From 9eadf637938798f84b7e5495fd13e74441a81bbd Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 1 Feb 2015 16:53:22 -0500 Subject: [PATCH] Release notes for 9.4.1, 9.3.6, 9.2.10, 9.1.15, 9.0.19. --- doc/src/sgml/release-9.0.sgml | 641 ++++++++++++++++++++++++++ doc/src/sgml/release-9.1.sgml | 727 ++++++++++++++++++++++++++++- doc/src/sgml/release-9.2.sgml | 832 ++++++++++++++++++++++++++++++++++ 3 files changed, 2199 insertions(+), 1 deletion(-) diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index 0c77d248d2..3efe91d2d9 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -1,6 +1,647 @@ + + Release 9.0.19 + + + Release Date + 2015-02-05 + + + + This release contains a variety of fixes from 9.0.18. + For information about new features in the 9.0 major release, see + . + + + + Migration to Version 9.0.19 + + + A dump/restore is not required for those running 9.0.X. + + + + However, if you are upgrading from a version earlier than 9.0.18, + see . + + + + + + Changes + + + + + + Fix information leak via constraint-violation error messages + (Stephen Frost) + + + + Some server error messages show the values of columns that violate + a constraint, such as a unique constraint. If the user does not have + SELECT privilege on all columns of the table, this could + mean exposing values that the user should not be able to see. Adjust + the code so that values are displayed only when they came from the SQL + command or could be selected by the user. + (CVE-2014-8161) + + + + + + Lock down regression testing's temporary installations on Windows + (Noah Misch) + + + + Use SSPI authentication to allow connections only from the OS user + who launched the test suite. This closes on Windows the same + vulnerability previously closed on other platforms, namely that other + users might be able to connect to the test postmaster. + (CVE-2014-0067) + + + + + + Avoid possible data corruption if ALTER DATABASE SET + TABLESPACE is used to move a database to a new tablespace and then + shortly later move it back to its original tablespace (Tom Lane) + + + + + + Avoid corrupting tables when ANALYZE inside a transaction + is rolled back (Andres Freund, Tom Lane, Michael Paquier) + + + + If the failing transaction had earlier removed the last index, rule, or + trigger from the table, the table would be left in a corrupted state + with the relevant pg_class flags not set though they + should be. + + + + + + Fix use-of-already-freed-memory problem in EvalPlanQual processing + (Tom Lane) + + + + In READ COMMITTED mode, queries that lock or update + recently-updated rows could crash as a result of this bug. + + + + + + Fix planning of SELECT FOR UPDATE when using a partial + index on a child table (Kyotaro Horiguchi) + + + + In READ COMMITTED mode, SELECT FOR UPDATE must + also recheck the partial index's WHERE condition when + rechecking a recently-updated row to see if it still satisfies the + query's WHERE condition. This requirement was missed if the + index belonged to an inheritance child table, so that it was possible + to incorrectly return rows that no longer satisfy the query condition. + + + + + + Fix corner case wherein SELECT FOR UPDATE could return a row + twice, and possibly miss returning other rows (Tom Lane) + + + + In READ COMMITTED mode, a SELECT FOR UPDATE + that is scanning an inheritance tree could incorrectly return a row + from a prior child table instead of the one it should return from a + later child table. + + + + + + Reject duplicate column names in the referenced-columns list of + a FOREIGN KEY declaration (David Rowley) + + + + This restriction is per SQL standard. Previously we did not reject + the case explicitly, but later on the code would fail with + bizarre-looking errors. + + + + + + Fix bugs in raising a numeric value to a large integral power + (Tom Lane) + + + + The previous code could get a wrong answer, or consume excessive + amounts of time and memory before realizing that the answer must + overflow. + + + + + + In numeric_recv(), truncate away any fractional digits + that would be hidden according to the value's dscale field + (Tom Lane) + + + + A numeric value's display scale (dscale) should + never be less than the number of nonzero fractional digits; but + apparently there's at least one broken client application that + transmits binary numeric values in which that's true. + This leads to strange behavior since the extra digits are taken into + account by arithmetic operations even though they aren't printed. + The least risky fix seems to be to truncate away such hidden + digits on receipt, so that the value is indeed what it prints as. + + + + + + Reject out-of-range numeric timezone specifications (Tom Lane) + + + + Simple numeric timezone specifications exceeding +/- 168 hours (one + week) would be accepted, but could then cause null-pointer dereference + crashes in certain operations. There's no use-case for such large UTC + offsets, so reject them. + + + + + + Fix bugs in tsquery @> tsquery + operator (Heikki Linnakangas) + + + + Two different terms would be considered to match if they had the same + CRC. Also, if the second operand had more terms than the first, it + would be assumed not to be contained in the first; which is wrong + since it might contain duplicate terms. + + + + + + Improve ispell dictionary's defenses against bad affix files (Tom Lane) + + + + + + Allow more than 64K phrases in a thesaurus dictionary (David Boutin) + + + + The previous coding could crash on an oversize dictionary, so this was + deemed a back-patchable bug fix rather than a feature addition. + + + + + + Fix namespace handling in xpath() (Ali Akbar) + + + + Previously, the xml value resulting from + an xpath() call would not have namespace declarations if + the namespace declarations were attached to an ancestor element in the + input xml value, rather than to the specific element being + returned. Propagate the ancestral declaration so that the result is + correct when considered in isolation. + + + + + + Fix planner problems with nested append relations, such as inherited + tables within UNION ALL subqueries (Tom Lane) + + + + + + Fail cleanly when a GiST index tuple doesn't fit on a page, rather + than going into infinite recursion (Andrew Gierth) + + + + + + Exempt tables that have per-table cost_limit + and/or cost_delay settings from autovacuum's global cost + balancing rules (Álvaro Herrera) + + + + The previous behavior resulted in basically ignoring these per-table + settings, which was unintended. Now, a table having such settings + will be vacuumed using those settings, independently of what is going + on in other autovacuum workers. This may result in heavier total I/O + load than before, so such settings should be re-examined for sanity. + + + + + + Avoid wholesale autovacuuming when autovacuum is nominally off + (Tom Lane) + + + + Even when autovacuum is nominally off, we will still launch autovacuum + worker processes to vacuum tables that are at risk of XID wraparound. + However, such a worker process then proceeded to vacuum all tables in + the target database, if they met the usual thresholds for + autovacuuming. This is at best pretty unexpected; at worst it delays + response to the wraparound threat. Fix it so that if autovacuum is + turned off, workers only do anti-wraparound vacuums and + not any other work. + + + + + + Fix race condition between hot standby queries and replaying a + full-page image (Heikki Linnakangas) + + + + This mistake could result in transient errors in queries being + executed in hot standby. + + + + + + Fix several cases where recovery logic improperly ignored WAL records + for COMMIT/ABORT PREPARED (Heikki Linnakangas) + + + + The most notable oversight was + that recovery_min_apply_delay failed to delay application + of a two-phase commit. + + + + + + Avoid creating unnecessary .ready marker files for + timeline history files (Fujii Masao) + + + + + + Fix possible null pointer dereference when an empty prepared statement + is used and the log_statement setting is mod + or ddl (Fujii Masao) + + + + + + Change pgstat wait timeout warning message to be LOG level, + and rephrase it to be more understandable (Tom Lane) + + + + This message was originally thought to be essentially a can't-happen + case, but it occurs often enough on our slower buildfarm members to be + a nuisance. Reduce it to LOG level, and expend a bit more effort on + the wording: it now reads using stale statistics instead of + current ones because stats collector is not responding. + + + + + + Fix SPARC spinlock implementation to ensure correctness if the CPU is + being run in a non-TSO coherency mode, as some non-Solaris kernels do + (Andres Freund) + + + + + + Warn if OS X's setlocale() starts an unwanted extra + thread inside the postmaster (Noah Misch) + + + + + + Fix processing of repeated dbname parameters + in PQconnectdbParams() (Alex Shulgin) + + + + Unexpected behavior ensued if the first occurrence + of dbname contained a connection string or URI to be + expanded. + + + + + + Ensure that libpq reports a suitable error message on + unexpected socket EOF (Marko Tiikkaja, Tom Lane) + + + + Depending on kernel behavior, libpq might return an + empty error string rather than something useful when the server + unexpectedly closed the socket. + + + + + + Clear any old error message during PQreset() + (Heikki Linnakangas) + + + + If PQreset() is called repeatedly, and the connection + cannot be re-established, error messages from the failed connection + attempts kept accumulating in the PGconn's error + string. + + + + + + Properly handle out-of-memory conditions while parsing connection + options in libpq (Alex Shulgin, Heikki Linnakangas) + + + + + + Fix array overrun in ecpg's version + of ParseDateTime() (Michael Paquier) + + + + + + In initdb, give a clearer error message if a password + file is specified but is empty (Mats Erik Andersson) + + + + + + Fix psql's \s command to work nicely with + libedit, and add pager support (Stepan Rutz, Tom Lane) + + + + When using libedit rather than readline, \s printed the + command history in a fairly unreadable encoded format, and on recent + libedit versions might fail altogether. Fix that by printing the + history ourselves rather than having the library do it. A pleasant + side-effect is that the pager is used if appropriate. + + + + This patch also fixes a bug that caused newline encoding to be applied + inconsistently when saving the command history with libedit. + Multiline history entries written by older psql + versions will be read cleanly with this patch, but perhaps not + vice versa, depending on the exact libedit versions involved. + + + + + + Improve consistency of parsing of psql's special + variables (Tom Lane) + + + + Allow variant spellings of on and off (such + as 1/0) for ECHO_HIDDEN + and ON_ERROR_ROLLBACK. Report a warning for unrecognized + values for COMP_KEYWORD_CASE, ECHO, + ECHO_HIDDEN, HISTCONTROL, + ON_ERROR_ROLLBACK, and VERBOSITY. Recognize + all values for all these variables case-insensitively; previously + there was a mishmash of case-sensitive and case-insensitive behaviors. + + + + + + Fix psql's expanded-mode display to work + consistently when using border = 3 + and linestyle = ascii or unicode + (Stephen Frost) + + + + + + Fix possible deadlock during parallel restore of a schema-only dump + (Robert Haas, Tom Lane) + + + + + + Fix core dump in pg_dump --binary-upgrade on zero-column + composite type (Rushabh Lathia) + + + + + + Fix block number checking + in contrib/pageinspect's get_raw_page() + (Tom Lane) + + + + The incorrect checking logic could prevent access to some pages in + non-main relation forks. + + + + + + Fix contrib/pgcrypto's pgp_sym_decrypt() + to not fail on messages whose length is 6 less than a power of 2 + (Marko Tiikkaja) + + + + + + Handle unexpected query results, especially NULLs, safely in + contrib/tablefunc's connectby() + (Michael Paquier) + + + + connectby() previously crashed if it encountered a NULL + key value. It now prints that row but doesn't recurse further. + + + + + + Avoid a possible crash in contrib/xml2's + xslt_process() (Mark Simonetti) + + + + libxslt seems to have an undocumented dependency on + the order in which resources are freed; reorder our calls to avoid a + crash. + + + + + + Numerous cleanups of warnings from Coverity static code analyzer + (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) + + + + These changes are mostly cosmetic but in some cases fix corner-case + bugs, for example a crash rather than a proper error report after an + out-of-memory failure. None are believed to represent security + issues. + + + + + + Detect incompatible OpenLDAP versions during build (Noah Misch) + + + + With OpenLDAP versions 2.4.24 through 2.4.31, + inclusive, PostgreSQL backends can crash at exit. + Raise a warning during configure based on the + compile-time OpenLDAP version number, and test the crashing scenario + in the contrib/dblink regression test. + + + + + + In non-MSVC Windows builds, ensure libpq.dll is installed + with execute permissions (Noah Misch) + + + + + + Make pg_regress remove any temporary installation it + created upon successful exit (Tom Lane) + + + + This results in a very substantial reduction in disk space usage + during make check-world, since that sequence involves + creation of numerous temporary installations. + + + + + + Support time zone abbreviations that change UTC offset from time to + time (Tom Lane) + + + + Previously, PostgreSQL assumed that the UTC offset + associated with a time zone abbreviation (such as EST) + never changes in the usage of any particular locale. However this + assumption fails in the real world, so introduce the ability for a + zone abbreviation to represent a UTC offset that sometimes changes. + Update the zone abbreviation definition files to make use of this + feature in timezone locales that have changed the UTC offset of their + abbreviations since 1970 (according to the IANA timezone database). + In such timezones, PostgreSQL will now associate the + correct UTC offset with the abbreviation depending on the given date. + + + + + + Update time zone abbreviations lists (Tom Lane) + + + + Add CST (China Standard Time) to our lists. + Remove references to ADT as Arabia Daylight Time, an + abbreviation that's been out of use since 2007; therefore, claiming + there is a conflict with Atlantic Daylight Time doesn't seem + especially helpful. + Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST + (Fiji); we didn't even have them on the proper side of the date line. + + + + + + Update time zone data files to tzdata release 2015a. + + + + The IANA timezone database has adopted abbreviations of the form + AxST/AxDT + for all Australian time zones, reflecting what they believe to be + current majority practice Down Under. These names do not conflict + with usage elsewhere (other than ACST for Acre Summer Time, which has + been in disuse since 1994). Accordingly, adopt these names into + our Default timezone abbreviation set. + The Australia abbreviation set now contains only CST, EAST, + EST, SAST, SAT, and WST, all of which are thought to be mostly + historical usage. Note that SAST has also been changed to be South + Africa Standard Time in the Default abbreviation set. + + + + Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT + (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were + DST law changes in Chile, Mexico, the Turks & Caicos Islands + (America/Grand_Turk), and Fiji. There is a new zone + Pacific/Bougainville for portions of Papua New Guinea. Also, numerous + corrections for historical (pre-1970) time zone data. + + + + + + + + Release 9.0.18 diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index 4f86b64e84..6a0230b885 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -1,6 +1,731 @@ + + Release 9.1.15 + + + Release Date + 2015-02-05 + + + + This release contains a variety of fixes from 9.1.14. + For information about new features in the 9.1 major release, see + . + + + + Migration to Version 9.1.15 + + + A dump/restore is not required for those running 9.1.X. + + + + However, if you are upgrading from a version earlier than 9.1.14, + see . + + + + + + Changes + + + + + + Fix information leak via constraint-violation error messages + (Stephen Frost) + + + + Some server error messages show the values of columns that violate + a constraint, such as a unique constraint. If the user does not have + SELECT privilege on all columns of the table, this could + mean exposing values that the user should not be able to see. Adjust + the code so that values are displayed only when they came from the SQL + command or could be selected by the user. + (CVE-2014-8161) + + + + + + Lock down regression testing's temporary installations on Windows + (Noah Misch) + + + + Use SSPI authentication to allow connections only from the OS user + who launched the test suite. This closes on Windows the same + vulnerability previously closed on other platforms, namely that other + users might be able to connect to the test postmaster. + (CVE-2014-0067) + + + + + + Avoid possible data corruption if ALTER DATABASE SET + TABLESPACE is used to move a database to a new tablespace and then + shortly later move it back to its original tablespace (Tom Lane) + + + + + + Avoid corrupting tables when ANALYZE inside a transaction + is rolled back (Andres Freund, Tom Lane, Michael Paquier) + + + + If the failing transaction had earlier removed the last index, rule, or + trigger from the table, the table would be left in a corrupted state + with the relevant pg_class flags not set though they + should be. + + + + + + Ensure that unlogged tables are copied correctly + during CREATE DATABASE or ALTER DATABASE SET + TABLESPACE (Pavan Deolasee, Andres Freund) + + + + + + Fix DROP's dependency searching to correctly handle the + case where a table column is recursively visited before its table + (Petr Jelinek, Tom Lane) + + + + This case is only known to arise when an extension creates both a + datatype and a table using that datatype. The faulty code might + refuse a DROP EXTENSION unless CASCADE is + specified, which should not be required. + + + + + + Fix use-of-already-freed-memory problem in EvalPlanQual processing + (Tom Lane) + + + + In READ COMMITTED mode, queries that lock or update + recently-updated rows could crash as a result of this bug. + + + + + + Fix planning of SELECT FOR UPDATE when using a partial + index on a child table (Kyotaro Horiguchi) + + + + In READ COMMITTED mode, SELECT FOR UPDATE must + also recheck the partial index's WHERE condition when + rechecking a recently-updated row to see if it still satisfies the + query's WHERE condition. This requirement was missed if the + index belonged to an inheritance child table, so that it was possible + to incorrectly return rows that no longer satisfy the query condition. + + + + + + Fix corner case wherein SELECT FOR UPDATE could return a row + twice, and possibly miss returning other rows (Tom Lane) + + + + In READ COMMITTED mode, a SELECT FOR UPDATE + that is scanning an inheritance tree could incorrectly return a row + from a prior child table instead of the one it should return from a + later child table. + + + + + + Reject duplicate column names in the referenced-columns list of + a FOREIGN KEY declaration (David Rowley) + + + + This restriction is per SQL standard. Previously we did not reject + the case explicitly, but later on the code would fail with + bizarre-looking errors. + + + + + + Fix bugs in raising a numeric value to a large integral power + (Tom Lane) + + + + The previous code could get a wrong answer, or consume excessive + amounts of time and memory before realizing that the answer must + overflow. + + + + + + In numeric_recv(), truncate away any fractional digits + that would be hidden according to the value's dscale field + (Tom Lane) + + + + A numeric value's display scale (dscale) should + never be less than the number of nonzero fractional digits; but + apparently there's at least one broken client application that + transmits binary numeric values in which that's true. + This leads to strange behavior since the extra digits are taken into + account by arithmetic operations even though they aren't printed. + The least risky fix seems to be to truncate away such hidden + digits on receipt, so that the value is indeed what it prints as. + + + + + + Reject out-of-range numeric timezone specifications (Tom Lane) + + + + Simple numeric timezone specifications exceeding +/- 168 hours (one + week) would be accepted, but could then cause null-pointer dereference + crashes in certain operations. There's no use-case for such large UTC + offsets, so reject them. + + + + + + Fix bugs in tsquery @> tsquery + operator (Heikki Linnakangas) + + + + Two different terms would be considered to match if they had the same + CRC. Also, if the second operand had more terms than the first, it + would be assumed not to be contained in the first; which is wrong + since it might contain duplicate terms. + + + + + + Improve ispell dictionary's defenses against bad affix files (Tom Lane) + + + + + + Allow more than 64K phrases in a thesaurus dictionary (David Boutin) + + + + The previous coding could crash on an oversize dictionary, so this was + deemed a back-patchable bug fix rather than a feature addition. + + + + + + Fix namespace handling in xpath() (Ali Akbar) + + + + Previously, the xml value resulting from + an xpath() call would not have namespace declarations if + the namespace declarations were attached to an ancestor element in the + input xml value, rather than to the specific element being + returned. Propagate the ancestral declaration so that the result is + correct when considered in isolation. + + + + + + Fix planner problems with nested append relations, such as inherited + tables within UNION ALL subqueries (Tom Lane) + + + + + + Fail cleanly when a GiST index tuple doesn't fit on a page, rather + than going into infinite recursion (Andrew Gierth) + + + + + + Exempt tables that have per-table cost_limit + and/or cost_delay settings from autovacuum's global cost + balancing rules (Álvaro Herrera) + + + + The previous behavior resulted in basically ignoring these per-table + settings, which was unintended. Now, a table having such settings + will be vacuumed using those settings, independently of what is going + on in other autovacuum workers. This may result in heavier total I/O + load than before, so such settings should be re-examined for sanity. + + + + + + Avoid wholesale autovacuuming when autovacuum is nominally off + (Tom Lane) + + + + Even when autovacuum is nominally off, we will still launch autovacuum + worker processes to vacuum tables that are at risk of XID wraparound. + However, such a worker process then proceeded to vacuum all tables in + the target database, if they met the usual thresholds for + autovacuuming. This is at best pretty unexpected; at worst it delays + response to the wraparound threat. Fix it so that if autovacuum is + turned off, workers only do anti-wraparound vacuums and + not any other work. + + + + + + During crash recovery, ensure that unlogged relations are rewritten as + empty and are synced to disk before recovery is considered complete + (Abhijit Menon-Sen, Andres Freund) + + + + This prevents scenarios in which unlogged relations might contain + garbage data following database crash recovery. + + + + + + Fix race condition between hot standby queries and replaying a + full-page image (Heikki Linnakangas) + + + + This mistake could result in transient errors in queries being + executed in hot standby. + + + + + + Fix several cases where recovery logic improperly ignored WAL records + for COMMIT/ABORT PREPARED (Heikki Linnakangas) + + + + The most notable oversight was + that recovery_min_apply_delay failed to delay application + of a two-phase commit. + + + + + + Avoid creating unnecessary .ready marker files for + timeline history files (Fujii Masao) + + + + + + Fix possible null pointer dereference when an empty prepared statement + is used and the log_statement setting is mod + or ddl (Fujii Masao) + + + + + + Change pgstat wait timeout warning message to be LOG level, + and rephrase it to be more understandable (Tom Lane) + + + + This message was originally thought to be essentially a can't-happen + case, but it occurs often enough on our slower buildfarm members to be + a nuisance. Reduce it to LOG level, and expend a bit more effort on + the wording: it now reads using stale statistics instead of + current ones because stats collector is not responding. + + + + + + Fix SPARC spinlock implementation to ensure correctness if the CPU is + being run in a non-TSO coherency mode, as some non-Solaris kernels do + (Andres Freund) + + + + + + Warn if OS X's setlocale() starts an unwanted extra + thread inside the postmaster (Noah Misch) + + + + + + Fix processing of repeated dbname parameters + in PQconnectdbParams() (Alex Shulgin) + + + + Unexpected behavior ensued if the first occurrence + of dbname contained a connection string or URI to be + expanded. + + + + + + Ensure that libpq reports a suitable error message on + unexpected socket EOF (Marko Tiikkaja, Tom Lane) + + + + Depending on kernel behavior, libpq might return an + empty error string rather than something useful when the server + unexpectedly closed the socket. + + + + + + Clear any old error message during PQreset() + (Heikki Linnakangas) + + + + If PQreset() is called repeatedly, and the connection + cannot be re-established, error messages from the failed connection + attempts kept accumulating in the PGconn's error + string. + + + + + + Properly handle out-of-memory conditions while parsing connection + options in libpq (Alex Shulgin, Heikki Linnakangas) + + + + + + Fix array overrun in ecpg's version + of ParseDateTime() (Michael Paquier) + + + + + + In initdb, give a clearer error message if a password + file is specified but is empty (Mats Erik Andersson) + + + + + + Fix psql's \s command to work nicely with + libedit, and add pager support (Stepan Rutz, Tom Lane) + + + + When using libedit rather than readline, \s printed the + command history in a fairly unreadable encoded format, and on recent + libedit versions might fail altogether. Fix that by printing the + history ourselves rather than having the library do it. A pleasant + side-effect is that the pager is used if appropriate. + + + + This patch also fixes a bug that caused newline encoding to be applied + inconsistently when saving the command history with libedit. + Multiline history entries written by older psql + versions will be read cleanly with this patch, but perhaps not + vice versa, depending on the exact libedit versions involved. + + + + + + Improve consistency of parsing of psql's special + variables (Tom Lane) + + + + Allow variant spellings of on and off (such + as 1/0) for ECHO_HIDDEN + and ON_ERROR_ROLLBACK. Report a warning for unrecognized + values for COMP_KEYWORD_CASE, ECHO, + ECHO_HIDDEN, HISTCONTROL, + ON_ERROR_ROLLBACK, and VERBOSITY. Recognize + all values for all these variables case-insensitively; previously + there was a mishmash of case-sensitive and case-insensitive behaviors. + + + + + + Fix psql's expanded-mode display to work + consistently when using border = 3 + and linestyle = ascii or unicode + (Stephen Frost) + + + + + + Improve performance of pg_dump when the database + contains many instances of multiple dependency paths between the same + two objects (Tom Lane) + + + + + + Fix possible deadlock during parallel restore of a schema-only dump + (Robert Haas, Tom Lane) + + + + + + Fix core dump in pg_dump --binary-upgrade on zero-column + composite type (Rushabh Lathia) + + + + + + Prevent WAL files created by pg_basebackup -x/-X from + being archived again when the standby is promoted (Andres Freund) + + + + + + Fix upgrade-from-unpackaged script for contrib/citext + (Tom Lane) + + + + + + Fix block number checking + in contrib/pageinspect's get_raw_page() + (Tom Lane) + + + + The incorrect checking logic could prevent access to some pages in + non-main relation forks. + + + + + + Fix contrib/pgcrypto's pgp_sym_decrypt() + to not fail on messages whose length is 6 less than a power of 2 + (Marko Tiikkaja) + + + + + + Fix file descriptor leak in contrib/pg_test_fsync + (Jeff Janes) + + + + This could cause failure to remove temporary files on Windows. + + + + + + Handle unexpected query results, especially NULLs, safely in + contrib/tablefunc's connectby() + (Michael Paquier) + + + + connectby() previously crashed if it encountered a NULL + key value. It now prints that row but doesn't recurse further. + + + + + + Avoid a possible crash in contrib/xml2's + xslt_process() (Mark Simonetti) + + + + libxslt seems to have an undocumented dependency on + the order in which resources are freed; reorder our calls to avoid a + crash. + + + + + + Mark some contrib I/O functions with correct volatility + properties (Tom Lane) + + + + The previous over-conservative marking was immaterial in normal use, + but could cause optimization problems or rejection of valid index + expression definitions. Since the consequences are not large, we've + just adjusted the function definitions in the extension modules' + scripts, without changing version numbers. + + + + + + Numerous cleanups of warnings from Coverity static code analyzer + (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) + + + + These changes are mostly cosmetic but in some cases fix corner-case + bugs, for example a crash rather than a proper error report after an + out-of-memory failure. None are believed to represent security + issues. + + + + + + Detect incompatible OpenLDAP versions during build (Noah Misch) + + + + With OpenLDAP versions 2.4.24 through 2.4.31, + inclusive, PostgreSQL backends can crash at exit. + Raise a warning during configure based on the + compile-time OpenLDAP version number, and test the crashing scenario + in the contrib/dblink regression test. + + + + + + In non-MSVC Windows builds, ensure libpq.dll is installed + with execute permissions (Noah Misch) + + + + + + Make pg_regress remove any temporary installation it + created upon successful exit (Tom Lane) + + + + This results in a very substantial reduction in disk space usage + during make check-world, since that sequence involves + creation of numerous temporary installations. + + + + + + Support time zone abbreviations that change UTC offset from time to + time (Tom Lane) + + + + Previously, PostgreSQL assumed that the UTC offset + associated with a time zone abbreviation (such as EST) + never changes in the usage of any particular locale. However this + assumption fails in the real world, so introduce the ability for a + zone abbreviation to represent a UTC offset that sometimes changes. + Update the zone abbreviation definition files to make use of this + feature in timezone locales that have changed the UTC offset of their + abbreviations since 1970 (according to the IANA timezone database). + In such timezones, PostgreSQL will now associate the + correct UTC offset with the abbreviation depending on the given date. + + + + + + Update time zone abbreviations lists (Tom Lane) + + + + Add CST (China Standard Time) to our lists. + Remove references to ADT as Arabia Daylight Time, an + abbreviation that's been out of use since 2007; therefore, claiming + there is a conflict with Atlantic Daylight Time doesn't seem + especially helpful. + Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST + (Fiji); we didn't even have them on the proper side of the date line. + + + + + + Update time zone data files to tzdata release 2015a. + + + + The IANA timezone database has adopted abbreviations of the form + AxST/AxDT + for all Australian time zones, reflecting what they believe to be + current majority practice Down Under. These names do not conflict + with usage elsewhere (other than ACST for Acre Summer Time, which has + been in disuse since 1994). Accordingly, adopt these names into + our Default timezone abbreviation set. + The Australia abbreviation set now contains only CST, EAST, + EST, SAST, SAT, and WST, all of which are thought to be mostly + historical usage. Note that SAST has also been changed to be South + Africa Standard Time in the Default abbreviation set. + + + + Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT + (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were + DST law changes in Chile, Mexico, the Turks & Caicos Islands + (America/Grand_Turk), and Fiji. There is a new zone + Pacific/Bougainville for portions of Papua New Guinea. Also, numerous + corrections for historical (pre-1970) time zone data. + + + + + + + + Release 9.1.14 @@ -8062,7 +8787,7 @@ SELECT * FROM places ORDER BY location <-> point '(101,456)' LIMIT 10; - Add dummy_seclabel + Add dummy_seclabel contrib module (KaiGai Kohei) diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml index 911f52aa3e..132f68712e 100644 --- a/doc/src/sgml/release-9.2.sgml +++ b/doc/src/sgml/release-9.2.sgml @@ -1,6 +1,838 @@ + + Release 9.2.10 + + + Release Date + 2015-02-05 + + + + This release contains a variety of fixes from 9.2.9. + For information about new features in the 9.2 major release, see + . + + + + Migration to Version 9.2.10 + + + A dump/restore is not required for those running 9.2.X. + + + + However, if you are a Windows user and are using the Norwegian + (Bokmål) locale, manual action is needed after the upgrade to + replace any Norwegian (Bokmål)_Norway locale names stored + in PostgreSQL system catalogs with the plain-ASCII + alias Norwegian_Norway. For details see + + + + + Also, if you are upgrading from a version earlier than 9.2.9, + see . + + + + + + Changes + + + + + + Fix information leak via constraint-violation error messages + (Stephen Frost) + + + + Some server error messages show the values of columns that violate + a constraint, such as a unique constraint. If the user does not have + SELECT privilege on all columns of the table, this could + mean exposing values that the user should not be able to see. Adjust + the code so that values are displayed only when they came from the SQL + command or could be selected by the user. + (CVE-2014-8161) + + + + + + Lock down regression testing's temporary installations on Windows + (Noah Misch) + + + + Use SSPI authentication to allow connections only from the OS user + who launched the test suite. This closes on Windows the same + vulnerability previously closed on other platforms, namely that other + users might be able to connect to the test postmaster. + (CVE-2014-0067) + + + + + + Cope with the Windows locale named Norwegian (Bokmål) + (Heikki Linnakangas) + + + + Non-ASCII locale names are problematic since it's not clear what + encoding they should be represented in. Map the troublesome locale + name to a plain-ASCII alias, Norwegian_Norway. + + + + + + Avoid possible data corruption if ALTER DATABASE SET + TABLESPACE is used to move a database to a new tablespace and then + shortly later move it back to its original tablespace (Tom Lane) + + + + + + Avoid corrupting tables when ANALYZE inside a transaction + is rolled back (Andres Freund, Tom Lane, Michael Paquier) + + + + If the failing transaction had earlier removed the last index, rule, or + trigger from the table, the table would be left in a corrupted state + with the relevant pg_class flags not set though they + should be. + + + + + + Ensure that unlogged tables are copied correctly + during CREATE DATABASE or ALTER DATABASE SET + TABLESPACE (Pavan Deolasee, Andres Freund) + + + + + + Fix DROP's dependency searching to correctly handle the + case where a table column is recursively visited before its table + (Petr Jelinek, Tom Lane) + + + + This case is only known to arise when an extension creates both a + datatype and a table using that datatype. The faulty code might + refuse a DROP EXTENSION unless CASCADE is + specified, which should not be required. + + + + + + Fix use-of-already-freed-memory problem in EvalPlanQual processing + (Tom Lane) + + + + In READ COMMITTED mode, queries that lock or update + recently-updated rows could crash as a result of this bug. + + + + + + Fix planning of SELECT FOR UPDATE when using a partial + index on a child table (Kyotaro Horiguchi) + + + + In READ COMMITTED mode, SELECT FOR UPDATE must + also recheck the partial index's WHERE condition when + rechecking a recently-updated row to see if it still satisfies the + query's WHERE condition. This requirement was missed if the + index belonged to an inheritance child table, so that it was possible + to incorrectly return rows that no longer satisfy the query condition. + + + + + + Fix corner case wherein SELECT FOR UPDATE could return a row + twice, and possibly miss returning other rows (Tom Lane) + + + + In READ COMMITTED mode, a SELECT FOR UPDATE + that is scanning an inheritance tree could incorrectly return a row + from a prior child table instead of the one it should return from a + later child table. + + + + + + Reject duplicate column names in the referenced-columns list of + a FOREIGN KEY declaration (David Rowley) + + + + This restriction is per SQL standard. Previously we did not reject + the case explicitly, but later on the code would fail with + bizarre-looking errors. + + + + + + Restore previous behavior of conversion of domains to JSON + (Tom Lane) + + + + This change causes domains over numeric and boolean to be treated + like their base types for purposes of conversion to JSON. It worked + like that before 9.3.5 and 9.2.9, but was unintentionally changed + while fixing a related problem. + + + + + + Fix bugs in raising a numeric value to a large integral power + (Tom Lane) + + + + The previous code could get a wrong answer, or consume excessive + amounts of time and memory before realizing that the answer must + overflow. + + + + + + In numeric_recv(), truncate away any fractional digits + that would be hidden according to the value's dscale field + (Tom Lane) + + + + A numeric value's display scale (dscale) should + never be less than the number of nonzero fractional digits; but + apparently there's at least one broken client application that + transmits binary numeric values in which that's true. + This leads to strange behavior since the extra digits are taken into + account by arithmetic operations even though they aren't printed. + The least risky fix seems to be to truncate away such hidden + digits on receipt, so that the value is indeed what it prints as. + + + + + + Fix incorrect search for shortest-first regular expression matches + (Tom Lane) + + + + Matching would often fail when the number of allowed iterations is + limited by a ? quantifier or a bound expression. + + + + + + Reject out-of-range numeric timezone specifications (Tom Lane) + + + + Simple numeric timezone specifications exceeding +/- 168 hours (one + week) would be accepted, but could then cause null-pointer dereference + crashes in certain operations. There's no use-case for such large UTC + offsets, so reject them. + + + + + + Fix bugs in tsquery @> tsquery + operator (Heikki Linnakangas) + + + + Two different terms would be considered to match if they had the same + CRC. Also, if the second operand had more terms than the first, it + would be assumed not to be contained in the first; which is wrong + since it might contain duplicate terms. + + + + + + Improve ispell dictionary's defenses against bad affix files (Tom Lane) + + + + + + Allow more than 64K phrases in a thesaurus dictionary (David Boutin) + + + + The previous coding could crash on an oversize dictionary, so this was + deemed a back-patchable bug fix rather than a feature addition. + + + + + + Fix namespace handling in xpath() (Ali Akbar) + + + + Previously, the xml value resulting from + an xpath() call would not have namespace declarations if + the namespace declarations were attached to an ancestor element in the + input xml value, rather than to the specific element being + returned. Propagate the ancestral declaration so that the result is + correct when considered in isolation. + + + + + + Ensure that whole-row variables expose nonempty column names + to functions that pay attention to column names within composite + arguments (Tom Lane) + + + + In some contexts, constructs like row_to_json(tab.*) may + not produce the expected column names. This is fixed properly as of + 9.4; in older branches, just ensure that we produce some nonempty + name. (In some cases this will be the underlying table's column name + rather than the query-assigned alias that should theoretically be + visible.) + + + + + + Fix mishandling of system columns, + particularly tableoid, in FDW queries (Etsuro Fujita) + + + + + + Avoid doing indexed_column = ANY + (array) as an index qualifier if that leads + to an inferior plan (Andrew Gierth) + + + + In some cases, = ANY conditions applied to non-first index + columns would be done as index conditions even though it would be + better to use them as simple filter conditions. + + + + + + Fix planner problems with nested append relations, such as inherited + tables within UNION ALL subqueries (Tom Lane) + + + + + + Fail cleanly when a GiST index tuple doesn't fit on a page, rather + than going into infinite recursion (Andrew Gierth) + + + + + + Exempt tables that have per-table cost_limit + and/or cost_delay settings from autovacuum's global cost + balancing rules (Álvaro Herrera) + + + + The previous behavior resulted in basically ignoring these per-table + settings, which was unintended. Now, a table having such settings + will be vacuumed using those settings, independently of what is going + on in other autovacuum workers. This may result in heavier total I/O + load than before, so such settings should be re-examined for sanity. + + + + + + Avoid wholesale autovacuuming when autovacuum is nominally off + (Tom Lane) + + + + Even when autovacuum is nominally off, we will still launch autovacuum + worker processes to vacuum tables that are at risk of XID wraparound. + However, such a worker process then proceeded to vacuum all tables in + the target database, if they met the usual thresholds for + autovacuuming. This is at best pretty unexpected; at worst it delays + response to the wraparound threat. Fix it so that if autovacuum is + turned off, workers only do anti-wraparound vacuums and + not any other work. + + + + + + During crash recovery, ensure that unlogged relations are rewritten as + empty and are synced to disk before recovery is considered complete + (Abhijit Menon-Sen, Andres Freund) + + + + This prevents scenarios in which unlogged relations might contain + garbage data following database crash recovery. + + + + + + Fix race condition between hot standby queries and replaying a + full-page image (Heikki Linnakangas) + + + + This mistake could result in transient errors in queries being + executed in hot standby. + + + + + + Fix several cases where recovery logic improperly ignored WAL records + for COMMIT/ABORT PREPARED (Heikki Linnakangas) + + + + The most notable oversight was + that recovery_min_apply_delay failed to delay application + of a two-phase commit. + + + + + + Prevent latest WAL file from being archived a second time at completion + of crash recovery (Fujii Masao) + + + + + + Avoid creating unnecessary .ready marker files for + timeline history files (Fujii Masao) + + + + + + Fix possible null pointer dereference when an empty prepared statement + is used and the log_statement setting is mod + or ddl (Fujii Masao) + + + + + + Change pgstat wait timeout warning message to be LOG level, + and rephrase it to be more understandable (Tom Lane) + + + + This message was originally thought to be essentially a can't-happen + case, but it occurs often enough on our slower buildfarm members to be + a nuisance. Reduce it to LOG level, and expend a bit more effort on + the wording: it now reads using stale statistics instead of + current ones because stats collector is not responding. + + + + + + Fix SPARC spinlock implementation to ensure correctness if the CPU is + being run in a non-TSO coherency mode, as some non-Solaris kernels do + (Andres Freund) + + + + + + Warn if OS X's setlocale() starts an unwanted extra + thread inside the postmaster (Noah Misch) + + + + + + Fix processing of repeated dbname parameters + in PQconnectdbParams() (Alex Shulgin) + + + + Unexpected behavior ensued if the first occurrence + of dbname contained a connection string or URI to be + expanded. + + + + + + Ensure that libpq reports a suitable error message on + unexpected socket EOF (Marko Tiikkaja, Tom Lane) + + + + Depending on kernel behavior, libpq might return an + empty error string rather than something useful when the server + unexpectedly closed the socket. + + + + + + Clear any old error message during PQreset() + (Heikki Linnakangas) + + + + If PQreset() is called repeatedly, and the connection + cannot be re-established, error messages from the failed connection + attempts kept accumulating in the PGconn's error + string. + + + + + + Properly handle out-of-memory conditions while parsing connection + options in libpq (Alex Shulgin, Heikki Linnakangas) + + + + + + Fix array overrun in ecpg's version + of ParseDateTime() (Michael Paquier) + + + + + + In initdb, give a clearer error message if a password + file is specified but is empty (Mats Erik Andersson) + + + + + + Fix psql's \s command to work nicely with + libedit, and add pager support (Stepan Rutz, Tom Lane) + + + + When using libedit rather than readline, \s printed the + command history in a fairly unreadable encoded format, and on recent + libedit versions might fail altogether. Fix that by printing the + history ourselves rather than having the library do it. A pleasant + side-effect is that the pager is used if appropriate. + + + + This patch also fixes a bug that caused newline encoding to be applied + inconsistently when saving the command history with libedit. + Multiline history entries written by older psql + versions will be read cleanly with this patch, but perhaps not + vice versa, depending on the exact libedit versions involved. + + + + + + Improve consistency of parsing of psql's special + variables (Tom Lane) + + + + Allow variant spellings of on and off (such + as 1/0) for ECHO_HIDDEN + and ON_ERROR_ROLLBACK. Report a warning for unrecognized + values for COMP_KEYWORD_CASE, ECHO, + ECHO_HIDDEN, HISTCONTROL, + ON_ERROR_ROLLBACK, and VERBOSITY. Recognize + all values for all these variables case-insensitively; previously + there was a mishmash of case-sensitive and case-insensitive behaviors. + + + + + + Fix psql's expanded-mode display to work + consistently when using border = 3 + and linestyle = ascii or unicode + (Stephen Frost) + + + + + + Improve performance of pg_dump when the database + contains many instances of multiple dependency paths between the same + two objects (Tom Lane) + + + + + + Fix pg_dumpall to restore its ability to dump from + pre-8.1 servers (Gilles Darold) + + + + + + Fix possible deadlock during parallel restore of a schema-only dump + (Robert Haas, Tom Lane) + + + + + + Fix core dump in pg_dump --binary-upgrade on zero-column + composite type (Rushabh Lathia) + + + + + + Prevent WAL files created by pg_basebackup -x/-X from + being archived again when the standby is promoted (Andres Freund) + + + + + + Fix failure of contrib/auto_explain to print per-node + timing information when doing EXPLAIN ANALYZE (Tom Lane) + + + + + + Fix upgrade-from-unpackaged script for contrib/citext + (Tom Lane) + + + + + + Fix block number checking + in contrib/pageinspect's get_raw_page() + (Tom Lane) + + + + The incorrect checking logic could prevent access to some pages in + non-main relation forks. + + + + + + Fix contrib/pgcrypto's pgp_sym_decrypt() + to not fail on messages whose length is 6 less than a power of 2 + (Marko Tiikkaja) + + + + + + Fix file descriptor leak in contrib/pg_test_fsync + (Jeff Janes) + + + + This could cause failure to remove temporary files on Windows. + + + + + + Handle unexpected query results, especially NULLs, safely in + contrib/tablefunc's connectby() + (Michael Paquier) + + + + connectby() previously crashed if it encountered a NULL + key value. It now prints that row but doesn't recurse further. + + + + + + Avoid a possible crash in contrib/xml2's + xslt_process() (Mark Simonetti) + + + + libxslt seems to have an undocumented dependency on + the order in which resources are freed; reorder our calls to avoid a + crash. + + + + + + Mark some contrib I/O functions with correct volatility + properties (Tom Lane) + + + + The previous over-conservative marking was immaterial in normal use, + but could cause optimization problems or rejection of valid index + expression definitions. Since the consequences are not large, we've + just adjusted the function definitions in the extension modules' + scripts, without changing version numbers. + + + + + + Numerous cleanups of warnings from Coverity static code analyzer + (Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier) + + + + These changes are mostly cosmetic but in some cases fix corner-case + bugs, for example a crash rather than a proper error report after an + out-of-memory failure. None are believed to represent security + issues. + + + + + + Detect incompatible OpenLDAP versions during build (Noah Misch) + + + + With OpenLDAP versions 2.4.24 through 2.4.31, + inclusive, PostgreSQL backends can crash at exit. + Raise a warning during configure based on the + compile-time OpenLDAP version number, and test the crashing scenario + in the contrib/dblink regression test. + + + + + + In non-MSVC Windows builds, ensure libpq.dll is installed + with execute permissions (Noah Misch) + + + + + + Make pg_regress remove any temporary installation it + created upon successful exit (Tom Lane) + + + + This results in a very substantial reduction in disk space usage + during make check-world, since that sequence involves + creation of numerous temporary installations. + + + + + + Support time zone abbreviations that change UTC offset from time to + time (Tom Lane) + + + + Previously, PostgreSQL assumed that the UTC offset + associated with a time zone abbreviation (such as EST) + never changes in the usage of any particular locale. However this + assumption fails in the real world, so introduce the ability for a + zone abbreviation to represent a UTC offset that sometimes changes. + Update the zone abbreviation definition files to make use of this + feature in timezone locales that have changed the UTC offset of their + abbreviations since 1970 (according to the IANA timezone database). + In such timezones, PostgreSQL will now associate the + correct UTC offset with the abbreviation depending on the given date. + + + + + + Update time zone abbreviations lists (Tom Lane) + + + + Add CST (China Standard Time) to our lists. + Remove references to ADT as Arabia Daylight Time, an + abbreviation that's been out of use since 2007; therefore, claiming + there is a conflict with Atlantic Daylight Time doesn't seem + especially helpful. + Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST + (Fiji); we didn't even have them on the proper side of the date line. + + + + + + Update time zone data files to tzdata release 2015a. + + + + The IANA timezone database has adopted abbreviations of the form + AxST/AxDT + for all Australian time zones, reflecting what they believe to be + current majority practice Down Under. These names do not conflict + with usage elsewhere (other than ACST for Acre Summer Time, which has + been in disuse since 1994). Accordingly, adopt these names into + our Default timezone abbreviation set. + The Australia abbreviation set now contains only CST, EAST, + EST, SAST, SAT, and WST, all of which are thought to be mostly + historical usage. Note that SAST has also been changed to be South + Africa Standard Time in the Default abbreviation set. + + + + Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT + (Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were + DST law changes in Chile, Mexico, the Turks & Caicos Islands + (America/Grand_Turk), and Fiji. There is a new zone + Pacific/Bougainville for portions of Papua New Guinea. Also, numerous + corrections for historical (pre-1970) time zone data. + + + + + + + + Release 9.2.9 -- 2.40.0