z, and fix \i(Bruce) -Add Unix domain socket support to backend and to frontend library(Goran) -Implement CREATE DATABASE/WITH LOCATION and initlocation utility(Thomas) -Allow more SQL92 and/or PostgreSQL reserved words as column identifiers(Thomas) -Augment support for SQL92 SET TIME ZONE...(Thomas) -SET/SHOW/RESET TIME ZONE uses TZ backend environment variable(Thomas) -Implement SET keyword = DEFAULT and SET TIME ZONE DEFAULT(Thomas) -Enable SET TIME ZONE using TZ environment variable(Thomas) -Add PGDATESTYLE environment variable to frontend and backend initialization(Thomas) -Add PGTZ, PGCOSTHEAP, PGCOSTINDEX, PGRPLANS, PGGEQO - frontend library initialization environment variables(Thomas) -Regression tests time zone automatically set with "setenv PGTZ PST8PDT"(Thomas) -Add pg_description table for info on tables, columns, operators, types, and - aggregates(Bruce) -Increase 16 char limit on system table/index names to 32 characters(Bruce) -Rename system indexes(Bruce) -Add 'GERMAN' option to SET DATESTYLE(Thomas) -Define an "ISO-style" timespan output format with "hh:mm:ss" fields(Thomas) -Allow fractional values for delta times (e.g. '2.5 days')(Thomas) -Validate numeric input more carefully for delta times(Thomas) -Implement day of year as possible input to date_part()(Thomas) -Define timespan_finite() and text_timespan() functions(Thomas) -Remove archive stuff(Bruce) -Allow for a pg_password authentication database that is separate from - the system password file(Todd) -Dump ACLs, GRANT, REVOKE privileges(Matt) -Define text, varchar, and bpchar string length functions(Thomas) -Fix Query handling for inheritance, and cost computations(Bruce) -Implement CREATE TABLE/AS SELECT (alternative to SELECT/INTO)(Thomas) -Allow NOT, IS NULL, IS NOT NULL in constraints(Thomas) -Implement UNIONs for SELECT(Bruce) -Add UNION, GROUP, DISTINCT to INSERT(Bruce) -varchar() stores only necessary bytes on disk(Bruce) -Fix for BLOBs(Peter) -Mega-Patch for JDBC...see README_6.3 for list of changes(Peter) -Remove unused "option" from PQconnectdb() -New LOCK command and lock manual page describing deadlocks(Bruce) -Add new psql \da, \dd, \df, \do, \dS, and \dT commands(Bruce) -Enhance psql \z to show sequences(Bruce) -Show NOT NULL and DEFAULT in psql \d table(Bruce) -New psql .psqlrc file start-up(Andrew) -Modify sample start-up script in contrib/linux to show syslog(Thomas) -New types for IP and MAC addresses in contrib/ip_and_mac(TomH) -Unix system time conversions with date/time types in contrib/unixdate(Thomas) -Update of contrib stuff(Massimo) -Add Unix socket support to DBD::Pg(Goran) -New python interface (PyGreSQL 2.0)(D'Arcy) -New frontend/backend protocol has a version number, network byte order(Phil) -Security features in pg_hba.conf enhanced and documented, many cleanups(Phil) -CHAR() now faster access than VARCHAR() or TEXT -ecpg embedded SQL preprocessor -Reduce system column overhead(Vadmin) -Remove pg_time table(Vadim) -Add pg_type attribute to identify types that need length (bpchar, varchar) -Add report of offending line when COPY command fails -Allow VIEW privileges to be set separately from the underlying tables. - For security, use GRANT/REVOKE on views as appropriate(Jan) -Tables now have no default GRANT SELECT TO PUBLIC. You must - explicitly grant such privileges. -Clean up tutorial examples(Darren) - -Source Tree Changes -------------------- -Add new html development tools, and flow chart in /tools/backend -Fix for SCO compiles -Stratus computer port Robert Gillies -Added support for shlib for BSD44_derived & i386_solaris -Make configure more automated(Brook) -Add script to check regression test results -Break parser functions into smaller files, group together(Bruce) -Rename heap_create to heap_create_and_catalog, rename heap_creatr - to heap_create()(Bruce) -Sparc/Linux patch for locking(TomS) -Remove PORTNAME and reorganize port-specific stuff(Marc) -Add optimizer README file(Bruce) -Remove some recursion in optimizer and clean up some code there(Bruce) -Fix for NetBSD locking(Henry) -Fix for libptcl make(Tatsuo) -AIX patch(Darren) -Change IS TRUE, IS FALSE, ... to expressions using "=" rather than - function calls to istrue() or isfalse() to allow optimization(Thomas) -Various fixes NetBSD/Sparc related(TomH) -Alpha linux locking(Travis,Ryan) -Change elog(WARN) to elog(ERROR)(Bruce) -FAQ for FreeBSD(Marc) -Bring in the PostODBC source tree as part of our standard distribution(Marc) -A minor patch for HP/UX 10 vs 9(Stan) -New pg_attribute.atttypmod for type-specific info like varchar length(Bruce) -UnixWare patches(Billy) -New i386 'lock' for spinlock asm(Billy) -Support for multiplexed backends is removed -Start an OpenBSD port -Start an AUX port -Start a Cygnus port -Add string functions to regression suite(Thomas) -Expand a few function names formerly truncated to 16 characters(Thomas) -Remove un-needed malloc() calls and replace with palloc()(Bruce) - - - - - - -Release 6.2.1 - - - Release date: - 1997-10-17 - - - -6.2.1 is a bug-fix and usability release on 6.2. - - -Summary: - - - - -Allow strings to span lines, per SQL92. - - - - - -Include example trigger function for inserting user names on table updates. - - - - - - -This is a minor bug-fix release on 6.2. -For upgrades from pre-6.2 systems, a full dump/reload is required. -Refer to the 6.2 release notes for instructions. - - - -Migration from version 6.2 to version 6.2.1 - - -This is a minor bug-fix release. A dump/reload is not required from version 6.2, -but is required from any release prior to 6.2. - - -In upgrading from version 6.2, if you choose to dump/reload you will find that -avg(money) is now calculated correctly. All other bug fixes take effect -upon updating the executables. - - -Another way to avoid dump/reload is to use the following SQL command -from psql to update the existing system table: - - -update pg_aggregate set aggfinalfn = 'cash_div_flt8' - where aggname = 'avg' and aggbasetype = 790; - - - -This will need to be done to every existing database, including template1. - - - - - Changes - - - -Allow TIME and TYPE column names(Thomas) -Allow larger range of true/false as boolean values(Thomas) -Support output of "now" and "current"(Thomas) -Handle DEFAULT with INSERT of NULL properly(Vadim) -Fix for relation reference counts problem in buffer manager(Vadim) -Allow strings to span lines, like ANSI(Thomas) -Fix for backward cursor with ORDER BY(Vadim) -Fix avg(cash) computation(Thomas) -Fix for specifying a column twice in ORDER/GROUP BY(Vadim) -Documented new libpq function to return affected rows, PQcmdTuples(Bruce) -Trigger function for inserting user names for INSERT/UPDATE(Brook Milligan) - - - - - - -Release 6.2 - - - Release date: - 1997-10-02 - - - -A dump/restore is required for those wishing to migrate data from -previous releases of PostgreSQL. - - - -Migration from version 6.1 to version 6.2 - - -This migration requires a complete dump of the 6.1 database and a -restore of the database in 6.2. - - -Note that the pg_dump and pg_dumpall utility from 6.2 should be used -to dump the 6.1 database. - - - - -Migration from version 1.<replaceable>x</> to version 6.2 - - -Those migrating from earlier 1.* releases should first upgrade to 1.09 -because the COPY output format was improved from the 1.02 release. - - - - - Changes - - - -Bug Fixes ---------- -Fix problems with pg_dump for inheritance, sequences, archive tables(Bruce) -Fix compile errors on overflow due to shifts, unsigned, and bad prototypes - from Solaris(Diab Jerius) -Fix bugs in geometric line arithmetic (bad intersection calculations)(Thomas) -Check for geometric intersections at endpoints to avoid rounding ugliness(Thomas) -Catch non-functional delete attempts(Vadim) -Change time function names to be more consistent(Michael Reifenberg) -Check for zero divides(Michael Reifenberg) -Fix very old bug which made rows changed/inserted by a command - visible to the command itself (so we had multiple update of - updated rows, etc.)(Vadim) -Fix for SELECT null, 'fail' FROM pg_am (Patrick) -SELECT NULL as EMPTY_FIELD now allowed(Patrick) -Remove un-needed signal stuff from contrib/pginterface -Fix OR (where x != 1 or x isnull didn't return rows with x NULL) (Vadim) -Fix time_cmp function (Vadim) -Fix handling of functions with non-attribute first argument in - WHERE clauses (Vadim) -Fix GROUP BY when order of entries is different from order - in target list (Vadim) -Fix pg_dump for aggregates without sfunc1 (Vadim) - -Enhancements ------------- -Default genetic optimizer GEQO parameter is now 8(Bruce) -Allow use parameters in target list having aggregates in functions(Vadim) -Added JDBC driver as an interface(Adrian & Peter) -pg_password utility -Return number of rows inserted/affected by INSERT/UPDATE/DELETE etc.(Vadim) -Triggers implemented with CREATE TRIGGER (SQL3)(Vadim) -SPI (Server Programming Interface) allows execution of queries inside - C-functions (Vadim) -NOT NULL implemented (SQL92)(Robson Paniago de Miranda) -Include reserved words for string handling, outer joins, and unions(Thomas) -Implement extended comments ("/* ... */") using exclusive states(Thomas) -Add "//" single-line comments(Bruce) -Remove some restrictions on characters in operator names(Thomas) -DEFAULT and CONSTRAINT for tables implemented (SQL92)(Vadim & Thomas) -Add text concatenation operator and function (SQL92)(Thomas) -Support WITH TIME ZONE syntax (SQL92)(Thomas) -Support INTERVAL unit TO unit syntax (SQL92)(Thomas) -Define types DOUBLE PRECISION, INTERVAL, CHARACTER, - and CHARACTER VARYING (SQL92)(Thomas) -Define type FLOAT(p) and rudimentary DECIMAL(p,s), NUMERIC(p,s) (SQL92)(Thomas) -Define EXTRACT(), POSITION(), SUBSTRING(), and TRIM() (SQL92)(Thomas) -Define CURRENT_DATE, CURRENT_TIME, CURRENT_TIMESTAMP (SQL92)(Thomas) -Add syntax and warnings for UNION, HAVING, INNER and OUTER JOIN (SQL92)(Thomas) -Add more reserved words, mostly for SQL92 compliance(Thomas) -Allow hh:mm:ss time entry for timespan/reltime types(Thomas) -Add center() routines for lseg, path, polygon(Thomas) -Add distance() routines for circle-polygon, polygon-polygon(Thomas) -Check explicitly for points and polygons contained within polygons - using an axis-crossing algorithm(Thomas) -Add routine to convert circle-box(Thomas) -Merge conflicting operators for different geometric data types(Thomas) -Replace distance operator "<===>" with "<->"(Thomas) -Replace "above" operator "!^" with ">^" and "below" operator "!|" with "<^"(Thomas) -Add routines for text trimming on both ends, substring, and string position(Thomas) -Added conversion routines circle(box) and poly(circle)(Thomas) -Allow internal sorts to be stored in memory rather than in files(Bruce & Vadim) -Allow functions and operators on internally-identical types to succeed(Bruce) -Speed up backend start-up after profiling analysis(Bruce) -Inline frequently called functions for performance(Bruce) -Reduce open() calls(Bruce) -psql: Add PAGER for \h and \?,\C fix -Fix for psql pager when no tty(Bruce) -New entab utility(Bruce) -General trigger functions for referential integrity (Vadim) -General trigger functions for time travel (Vadim) -General trigger functions for AUTOINCREMENT/IDENTITY feature (Vadim) -MOVE implementation (Vadim) - -Source Tree Changes -------------------- -HP-UX 10 patches (Vladimir Turin) -Added SCO support, (Daniel Harris) -MkLinux patches (Tatsuo Ishii) -Change geometric box terminology from "length" to "width"(Thomas) -Deprecate temporary unstored slope fields in geometric code(Thomas) -Remove restart instructions from INSTALL(Bruce) -Look in /usr/ucb first for install(Bruce) -Fix c++ copy example code(Thomas) -Add -o to psql manual page(Bruce) -Prevent relname unallocated string length from being copied into database(Bruce) -Cleanup for NAMEDATALEN use(Bruce) -Fix pg_proc names over 15 chars in output(Bruce) -Add strNcpy() function(Bruce) -remove some (void) casts that are unnecessary(Bruce) -new interfaces directory(Marc) -Replace fopen() calls with calls to fd.c functions(Bruce) -Make functions static where possible(Bruce) -enclose unused functions in #ifdef NOT_USED(Bruce) -Remove call to difftime() in timestamp support to fix SunOS(Bruce & Thomas) -Changes for Digital Unix -Portability fix for pg_dumpall(Bruce) -Rename pg_attribute.attnvals to attdispersion(Bruce) -"intro/unix" manual page now "pgintro"(Bruce) -"built-in" manual page now "pgbuiltin"(Bruce) -"drop" manual page now "drop_table"(Bruce) -Add "create_trigger", "drop_trigger" manual pages(Thomas) -Add constraints regression test(Vadim & Thomas) -Add comments syntax regression test(Thomas) -Add PGINDENT and support program(Bruce) -Massive commit to run PGINDENT on all *.c and *.h files(Bruce) -Files moved to /src/tools directory(Bruce) -SPI and Trigger programming guides (Vadim & D'Arcy) - - - - - - -Release 6.1.1 - - - Release date: - 1997-07-22 - - - -Migration from version 6.1 to version 6.1.1 - - -This is a minor bug-fix release. A dump/reload is not required from version 6.1, -but is required from any release prior to 6.1. -Refer to the release notes for 6.1 for more details. - - - - - Changes - - - -fix for SET with options (Thomas) -allow pg_dump/pg_dumpall to preserve ownership of all tables/objects(Bruce) -new psql \connect option allows changing usernames without changing databases -fix for initdb --debug option(Yoshihiko Ichikawa)) -lextest cleanup(Bruce) -hash fixes(Vadim) -fix date/time month boundary arithmetic(Thomas) -fix timezone daylight handling for some ports(Thomas, Bruce, Tatsuo) -timestamp overhauled to use standard functions(Thomas) -other code cleanup in date/time routines(Thomas) -psql's \d now case-insensitive(Bruce) -psql's backslash commands can now have trailing semicolon(Bruce) -fix memory leak in psql when using \g(Bruce) -major fix for endian handling of communication to server(Thomas, Tatsuo) -Fix for Solaris assembler and include files(Yoshihiko Ichikawa) -allow underscores in usernames(Bruce) -pg_dumpall now returns proper status, portability fix(Bruce) - - - - - - -Release 6.1 - - - Release date: - 1997-06-08 - - - - The regression tests have been adapted and extensively modified for the - 6.1 release of PostgreSQL. - - - - Three new data types (datetime, timespan, and circle) have been added to - the native set of PostgreSQL types. Points, boxes, paths, and polygons - have had their output formats made consistent across the data types. - The polygon output in misc.out has only been spot-checked for correctness - relative to the original regression output. - - - - PostgreSQL 6.1 introduces a new, alternate -optimizer which uses genetic - algorithms. These algorithms introduce a random behavior in the ordering - of query results when the query contains multiple qualifiers or multiple - tables (giving the optimizer a choice on order of evaluation). Several - regression tests have been modified to explicitly order the results, and - hence are insensitive to optimizer choices. A few regression tests are - for data types which are inherently unordered (e.g. points and time - intervals) and tests involving those types are explicitly bracketed with - set geqo to 'off' and reset geqo. - - - - The interpretation of array specifiers (the curly braces around atomic - values) appears to have changed sometime after the original regression - tests were generated. The current ./expected/*.out files reflect this - new interpretation, which might not be correct! - - - - The float8 regression test fails on at least some platforms. This is due - to differences in implementations of pow() and exp() and the signaling - mechanisms used for overflow and underflow conditions. - - - - The random results in the random test should cause the - random test to be failed, since the - regression tests are evaluated using a simple diff. However, - random does not seem to produce random results on my test - machine (Linux/gcc/i686). - - - -Migration to Version 6.1 - - -This migration requires a complete dump of the 6.0 database and a -restore of the database in 6.1. - - -Those migrating from earlier 1.* releases should first upgrade to 1.09 -because the COPY output format was improved from the 1.02 release. - - - - - Changes - - - -Bug Fixes ---------- -packet length checking in library routines -lock manager priority patch -check for under/over flow of float8(Bruce) -multitable join fix(Vadim) -SIGPIPE crash fix(Darren) -large object fixes(Sven) -allow btree indexes to handle NULLs(Vadim) -timezone fixes(D'Arcy) -select SUM(x) can return NULL on no rows(Thomas) -internal optimizer, executor bug fixes(Vadim) -fix problem where inner loop in < or <= has no rows(Vadim) -prevent re-commuting join index clauses(Vadim) -fix join clauses for multiple tables(Vadim) -fix hash, hashjoin for arrays(Vadim) -fix btree for abstime type(Vadim) -large object fixes(Raymond) -fix buffer leak in hash indexes (Vadim) -fix rtree for use in inner scan (Vadim) -fix gist for use in inner scan, cleanups (Vadim, Andrea) -avoid unnecessary local buffers allocation (Vadim, Massimo) -fix local buffers leak in transaction aborts (Vadim) -fix file manager memory leaks, cleanups (Vadim, Massimo) -fix storage manager memory leaks (Vadim) -fix btree duplicates handling (Vadim) -fix deleted rows reincarnation caused by vacuum (Vadim) -fix SELECT varchar()/char() INTO TABLE made zero-length fields(Bruce) -many psql, pg_dump, and libpq memory leaks fixed using Purify (Igor) - -Enhancements ------------- -attribute optimization statistics(Bruce) -much faster new btree bulk load code(Paul) -BTREE UNIQUE added to bulk load code(Vadim) -new lock debug code(Massimo) -massive changes to libpg++(Leo) -new GEQO optimizer speeds table multitable optimization(Martin) -new WARN message for non-unique insert into unique key(Marc) -update x=-3, no spaces, now valid(Bruce) -remove case-sensitive identifier handling(Bruce,Thomas,Dan) -debug backend now pretty-prints tree(Darren) -new Oracle character functions(Edmund) -new plaintext password functions(Dan) -no such class or insufficient privilege changed to distinct messages(Dan) -new ANSI timestamp function(Dan) -new ANSI Time and Date types (Thomas) -move large chunks of data in backend(Martin) -multicolumn btree indexes(Vadim) -new SET var TO value command(Martin) -update transaction status on reads(Dan) -new locale settings for character types(Oleg) -new SEQUENCE serial number generator(Vadim) -GROUP BY function now possible(Vadim) -re-organize regression test(Thomas,Marc) -new optimizer operation weights(Vadim) -new psql \z grant/permit option(Marc) -new MONEY data type(D'Arcy,Thomas) -tcp socket communication speed improved(Vadim) -new VACUUM option for attribute statistics, and for certain columns (Vadim) -many geometric type improvements(Thomas,Keith) -additional regression tests(Thomas) -new datestyle variable(Thomas,Vadim,Martin) -more comparison operators for sorting types(Thomas) -new conversion functions(Thomas) -new more compact btree format(Vadim) -allow pg_dumpall to preserve database ownership(Bruce) -new SET GEQO=# and R_PLANS variable(Vadim) -old (!GEQO) optimizer can use right-sided plans (Vadim) -typechecking improvement in SQL parser(Bruce) -new SET, SHOW, RESET commands(Thomas,Vadim) -new \connect database USER option -new destroydb -i option (Igor) -new \dt and \di psql commands (Darren) -SELECT "\n" now escapes newline (A. Duursma) -new geometry conversion functions from old format (Thomas) - -Source tree changes -------------------- -new configuration script(Marc) -readline configuration option added(Marc) -OS-specific configuration options removed(Marc) -new OS-specific template files(Marc) -no more need to edit Makefile.global(Marc) -re-arrange include files(Marc) -nextstep patches (Gregor Hoffleit) -removed Windows-specific code(Bruce) -removed postmaster -e option, now only postgres -e option (Bruce) -merge duplicate library code in front/backends(Martin) -now works with eBones, international Kerberos(Jun) -more shared library support -c++ include file cleanup(Bruce) -warn about buggy flex(Bruce) -DG/UX, Ultrix, IRIX, AIX portability fixes - - - - - - -Release 6.0 - - - Release date: - 1997-01-29 - - - -A dump/restore is required for those wishing to migrate data from -previous releases of PostgreSQL. - - - -Migration from version 1.09 to version 6.0 - - -This migration requires a complete dump of the 1.09 database and a -restore of the database in 6.0. - - - - -Migration from pre-1.09 to version 6.0 - - -Those migrating from earlier 1.* releases should first upgrade to 1.09 -because the COPY output format was improved from the 1.02 release. - - - - - Changes - - - -Bug Fixes ---------- -ALTER TABLE bug - running postgres process needs to re-read table definition -Allow vacuum to be run on one table or entire database(Bruce) -Array fixes -Fix array over-runs of memory writes(Kurt) -Fix elusive btree range/non-range bug(Dan) -Fix for hash indexes on some types like time and date -Fix for pg_log size explosion -Fix permissions on lo_export()(Bruce) -Fix uninitialized reads of memory(Kurt) -Fixed ALTER TABLE ... char(3) bug(Bruce) -Fixed a few small memory leaks -Fixed EXPLAIN handling of options and changed full_path option name -Fixed output of group acl privileges -Memory leaks (hunt and destroy with tools like Purify(Kurt) -Minor improvements to rules system -NOTIFY fixes -New asserts for run-checking -Overhauled parser/analyze code to properly report errors and increase speed -Pg_dump -d now handles NULL's properly(Bruce) -Prevent SELECT NULL from crashing server (Bruce) -Properly report errors when INSERT ... SELECT columns did not match -Properly report errors when insert column names were not correct -psql \g filename now works(Bruce) -psql fixed problem with multiple statements on one line with multiple outputs -Removed duplicate system OIDs -SELECT * INTO TABLE . GROUP/ORDER BY gives unlink error if table exists(Bruce) -Several fixes for queries that crashed the backend -Starting quote in insert string errors(Bruce) -Submitting an empty query now returns empty status, not just " " query(Bruce) - -Enhancements ------------- -Add EXPLAIN manual page(Bruce) -Add UNIQUE index capability(Dan) -Add hostname/user level access control rather than just hostname and user -Add synonym of != for <>(Bruce) -Allow "select oid,* from table" -Allow BY,ORDER BY to specify columns by number, or by non-alias table.column(Bruce) -Allow COPY from the frontend(Bryan) -Allow GROUP BY to use alias column name(Bruce) -Allow actual compression, not just reuse on the same page(Vadim) -Allow installation-configuration option to auto-add all local users(Bryan) -Allow libpq to distinguish between text value '' and null(Bruce) -Allow non-postgres users with createdb privs to destroydb's -Allow restriction on who can create C functions(Bryan) -Allow restriction on who can do backend COPY(Bryan) -Can shrink tables, pg_time and pg_log(Vadim & Erich) -Change debug level 2 to print queries only, changed debug heading layout(Bruce) -Change default decimal constant representation from float4 to float8(Bruce) -European date format now set when postmaster is started -Execute lowercase function names if not found with exact case -Fixes for aggregate/GROUP processing, allow 'select sum(func(x),sum(x+y) from z' -Gist now included in the distribution(Marc) -Ident authentication of local users(Bryan) -Implement BETWEEN qualifier(Bruce) -Implement IN qualifier(Bruce) -libpq has PQgetisnull()(Bruce) -libpq++ improvements -New options to initdb(Bryan) -Pg_dump allow dump of OIDs(Bruce) -Pg_dump create indexes after tables are loaded for speed(Bruce) -Pg_dumpall dumps all databases, and the user table -Pginterface additions for NULL values(Bruce) -Prevent postmaster from being run as root -psql \h and \? is now readable(Bruce) -psql allow backslashed, semicolons anywhere on the line(Bruce) -psql changed command prompt for lines in query or in quotes(Bruce) -psql char(3) now displays as (bp)char in \d output(Bruce) -psql return code now more accurate(Bryan?) -psql updated help syntax(Bruce) -Re-visit and fix vacuum(Vadim) -Reduce size of regression diffs, remove timezone name difference(Bruce) -Remove compile-time parameters to enable binary distributions(Bryan) -Reverse meaning of HBA masks(Bryan) -Secure Authentication of local users(Bryan) -Speed up vacuum(Vadim) -Vacuum now had VERBOSE option(Bruce) - -Source tree changes -------------------- -All functions now have prototypes that are compared against the calls -Allow asserts to be disabled easily from Makefile.global(Bruce) -Change oid constants used in code to #define names -Decoupled sparc and solaris defines(Kurt) -Gcc -Wall compiles cleanly with warnings only from unfixable constructs -Major include file reorganization/reduction(Marc) -Make now stops on compile failure(Bryan) -Makefile restructuring(Bryan, Marc) -Merge bsdi_2_1 to bsdi(Bruce) -Monitor program removed -Name change from Postgres95 to PostgreSQL -New config.h file(Marc, Bryan) -PG_VERSION now set to 6.0 and used by postmaster -Portability additions, including Ultrix, DG/UX, AIX, and Solaris -Reduced the number of #define's, centralized #define's -Remove duplicate OIDS in system tables(Dan) -Remove duplicate system catalog info or report mismatches(Dan) -Removed many os-specific #define's -Restructured object file generation/location(Bryan, Marc) -Restructured port-specific file locations(Bryan, Marc) -Unused/uninitialized variables corrected - - - - - - -Release 1.09 - - - Release date: - 1996-11-04 - - - -Sorry, we didn't keep track of changes from 1.02 to 1.09. Some of -the changes listed in 6.0 were actually included in the 1.02.1 to 1.09 -releases. - - - - -Release 1.02 - - - Release date: - 1996-08-01 - - - -Migration from version 1.02 to version 1.02.1 - - -Here is a new migration file for 1.02.1. It includes the 'copy' change -and a script to convert old ASCII files. - - - -The following notes are for the benefit of users who want to migrate -databases from Postgres95 1.01 and 1.02 to Postgres95 1.02.1. - - -If you are starting afresh with Postgres95 1.02.1 and do not need -to migrate old databases, you do not need to read any further. - - - - -In order to upgrade older Postgres95 version 1.01 or 1.02 databases to -version 1.02.1, the following steps are required: - - - - -Start up a new 1.02.1 postmaster - - - - -Add the new built-in functions and operators of 1.02.1 to 1.01 or 1.02 - databases. This is done by running the new 1.02.1 server against - your own 1.01 or 1.02 database and applying the queries attached at - the end of the file. This can be done easily through psql. If your - 1.01 or 1.02 database is named testdb and you have cut the commands - from the end of this file and saved them in addfunc.sql: - -% psql testdb -f addfunc.sql - - -Those upgrading 1.02 databases will get a warning when executing the -last two statements in the file because they are already present in 1.02. This is -not a cause for concern. - - - - - - -Dump/Reload Procedure - - -If you are trying to reload a pg_dump or text-mode, copy tablename to -stdout generated with a previous version, you will need to run the -attached sed script on the ASCII file before loading it into the -database. The old format used '.' as end-of-data, while '\.' is now the -end-of-data marker. Also, empty strings are now loaded in as '' rather -than NULL. See the copy manual page for full details. - - -sed 's/^\.$/\\./g' <in_file >out_file - - - -If you are loading an older binary copy or non-stdout copy, there is no -end-of-data character, and hence no conversion necessary. - - --- following lines added by agc to reflect the case-insensitive --- regexp searching for varchar (in 1.02), and bpchar (in 1.02.1) -create operator ~* (leftarg = bpchar, rightarg = text, procedure = texticregexeq); -create operator !~* (leftarg = bpchar, rightarg = text, procedure = texticregexne); -create operator ~* (leftarg = varchar, rightarg = text, procedure = texticregexeq); -create operator !~* (leftarg = varchar, rightarg = text, procedure = texticregexne); - - - - - -Changes - - - -Source code maintenance and development - * worldwide team of volunteers - * the source tree now in CVS at ftp.ki.net - -Enhancements - * psql (and underlying libpq library) now has many more options for - formatting output, including HTML - * pg_dump now output the schema and/or the data, with many fixes to - enhance completeness. - * psql used in place of monitor in administration shell scripts. - monitor to be deprecated in next release. - * date/time functions enhanced - * NULL insert/update/comparison fixed/enhanced - * TCL/TK lib and shell fixed to work with both tck7.4/tk4.0 and tcl7.5/tk4.1 - -Bug Fixes (almost too numerous to mention) - * indexes - * storage management - * check for NULL pointer before dereferencing - * Makefile fixes - -New Ports - * added SolarisX86 port - * added BSD/OS 2.1 port - * added DG/UX port - - - - - - - -Release 1.01 - - - Release date: - 1996-02-23 - - - - -Migration from version 1.0 to version 1.01 - - -The following notes are for the benefit of users who want to migrate -databases from Postgres95 1.0 to Postgres95 1.01. - - -If you are starting afresh with Postgres95 1.01 and do not need -to migrate old databases, you do not need to read any further. - - -In order to Postgres95 version 1.01 with databases created with -Postgres95 version 1.0, the following steps are required: - - - - -Set the definition of NAMEDATALEN in src/Makefile.global to 16 - and OIDNAMELEN to 20. - - - - -Decide whether you want to use Host based authentication. - - - - -If you do, you must create a file name pg_hba in your top-level data - directory (typically the value of your $PGDATA). src/libpq/pg_hba - shows an example syntax. - - - - -If you do not want host-based authentication, you can comment out - the line: - -HBA = 1 - - in src/Makefile.global - - - Note that host-based authentication is turned on by default, and if - you do not take steps A or B above, the out-of-the-box 1.01 will - not allow you to connect to 1.0 databases. - - - - - - - -Compile and install 1.01, but DO NOT do the initdb step. - - - - -Before doing anything else, terminate your 1.0 postmaster, and - backup your existing $PGDATA directory. - - - - -Set your PGDATA environment variable to your 1.0 databases, but set up - path up so that 1.01 binaries are being used. - - - - -Modify the file $PGDATA/PG_VERSION from 5.0 to 5.1 - - - - -Start up a new 1.01 postmaster - - - - -Add the new built-in functions and operators of 1.01 to 1.0 - databases. This is done by running the new 1.01 server against - your own 1.0 database and applying the queries attached and saving - in the file 1.0_to_1.01.sql. This can be done easily through psql. - If your 1.0 database is name testdb: - - -% psql testdb -f 1.0_to_1.01.sql - - -and then execute the following commands (cut and paste from here): - - --- add builtin functions that are new to 1.01 - -create function int4eqoid (int4, oid) returns bool as 'foo' -language 'internal'; -create function oideqint4 (oid, int4) returns bool as 'foo' -language 'internal'; -create function char2icregexeq (char2, text) returns bool as 'foo' -language 'internal'; -create function char2icregexne (char2, text) returns bool as 'foo' -language 'internal'; -create function char4icregexeq (char4, text) returns bool as 'foo' -language 'internal'; -create function char4icregexne (char4, text) returns bool as 'foo' -language 'internal'; -create function char8icregexeq (char8, text) returns bool as 'foo' -language 'internal'; -create function char8icregexne (char8, text) returns bool as 'foo' -language 'internal'; -create function char16icregexeq (char16, text) returns bool as 'foo' -language 'internal'; -create function char16icregexne (char16, text) returns bool as 'foo' -language 'internal'; -create function texticregexeq (text, text) returns bool as 'foo' -language 'internal'; -create function texticregexne (text, text) returns bool as 'foo' -language 'internal'; - --- add builtin functions that are new to 1.01 - -create operator = (leftarg = int4, rightarg = oid, procedure = int4eqoid); -create operator = (leftarg = oid, rightarg = int4, procedure = oideqint4); -create operator ~* (leftarg = char2, rightarg = text, procedure = char2icregexeq); -create operator !~* (leftarg = char2, rightarg = text, procedure = char2icregexne); -create operator ~* (leftarg = char4, rightarg = text, procedure = char4icregexeq); -create operator !~* (leftarg = char4, rightarg = text, procedure = char4icregexne); -create operator ~* (leftarg = char8, rightarg = text, procedure = char8icregexeq); -create operator !~* (leftarg = char8, rightarg = text, procedure = char8icregexne); -create operator ~* (leftarg = char16, rightarg = text, procedure = char16icregexeq); -create operator !~* (leftarg = char16, rightarg = text, procedure = char16icregexne); -create operator ~* (leftarg = text, rightarg = text, procedure = texticregexeq); -create operator !~* (leftarg = text, rightarg = text, procedure = texticregexne); - - - - - - - -Changes - - - -Incompatibilities: - * 1.01 is backwards compatible with 1.0 database provided the user - follow the steps outlined in the MIGRATION_from_1.0_to_1.01 file. - If those steps are not taken, 1.01 is not compatible with 1.0 database. - -Enhancements: - * added PQdisplayTuples() to libpq and changed monitor and psql to use it - * added NeXT port (requires SysVIPC implementation) - * added CAST .. AS ... syntax - * added ASC and DESC key words - * added 'internal' as a possible language for CREATE FUNCTION - internal functions are C functions which have been statically linked - into the postgres backend. - * a new type "name" has been added for system identifiers (table names, - attribute names, etc.) This replaces the old char16 type. The - of name is set by the NAMEDATALEN #define in src/Makefile.global - * a readable reference manual that describes the query language. - * added host-based access control. A configuration file ($PGDATA/pg_hba) - is used to hold the configuration data. If host-based access control - is not desired, comment out HBA=1 in src/Makefile.global. - * changed regex handling to be uniform use of Henry Spencer's regex code - regardless of platform. The regex code is included in the distribution - * added functions and operators for case-insensitive regular expressions. - The operators are ~* and !~*. - * pg_dump uses COPY instead of SELECT loop for better performance - -Bug fixes: - * fixed an optimizer bug that was causing core dumps when - functions calls were used in comparisons in the WHERE clause - * changed all uses of getuid to geteuid so that effective uids are used - * psql now returns non-zero status on errors when using -c - * applied public patches 1-14 - - - - - - -Release 1.0 - - - Release date: - 1995-09-05 - - - -Changes - - - -Copyright change: - * The copyright of Postgres 1.0 has been loosened to be freely modifiable - and modifiable for any purpose. Please read the COPYRIGHT file. - Thanks to Professor Michael Stonebraker for making this possible. - -Incompatibilities: - * date formats have to be MM-DD-YYYY (or DD-MM-YYYY if you're using - EUROPEAN STYLE). This follows SQL-92 specs. - * "delimiters" is now a key word - -Enhancements: - * sql LIKE syntax has been added - * copy command now takes an optional USING DELIMITER specification. - delimiters can be any single-character string. - * IRIX 5.3 port has been added. - Thanks to Paul Walmsley and others. - * updated pg_dump to work with new libpq - * \d has been added psql - Thanks to Keith Parks - * regexp performance for architectures that use POSIX regex has been - improved due to caching of precompiled patterns. - Thanks to Alistair Crooks - * a new version of libpq++ - Thanks to William Wanders - -Bug fixes: - * arbitrary userids can be specified in the createuser script - * \c to connect to other databases in psql now works. - * bad pg_proc entry for float4inc() is fixed - * users with usecreatedb field set can now create databases without - having to be usesuper - * remove access control entries when the entry no longer has any - privileges - * fixed non-portable datetimes implementation - * added kerberos flags to the src/backend/Makefile - * libpq now works with kerberos - * typographic errors in the user manual have been corrected. - * btrees with multiple index never worked, now we tell you they don't - work when you try to use them - - - - - - -<productname>Postgres95</productname> Release 0.03 - - - Release date: - 1995-07-21 - - - -Changes - - -Incompatible changes: - * BETA-0.3 IS INCOMPATIBLE WITH DATABASES CREATED WITH PREVIOUS VERSIONS - (due to system catalog changes and indexing structure changes). - * double-quote (") is deprecated as a quoting character for string literals; - you need to convert them to single quotes ('). - * name of aggregates (eg. int4sum) are renamed in accordance with the - SQL standard (eg. sum). - * CHANGE ACL syntax is replaced by GRANT/REVOKE syntax. - * float literals (eg. 3.14) are now of type float4 (instead of float8 in - previous releases); you might have to do typecasting if you depend on it - being of type float8. If you neglect to do the typecasting and you assign - a float literal to a field of type float8, you might get incorrect values - stored! - * LIBPQ has been totally revamped so that frontend applications - can connect to multiple backends - * the usesysid field in pg_user has been changed from int2 to int4 to - allow wider range of Unix user ids. - * the netbsd/freebsd/bsd o/s ports have been consolidated into a - single BSD44_derived port. (thanks to Alistair Crooks) - -SQL standard-compliance (the following details changes that makes postgres95 -more compliant to the SQL-92 standard): - * the following SQL types are now built-in: smallint, int(eger), float, real, - char(N), varchar(N), date and time. - - The following are aliases to existing postgres types: - smallint -> int2 - integer, int -> int4 - float, real -> float4 - char(N) and varchar(N) are implemented as truncated text types. In - addition, char(N) does blank-padding. - * single-quote (') is used for quoting string literals; '' (in addition to - \') is supported as means of inserting a single quote in a string - * SQL standard aggregate names (MAX, MIN, AVG, SUM, COUNT) are used - (Also, aggregates can now be overloaded, i.e. you can define your - own MAX aggregate to take in a user-defined type.) - * CHANGE ACL removed. GRANT/REVOKE syntax added. - - Privileges can be given to a group using the "GROUP" key word. - For example: - GRANT SELECT ON foobar TO GROUP my_group; - The key word 'PUBLIC' is also supported to mean all users. - - Privileges can only be granted or revoked to one user or group - at a time. - - "WITH GRANT OPTION" is not supported. Only class owners can change - access control - - The default access control is to grant users readonly access. - You must explicitly grant insert/update access to users. To change - this, modify the line in - src/backend/utils/acl.h - that defines ACL_WORLD_DEFAULT - -Bug fixes: - * the bug where aggregates of empty tables were not run has been fixed. Now, - aggregates run on empty tables will return the initial conditions of the - aggregates. Thus, COUNT of an empty table will now properly return 0. - MAX/MIN of an empty table will return a row of value NULL. - * allow the use of \; inside the monitor - * the LISTEN/NOTIFY asynchronous notification mechanism now work - * NOTIFY in rule action bodies now work - * hash indexes work, and access methods in general should perform better. - creation of large btree indexes should be much faster. (thanks to Paul - Aoki) - -Other changes and enhancements: - * addition of an EXPLAIN statement used for explaining the query execution - plan (eg. "EXPLAIN SELECT * FROM EMP" prints out the execution plan for - the query). - * WARN and NOTICE messages no longer have timestamps on them. To turn on - timestamps of error messages, uncomment the line in - src/backend/utils/elog.h: - /* define ELOG_TIMESTAMPS */ - * On an access control violation, the message - "Either no such class or insufficient privilege" - will be given. This is the same message that is returned when - a class is not found. This dissuades non-privileged users from - guessing the existence of privileged classes. - * some additional system catalog changes have been made that are not - visible to the user. - -libpgtcl changes: - * The -oid option has been added to the "pg_result" tcl command. - pg_result -oid returns oid of the last row inserted. If the - last command was not an INSERT, then pg_result -oid returns "". - * the large object interface is available as pg_lo* tcl commands: - pg_lo_open, pg_lo_close, pg_lo_creat, etc. - -Portability enhancements and New Ports: - * flex/lex problems have been cleared up. Now, you should be able to use - flex instead of lex on any platforms. We no longer make assumptions of - what lexer you use based on the platform you use. - * The Linux-ELF port is now supported. Various configuration have been - tested: The following configuration is known to work: - kernel 1.2.10, gcc 2.6.3, libc 4.7.2, flex 2.5.2, bison 1.24 - with everything in ELF format, - -New utilities: - * ipcclean added to the distribution - ipcclean usually does not need to be run, but if your backend crashes - and leaves shared memory segments hanging around, ipcclean will - clean them up for you. - -New documentation: - * the user manual has been revised and libpq documentation added. - - - - - - -<productname>Postgres95</productname> Release 0.02 - - - Release date: - 1995-05-25 - - - -Changes - - - -Incompatible changes: - * The SQL statement for creating a database is 'CREATE DATABASE' instead - of 'CREATEDB'. Similarly, dropping a database is 'DROP DATABASE' instead - of 'DESTROYDB'. However, the names of the executables 'createdb' and - 'destroydb' remain the same. - -New tools: - * pgperl - a Perl (4.036) interface to Postgres95 - * pg_dump - a utility for dumping out a postgres database into a - script file containing query commands. The script files are in an ASCII - format and can be used to reconstruct the database, even on other - machines and other architectures. (Also good for converting - a Postgres 4.2 database to Postgres95 database.) - -The following ports have been incorporated into postgres95-beta-0.02: - * the NetBSD port by Alistair Crooks - * the AIX port by Mike Tung - * the Windows NT port by Jon Forrest (more stuff but not done yet) - * the Linux ELF port by Brian Gallew - -The following bugs have been fixed in postgres95-beta-0.02: - * new lines not escaped in COPY OUT and problem with COPY OUT when first - attribute is a '.' - * cannot type return to use the default user id in createuser - * SELECT DISTINCT on big tables crashes - * Linux installation problems - * monitor doesn't allow use of 'localhost' as PGHOST - * psql core dumps when doing \c or \l - * the "pgtclsh" target missing from src/bin/pgtclsh/Makefile - * libpgtcl has a hard-wired default port number - * SELECT DISTINCT INTO TABLE hangs - * CREATE TYPE doesn't accept 'variable' as the internallength - * wrong result using more than 1 aggregate in a SELECT - - - - - - -<productname>Postgres95</productname> Release 0.01 - - - Release date: - 1995-05-01 - - - -Initial release. - - - - - Timing Results - - - These timing results are from running the regression test with the commands - - -% cd src/test/regress -% make all -% time make runtest - - - - Timing under Linux 2.0.27 seems to have a roughly 5% variation from run - to run, presumably due to the scheduling vagaries of multitasking systems. - - - - Version 6.5 - - - As has been the case for previous releases, timing between - releases is not directly comparable since new regression tests - have been added. In general, 6.5 is faster than previous - releases. - - - - Timing with fsync() disabled: - - -Time System -02:00 Dual Pentium Pro 180, 224MB, UW-SCSI, Linux 2.0.36, gcc 2.7.2.3 -O2 -m486 -04:38 Sparc Ultra 1 143MHz, 64MB, Solaris 2.6 - - - - - Timing with fsync() enabled: - - -Time System -04:21 Dual Pentium Pro 180, 224MB, UW-SCSI, Linux 2.0.36, gcc 2.7.2.3 -O2 -m486 - - - For the Linux system above, using UW-SCSI disks rather than (older) IDE - disks leads to a 50% improvement in speed on the regression test. - - - - -Version 6.4beta - - -The times for this release are not directly comparable to those for previous releases -since some additional regression tests have been included. -In general, however, 6.4 should be slightly faster than the previous release (thanks, Bruce!). - - - -Time System -02:26 Dual Pentium Pro 180, 96MB, UW-SCSI, Linux 2.0.30, gcc 2.7.2.1 -O2 -m486 - - - - - -Version 6.3 - - -The times for this release are not directly comparable to those for previous releases -since some additional regression tests have been included and some obsolete tests involving -time travel have been removed. -In general, however, 6.3 is substantially faster than previous releases (thanks, Bruce!). - - - - Time System - 02:30 Dual Pentium Pro 180, 96MB, UW-SCSI, Linux 2.0.30, gcc 2.7.2.1 -O2 -m486 - 04:12 Dual Pentium Pro 180, 96MB, EIDE, Linux 2.0.30, gcc 2.7.2.1 -O2 -m486 - - - - - -Version 6.1 - - - - Time System - 06:12 Pentium Pro 180, 32MB, EIDE, Linux 2.0.30, gcc 2.7.2 -O2 -m486 - 12:06 P-100, 48MB, Linux 2.0.29, gcc - 39:58 Sparc IPC 32MB, Solaris 2.5, gcc 2.7.2.1 -O -g - - - - -]]> diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index 1f8cd8ef17..f25127df5c 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -68,24 +68,81 @@ For new features, add links to the documentation sections. + &release-9.6; -&release-9.5; -&release-9.4; -&release-9.3; -&release-9.2; -&release-9.1; -&release-9.0; -&release-8.4; -&release-8.3; -&release-8.2; -&release-8.1; -&release-8.0; -&release-7.4; -&release-old; + + + Prior Releases + + + Release notes for prior release branches can be found on the + PostgreSQL + web site. At the time of release of version 9.6, + these were the supported prior release branches: + + + + + PostgreSQL 9.5: + + https://www.postgresql.org/docs/9.5/release.html + + + + + + + PostgreSQL 9.4: + + https://www.postgresql.org/docs/9.4/release.html + + + + + + + PostgreSQL 9.3: + + https://www.postgresql.org/docs/9.3/release.html + + + + + + + PostgreSQL 9.2: + + https://www.postgresql.org/docs/9.2/release.html + + + + + + + PostgreSQL 9.1: + + https://www.postgresql.org/docs/9.1/release.html + + + + + + + + Release notes for older release branches can be found at + + https://www.postgresql.org/docs/manuals/archive/ + + + -- 2.40.0